Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146647.roa
File:                     AS146647.roa (raw, json)
Hash identifier:          B3PBYFkF5W99+0WoC2qWORVBljLFA7yr0CFDevlNO0c=
Subject key identifier:   36:13:D1:0E:C8:68:88:48:71:A4:1C:8E:CA:A7:DF:D4:16:E3:7E:35
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3A69549BDBC7CFCDF74F2625B8C94E2BCE7BD8CA
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146647.roa
Signing time:             Wed 04 Mar 2026 06:39:22 +0000
ROA not before:           Wed 04 Mar 2026 06:34:22 +0000
ROA not after:            Wed 03 Mar 2027 06:39:22 +0000
asID:                     146647
IP address blocks:        240a:af9d::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:69:54:9b:db:c7:cf:cd:f7:4f:26:25:b8:c9:4e:2b:ce:7b:d8:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:22 2026 GMT
            Not After : Mar  3 06:39:22 2027 GMT
        Subject: CN=3613D10EC868884871A41C8ECAA7DFD416E37E35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:57:0f:d5:c9:a2:d9:59:53:6d:00:9d:a1:57:
                    b0:c0:b8:4e:dc:27:0a:c5:69:ac:94:d2:9e:95:36:
                    ed:e0:e4:09:a5:5b:45:7d:49:f6:89:e0:03:72:5b:
                    3a:f9:dc:79:52:8f:14:11:24:83:d6:cd:ec:3d:fd:
                    bd:b8:f4:16:30:c6:92:98:7b:5e:b3:ba:1e:d9:ae:
                    74:fd:b0:f9:c7:d5:e8:c9:e0:01:86:36:92:6e:65:
                    b4:cf:51:cd:18:88:1c:54:4b:db:9a:31:2a:96:7a:
                    30:35:f1:17:eb:9a:d8:ae:58:04:ef:60:d5:0d:e0:
                    af:32:97:ee:58:59:fb:c1:94:8c:9d:a1:f4:63:b7:
                    89:7f:d4:51:db:e6:8d:9c:44:eb:6c:42:52:95:73:
                    1e:a8:46:ca:dd:e1:33:8b:71:69:33:75:4a:44:71:
                    10:01:9c:61:f2:99:ca:9a:55:e7:70:cc:ec:db:a9:
                    81:f2:17:f3:51:39:0d:a3:bb:bd:8c:9a:2d:8a:6b:
                    5e:50:ea:66:fa:86:ae:2d:80:1d:1c:85:3c:27:d3:
                    ff:c8:10:74:d0:59:b0:db:08:2f:a6:77:9d:17:a7:
                    6e:6f:e6:e2:c8:68:d5:36:b3:34:b3:da:43:8c:9d:
                    d7:e1:fd:24:88:00:cd:1a:66:37:e8:d7:2f:9d:13:
                    c2:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:13:D1:0E:C8:68:88:48:71:A4:1C:8E:CA:A7:DF:D4:16:E3:7E:35
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146647.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:af9d::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:65:50:78:ae:b0:04:04:e0:48:52:5b:4b:a6:ee:16:58:67:
         a5:31:be:b1:69:d2:71:1b:62:ba:fc:f5:b2:0d:0f:6d:8a:54:
         df:c9:a9:8e:67:ad:dc:db:de:8e:9b:b7:a3:62:14:8c:1d:33:
         25:00:98:41:05:19:1a:06:f3:80:d5:15:a3:e4:ed:e9:08:43:
         9d:b9:70:02:e2:43:44:91:bb:85:8e:8b:84:a6:28:a9:c6:35:
         ee:e3:41:9e:5b:d4:3f:d5:69:8d:eb:6d:99:f9:d5:de:00:2b:
         b2:8d:14:a2:9e:78:05:0b:74:a1:9f:f4:b2:ce:e0:d7:b8:cd:
         0e:c5:32:b4:94:3c:10:6e:67:56:a0:5b:e4:65:e8:8c:31:e6:
         0e:a0:8a:60:11:42:76:53:35:d1:c2:c4:83:54:09:7c:1c:33:
         4d:7b:a5:0f:e9:f4:57:65:aa:f1:41:34:53:cf:4e:58:af:58:
         72:3d:47:2d:c6:0f:f2:62:12:a9:e8:6e:27:45:5a:c7:fb:09:
         bf:68:4d:a9:b9:0d:d9:ac:e3:4f:f4:e2:f8:f9:c9:0e:6d:88:
         13:5f:dd:e3:5a:d5:43:12:55:51:9c:26:24:63:b4:4a:a3:e8:
         cb:05:63:f2:c6:b0:0f:a7:d5:81:de:94:4d:03:16:f6:1e:a5:
         ee:d5:b6:2f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOmlUm9vHz833TyYluMlOK8572MowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQyMloX
DTI3MDMwMzA2MzkyMlowMzExMC8GA1UEAxMoMzYxM0QxMEVDODY4ODg0ODcxQTQx
QzhFQ0FBN0RGRDQxNkUzN0UzNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKFXD9XJotlZU20AnaFXsMC4TtwnCsVprJTSnpU27eDkCaVbRX1J9ongA3Jb
OvnceVKPFBEkg9bN7D39vbj0FjDGkph7XrO6HtmudP2w+cfV6MngAYY2km5ltM9R
zRiIHFRL25oxKpZ6MDXxF+ua2K5YBO9g1Q3grzKX7lhZ+8GUjJ2h9GO3iX/UUdvm
jZxE62xCUpVzHqhGyt3hM4txaTN1SkRxEAGcYfKZyppV53DM7NupgfIX81E5DaO7
vYyaLYprXlDqZvqGri2AHRyFPCfT/8gQdNBZsNsIL6Z3nRenbm/m4sho1TazNLPa
Q4yd1+H9JIgAzRpmN+jXL50TwkMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ2E9EO
yGiISHGkHI7Kp9/UFuN+NTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjY0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r50wDQYJKoZIhvcNAQELBQADggEBACVlUHiusAQE4EhSW0um7hZYZ6UxvrFp0nEb
Yrr89bIND22KVN/JqY5nrdzb3o6bt6NiFIwdMyUAmEEFGRoG84DVFaPk7ekIQ525
cALiQ0SRu4WOi4SmKKnGNe7jQZ5b1D/VaY3rbZn51d4AK7KNFKKeeAULdKGf9LLO
4Ne4zQ7FMrSUPBBuZ1agW+Rl6Iwx5g6gimARQnZTNdHCxINUCXwcM017pQ/p9Fdl
qvFBNFPPTlivWHI9Ry3GD/JiEqnobidFWsf7Cb9oTam5Ddms40/04vj5yQ5tiBNf
3eNa1UMSVVGcJiRjtEqj6MsFY/LGsA+n1YHelE0DFvYepe7Vti8=
-----END CERTIFICATE-----