Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146663.roa
File:                     AS146663.roa (raw, json)
Hash identifier:          VT5hL6LKYHqdRDnEjJibwZDFZfG3KUSa+6v+O7X/iAo=
Subject key identifier:   4C:94:7D:BC:14:2A:D2:85:7B:BE:78:5B:F2:26:C4:4C:7A:C2:B3:B4
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1546FDDF41AA54EFD501B3B56D17C4EE8BA9F123
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146663.roa
Signing time:             Wed 04 Mar 2026 06:39:44 +0000
ROA not before:           Wed 04 Mar 2026 06:34:44 +0000
ROA not after:            Wed 03 Mar 2027 06:39:44 +0000
asID:                     146663
IP address blocks:        240a:afad::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:46:fd:df:41:aa:54:ef:d5:01:b3:b5:6d:17:c4:ee:8b:a9:f1:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:44 2026 GMT
            Not After : Mar  3 06:39:44 2027 GMT
        Subject: CN=4C947DBC142AD2857BBE785BF226C44C7AC2B3B4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4c:fd:23:8d:89:b8:dc:44:64:58:e4:33:d2:
                    4c:d6:0c:b5:0d:c3:12:f7:a6:9d:5b:cc:0b:ac:f7:
                    a6:12:f3:83:c7:26:7f:39:8f:12:56:21:27:62:0c:
                    cb:d7:ee:32:37:ba:a7:69:ea:26:ff:0c:9a:64:c0:
                    b8:46:8b:a1:f4:dc:2d:06:34:03:ed:01:df:ba:69:
                    41:85:ee:3b:95:cb:16:f4:13:bb:07:b6:1b:dd:05:
                    f0:97:37:38:ae:80:61:d1:22:d0:28:13:f4:cf:99:
                    96:e6:7a:a5:18:8b:08:a5:9c:88:1c:54:2d:dd:a3:
                    0d:39:6d:2a:86:12:b0:fb:c9:7a:28:1d:09:ee:bf:
                    81:fd:2a:b6:97:82:8e:82:36:6d:f0:72:19:73:49:
                    5c:c4:bf:33:2d:ae:4a:58:1e:dd:be:0c:78:84:0f:
                    97:5a:15:99:97:e9:43:4d:c6:84:25:2a:a3:d9:8e:
                    be:8e:2b:fb:43:19:a3:7b:d1:fa:64:d3:80:ce:52:
                    2c:80:12:3c:2e:44:aa:55:31:b8:48:cc:39:86:29:
                    f8:b6:b5:cd:55:53:05:b0:94:cb:4b:e7:df:8f:a2:
                    e8:eb:ee:c1:b9:76:98:05:35:fa:f2:cf:ab:98:b4:
                    36:25:0e:a9:e0:d5:fa:91:44:ea:34:54:aa:38:ce:
                    61:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:94:7D:BC:14:2A:D2:85:7B:BE:78:5B:F2:26:C4:4C:7A:C2:B3:B4
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146663.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afad::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:96:50:b6:8d:67:a4:04:3f:8f:a7:db:ca:69:f3:90:49:7f:
         7a:ac:20:ee:6d:08:38:f9:c6:ba:e8:6e:bf:85:20:00:1c:63:
         e2:bf:35:10:71:2a:9b:25:8a:44:2b:67:93:f8:57:c9:cf:6d:
         3e:28:43:d8:d3:79:65:52:af:0e:78:5e:43:f9:49:a0:48:f1:
         2d:81:13:c7:bf:f3:ea:b6:33:bf:4e:44:54:92:c8:3e:b0:db:
         cc:54:11:d5:78:3b:93:a5:2e:45:0e:d6:f8:81:9a:37:50:aa:
         37:07:3d:b7:67:1e:d7:47:c3:f6:7e:d6:3a:64:0a:35:92:6d:
         86:af:bc:72:de:66:90:4f:4d:d3:a0:1b:d9:6d:4c:d3:88:9c:
         37:d2:b2:9a:c6:2b:c7:3f:b6:af:02:c4:21:ef:0c:ab:a6:4f:
         9c:7b:4a:12:0a:9d:5b:64:c4:a1:09:60:88:4f:4b:71:8b:9b:
         d5:f9:d8:9e:7d:fe:35:02:f2:e5:d5:e1:76:b2:73:4f:24:17:
         59:56:b0:eb:05:94:41:34:14:e2:aa:e9:5b:8f:14:67:62:50:
         20:38:a9:73:3b:53:8c:4e:0b:7f:0d:ed:8d:8e:50:88:3b:e9:
         e0:f7:f3:26:77:42:12:5b:6e:53:38:d9:64:24:a7:e4:71:93:
         60:1e:01:6a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFUb930GqVO/VAbO1bRfE7oup8SMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ0NFoX
DTI3MDMwMzA2Mzk0NFowMzExMC8GA1UEAxMoNEM5NDdEQkMxNDJBRDI4NTdCQkU3
ODVCRjIyNkM0NEM3QUMyQjNCNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ9M/SONibjcRGRY5DPSTNYMtQ3DEvemnVvMC6z3phLzg8cmfzmPElYhJ2IM
y9fuMje6p2nqJv8MmmTAuEaLofTcLQY0A+0B37ppQYXuO5XLFvQTuwe2G90F8Jc3
OK6AYdEi0CgT9M+ZluZ6pRiLCKWciBxULd2jDTltKoYSsPvJeigdCe6/gf0qtpeC
joI2bfByGXNJXMS/My2uSlge3b4MeIQPl1oVmZfpQ03GhCUqo9mOvo4r+0MZo3vR
+mTTgM5SLIASPC5EqlUxuEjMOYYp+La1zVVTBbCUy0vn34+i6Ovuwbl2mAU1+vLP
q5i0NiUOqeDV+pFE6jRUqjjOYX0CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRMlH28
FCrShXu+eFvyJsRMesKztDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjY2My5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r60wDQYJKoZIhvcNAQELBQADggEBABeWULaNZ6QEP4+n28pp85BJf3qsIO5tCDj5
xrrobr+FIAAcY+K/NRBxKpslikQrZ5P4V8nPbT4oQ9jTeWVSrw54XkP5SaBI8S2B
E8e/8+q2M79ORFSSyD6w28xUEdV4O5OlLkUO1viBmjdQqjcHPbdnHtdHw/Z+1jpk
CjWSbYavvHLeZpBPTdOgG9ltTNOInDfSsprGK8c/tq8CxCHvDKumT5x7ShIKnVtk
xKEJYIhPS3GLm9X52J59/jUC8uXV4Xayc08kF1lWsOsFlEE0FOKq6VuPFGdiUCA4
qXM7U4xOC38N7Y2OUIg76eD38yZ3QhJbblM42WQkp+Rxk2AeAWo=
-----END CERTIFICATE-----