Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146622.roa
File:                     AS146622.roa (raw, json)
Hash identifier:          jgvflK3clZ3/299rEVwlTMchMTVOeM8MYkgkcmPiK+k=
Subject key identifier:   FC:B3:DF:08:D5:CD:62:3F:CD:B8:B4:31:E8:81:7C:76:1E:6C:D4:63
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7FF1E5230D736712E47F15D54FABAE389F8E5FEF
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146622.roa
Signing time:             Wed 04 Mar 2026 06:39:56 +0000
ROA not before:           Wed 04 Mar 2026 06:34:56 +0000
ROA not after:            Wed 03 Mar 2027 06:39:56 +0000
asID:                     146622
IP address blocks:        240a:af84::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:f1:e5:23:0d:73:67:12:e4:7f:15:d5:4f:ab:ae:38:9f:8e:5f:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:56 2026 GMT
            Not After : Mar  3 06:39:56 2027 GMT
        Subject: CN=FCB3DF08D5CD623FCDB8B431E8817C761E6CD463
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2f:b0:a4:5f:dc:98:37:35:de:fa:49:6e:df:
                    e1:dc:00:98:0b:bb:50:87:a6:1a:48:51:ac:54:91:
                    20:93:10:7c:15:a5:04:b4:93:8c:50:75:2c:54:56:
                    19:9d:3f:fa:a1:a3:4a:c8:2a:f2:12:9c:42:dd:32:
                    c6:19:f2:87:9a:bf:92:24:41:a4:d3:be:11:b9:d9:
                    27:bc:50:9c:a9:06:2a:1f:31:7c:d4:23:a2:fe:67:
                    63:68:b6:61:56:2f:32:6e:70:f2:c6:9a:e2:44:4e:
                    fa:9f:02:b7:c4:1e:69:1f:15:95:c1:d7:a2:4b:31:
                    c1:51:2c:c4:2b:29:2d:6b:bc:30:63:bc:2a:2c:b8:
                    08:57:34:2e:33:aa:80:e6:60:5c:d1:12:15:bc:8f:
                    74:e1:86:27:8e:9e:78:73:b4:d4:c2:35:17:cc:81:
                    39:24:78:c8:12:d6:5c:c1:52:cb:72:cc:57:61:95:
                    ac:15:01:86:0a:73:29:b1:74:f6:5c:4c:d9:2e:87:
                    7d:ce:44:64:21:40:20:76:cf:23:f3:77:bb:16:69:
                    59:a6:49:dc:de:fa:c4:94:79:f5:e7:f8:63:27:31:
                    da:fb:d8:e1:52:6d:c3:3e:25:63:f9:22:88:8c:df:
                    c2:82:e6:79:e1:41:be:8a:c0:ae:ea:92:f5:87:be:
                    b8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:B3:DF:08:D5:CD:62:3F:CD:B8:B4:31:E8:81:7C:76:1E:6C:D4:63
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146622.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af84::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:a6:4f:bf:22:5f:e1:00:69:2e:f5:43:f1:4c:2a:c7:d6:a6:
         74:18:bc:f3:33:01:92:0c:3e:67:ad:2f:38:f7:85:67:6a:32:
         bc:e0:4b:8e:b0:88:52:64:3c:7b:2f:02:60:b8:d6:6e:23:96:
         70:7d:d7:fa:9e:33:66:a4:97:02:b6:15:13:3f:1c:f4:74:60:
         13:f9:19:96:6b:49:e0:47:45:36:2c:8d:df:a6:bc:fa:77:bd:
         46:5b:89:f7:74:21:ae:e9:59:b2:41:e9:b0:1e:65:fd:65:08:
         eb:05:36:19:d9:e1:36:96:f7:1f:04:ef:51:8a:93:d3:6e:55:
         55:5b:c0:d6:4b:5d:c5:39:92:54:a1:b3:8b:4b:8d:10:5c:9e:
         bb:94:f9:69:0f:90:45:1c:b7:01:d5:d2:70:de:34:4c:21:0a:
         e5:b5:39:c2:93:74:95:55:1a:64:7f:1b:2f:be:16:4a:bf:77:
         d0:08:80:8e:1b:be:85:38:f1:3a:9a:91:1e:fb:ed:c7:b6:0a:
         29:c7:8f:b7:ac:a0:0e:31:f6:47:6b:fc:1e:ae:91:21:1d:4a:
         e7:bf:68:f7:58:af:0d:ae:7f:f8:55:b1:c4:cb:42:67:c4:0b:
         56:34:02:84:e4:bd:40:66:e2:1a:1d:68:60:a9:b6:ab:d3:5b:
         72:3e:74:f7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUf/HlIw1zZxLkfxXVT6uuOJ+OX+8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ1NloX
DTI3MDMwMzA2Mzk1NlowMzExMC8GA1UEAxMoRkNCM0RGMDhENUNENjIzRkNEQjhC
NDMxRTg4MTdDNzYxRTZDRDQ2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALUvsKRf3Jg3Nd76SW7f4dwAmAu7UIemGkhRrFSRIJMQfBWlBLSTjFB1LFRW
GZ0/+qGjSsgq8hKcQt0yxhnyh5q/kiRBpNO+EbnZJ7xQnKkGKh8xfNQjov5nY2i2
YVYvMm5w8saa4kRO+p8Ct8QeaR8VlcHXoksxwVEsxCspLWu8MGO8Kiy4CFc0LjOq
gOZgXNESFbyPdOGGJ46eeHO01MI1F8yBOSR4yBLWXMFSy3LMV2GVrBUBhgpzKbF0
9lxM2S6Hfc5EZCFAIHbPI/N3uxZpWaZJ3N76xJR59ef4Yycx2vvY4VJtwz4lY/ki
iIzfwoLmeeFBvorAruqS9Ye+uJECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT8s98I
1c1iP824tDHogXx2HmzUYzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjYyMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r4QwDQYJKoZIhvcNAQELBQADggEBAKOmT78iX+EAaS71Q/FMKsfWpnQYvPMzAZIM
PmetLzj3hWdqMrzgS46wiFJkPHsvAmC41m4jlnB91/qeM2aklwK2FRM/HPR0YBP5
GZZrSeBHRTYsjd+mvPp3vUZbifd0Ia7pWbJB6bAeZf1lCOsFNhnZ4TaW9x8E71GK
k9NuVVVbwNZLXcU5klShs4tLjRBcnruU+WkPkEUctwHV0nDeNEwhCuW1OcKTdJVV
GmR/Gy++Fkq/d9AIgI4bvoU48TqakR777ce2CinHj7esoA4x9kdr/B6ukSEdSue/
aPdYrw2uf/hVscTLQmfEC1Y0AoTkvUBm4hodaGCptqvTW3I+dPc=
-----END CERTIFICATE-----