Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146675.roa
File:                     AS146675.roa (raw, json)
Hash identifier:          afMWbxOeABNod5YtVYt9VKJBWLxbRkqV+0KxZ5En0jU=
Subject key identifier:   5F:25:57:3C:E7:9A:66:FD:25:FE:26:6D:EE:17:66:1F:14:9C:97:91
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2E480CF675FEA128B8AF0683FF1D460AB80BFF89
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146675.roa
Signing time:             Wed 04 Mar 2026 06:39:47 +0000
ROA not before:           Wed 04 Mar 2026 06:34:47 +0000
ROA not after:            Wed 03 Mar 2027 06:39:47 +0000
asID:                     146675
IP address blocks:        240a:afb9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:48:0c:f6:75:fe:a1:28:b8:af:06:83:ff:1d:46:0a:b8:0b:ff:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:47 2026 GMT
            Not After : Mar  3 06:39:47 2027 GMT
        Subject: CN=5F25573CE79A66FD25FE266DEE17661F149C9791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:98:84:3f:3b:2c:89:0a:0f:07:1a:7f:b6:bc:
                    90:80:5c:92:21:96:f0:60:ba:68:cd:2f:df:a1:96:
                    0c:58:4d:ed:cd:2d:b1:21:5f:eb:87:f6:e9:68:2d:
                    fe:b3:79:3f:02:dc:1a:25:69:e4:80:e9:54:4b:e0:
                    f8:54:5d:7a:9e:71:22:6c:2d:1f:13:aa:39:92:d3:
                    ed:a5:e2:78:25:ff:ec:6e:8a:b7:66:43:6e:2f:75:
                    b3:f9:06:76:55:aa:b1:61:98:88:b0:8c:80:6e:ad:
                    92:a0:ce:26:41:57:92:91:56:15:bf:2f:75:73:79:
                    b2:aa:cf:83:f3:40:6e:e6:77:77:05:76:af:f3:86:
                    17:58:66:c3:e8:28:95:9d:94:99:42:25:7d:2b:2a:
                    4a:a0:58:33:27:44:03:15:62:a9:b9:a2:02:f0:14:
                    a6:5e:86:f6:22:53:3f:1e:8f:3c:13:04:1c:bf:cf:
                    0f:c6:2f:e5:48:a8:e8:ec:8a:8b:ea:1f:31:77:6a:
                    14:00:f4:81:75:3a:7a:6c:d6:7c:e3:15:57:34:20:
                    12:25:04:95:e7:7d:88:52:06:4e:1a:97:fb:10:c2:
                    03:bc:e7:61:d3:e0:b2:5c:cd:28:d5:3a:2a:43:8f:
                    f8:da:05:cd:ad:1e:96:8a:53:c1:09:8f:1b:e3:ad:
                    1b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:25:57:3C:E7:9A:66:FD:25:FE:26:6D:EE:17:66:1F:14:9C:97:91
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146675.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afb9::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:e4:ab:8b:3c:c5:56:34:03:a6:f1:85:0e:f3:3c:99:69:7e:
         92:86:3d:8b:03:3d:3b:34:cc:95:ef:d3:92:2c:75:02:06:04:
         7c:c6:ed:52:1c:4b:ab:9b:f8:1c:dd:2d:2c:ef:1a:4c:32:4f:
         9e:79:bc:c9:a4:64:e0:f8:f9:f6:7e:10:3c:58:1d:76:f0:32:
         b8:84:e1:b3:78:20:72:d2:4d:1e:da:58:42:22:e4:ce:39:44:
         f8:54:fd:7d:35:30:f1:e2:94:65:28:da:69:af:26:08:3e:a0:
         a9:cb:0a:96:ee:77:73:ca:89:4f:fe:ee:c9:12:55:87:bd:9c:
         4d:63:b2:ef:ce:56:fc:78:84:6e:b6:f4:eb:c5:0c:d0:49:d9:
         5d:ac:6e:2f:10:f0:8e:2b:f6:86:3b:76:2c:fa:ca:4b:eb:15:
         d1:a4:dd:b6:38:05:6e:c1:a9:6e:1a:88:dc:9d:9d:d9:de:4a:
         90:6b:3d:af:36:87:64:d1:33:5a:44:45:8a:0f:a7:a8:06:48:
         2e:d4:da:af:94:49:ca:c2:97:2b:3f:ae:fd:e2:a9:d6:e7:ae:
         18:d8:cf:2b:7e:21:e7:6d:7c:7a:20:8d:d3:13:7c:29:da:8c:
         58:0d:27:f4:5f:6f:ff:c5:43:79:ac:4c:91:fd:7a:d5:b7:50:
         5b:5e:c1:6a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIULkgM9nX+oSi4rwaD/x1GCrgL/4kwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ0N1oX
DTI3MDMwMzA2Mzk0N1owMzExMC8GA1UEAxMoNUYyNTU3M0NFNzlBNjZGRDI1RkUy
NjZERUUxNzY2MUYxNDlDOTc5MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANmYhD87LIkKDwcaf7a8kIBckiGW8GC6aM0v36GWDFhN7c0tsSFf64f26Wgt
/rN5PwLcGiVp5IDpVEvg+FRdep5xImwtHxOqOZLT7aXieCX/7G6Kt2ZDbi91s/kG
dlWqsWGYiLCMgG6tkqDOJkFXkpFWFb8vdXN5sqrPg/NAbuZ3dwV2r/OGF1hmw+go
lZ2UmUIlfSsqSqBYMydEAxViqbmiAvAUpl6G9iJTPx6PPBMEHL/PD8Yv5Uio6OyK
i+ofMXdqFAD0gXU6emzWfOMVVzQgEiUEled9iFIGThqX+xDCA7znYdPgslzNKNU6
KkOP+NoFza0elopTwQmPG+OtG4cCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRfJVc8
55pm/SX+Jm3uF2YfFJyXkTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjY3NS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r7kwDQYJKoZIhvcNAQELBQADggEBAFTkq4s8xVY0A6bxhQ7zPJlpfpKGPYsDPTs0
zJXv05IsdQIGBHzG7VIcS6ub+BzdLSzvGkwyT555vMmkZOD4+fZ+EDxYHXbwMriE
4bN4IHLSTR7aWEIi5M45RPhU/X01MPHilGUo2mmvJgg+oKnLCpbud3PKiU/+7skS
VYe9nE1jsu/OVvx4hG629OvFDNBJ2V2sbi8Q8I4r9oY7diz6ykvrFdGk3bY4BW7B
qW4aiNydndneSpBrPa82h2TRM1pERYoPp6gGSC7U2q+UScrClys/rv3iqdbnrhjY
zyt+IedtfHogjdMTfCnajFgNJ/Rfb//FQ3msTJH9etW3UFtewWo=
-----END CERTIFICATE-----