Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146680.roa
File:                     AS146680.roa (raw, json)
Hash identifier:          aF/Fxpy/lylI1EP4LP/oDkBfUxJuRryC5QRpowyQ1WI=
Subject key identifier:   FE:33:D9:2D:8D:31:7E:D1:05:78:83:92:BB:1D:C1:5F:1E:46:C4:A6
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       0E18D1B879E72E7519C8B394488AD03A991C664A
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146680.roa
Signing time:             Wed 04 Mar 2026 06:39:40 +0000
ROA not before:           Wed 04 Mar 2026 06:34:40 +0000
ROA not after:            Wed 03 Mar 2027 06:39:40 +0000
asID:                     146680
IP address blocks:        240a:afbe::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:18:d1:b8:79:e7:2e:75:19:c8:b3:94:48:8a:d0:3a:99:1c:66:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:40 2026 GMT
            Not After : Mar  3 06:39:40 2027 GMT
        Subject: CN=FE33D92D8D317ED105788392BB1DC15F1E46C4A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:38:96:65:d2:f6:fe:94:67:21:87:36:8c:43:
                    30:49:25:f1:d5:13:3c:fa:cb:0a:8a:a8:31:fd:05:
                    06:5b:07:11:51:be:06:fe:4f:e6:f8:4a:96:35:8b:
                    4b:60:65:25:db:7e:a3:39:ef:d8:f5:8a:ba:ff:42:
                    98:71:70:40:23:d5:ad:d5:37:f6:a9:9a:ec:4b:c8:
                    90:85:75:95:55:1d:6d:c4:69:9d:0b:5c:68:5f:d8:
                    b0:db:11:97:be:1c:b6:f1:5a:e6:3f:b2:e9:72:43:
                    7a:72:57:e5:f0:38:a9:65:4d:e9:dc:e6:21:78:b3:
                    0e:4c:af:a0:1a:90:18:a3:0a:52:42:14:96:52:ca:
                    37:a1:95:8d:cf:68:6b:b5:b9:7d:cb:54:38:ad:5c:
                    88:71:02:4b:a7:a3:1e:ac:62:e2:ca:6b:cb:c9:6b:
                    e9:09:d2:ee:3a:4f:c8:13:a4:6a:87:6f:7b:a7:f6:
                    53:19:41:1e:21:e5:f8:93:f9:2b:0f:bf:b7:ae:2f:
                    60:47:b7:14:98:6e:80:fe:fd:49:69:e3:d3:49:ed:
                    58:68:bc:3e:1a:ce:af:10:26:83:38:ba:98:fe:f8:
                    12:b9:b9:8a:1d:a3:71:b8:95:1f:6a:88:29:4f:71:
                    b4:20:c2:19:4e:a5:e0:a8:59:f6:ef:c0:b2:e6:4a:
                    b1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:33:D9:2D:8D:31:7E:D1:05:78:83:92:BB:1D:C1:5F:1E:46:C4:A6
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146680.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afbe::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:f5:10:20:a9:f9:7a:51:a1:47:f2:4a:da:52:9a:1a:f5:54:
         a8:3b:49:18:ed:d4:d2:d4:d0:2f:a3:84:1c:23:bc:0f:b9:22:
         b6:2e:39:e7:e2:8d:5f:9f:4c:90:d7:d9:3e:c7:3f:4b:ab:26:
         36:07:bc:6f:6d:91:c2:fc:4b:d6:4e:42:35:cb:7d:77:42:fe:
         76:b8:b4:f1:68:03:f5:c6:9d:9d:4d:5e:2b:25:82:6d:0a:e6:
         e2:4d:f1:0f:cb:f8:f3:ee:71:3a:0c:49:1e:a4:b3:f9:12:b3:
         81:a2:98:dd:ab:00:14:3d:69:e7:ac:90:23:92:35:06:72:27:
         33:45:7d:d8:49:cf:7f:16:19:38:ab:75:36:96:c4:13:54:a2:
         6b:e7:67:6b:55:42:e9:7e:c6:ef:75:25:30:47:5b:c7:b7:69:
         c1:ff:24:66:fc:69:c5:dd:93:ae:ff:d0:2d:78:d7:3f:6f:c5:
         15:3f:24:3a:51:c7:a6:70:b2:bd:22:2c:da:43:80:1c:ad:b6:
         6e:34:de:fb:24:d7:e0:56:fb:c0:ce:dd:4c:77:bb:e0:7f:84:
         e2:c0:59:2a:c2:ce:1e:7f:b1:7c:bb:be:90:c9:1d:82:fc:0a:
         03:a2:4f:95:f3:ba:4f:68:41:9d:35:13:12:60:ab:b4:c5:b6:
         9d:1e:59:c7
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUDhjRuHnnLnUZyLOUSIrQOpkcZkowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ0MFoX
DTI3MDMwMzA2Mzk0MFowMzExMC8GA1UEAxMoRkUzM0Q5MkQ4RDMxN0VEMTA1Nzg4
MzkyQkIxREMxNUYxRTQ2QzRBNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKk4lmXS9v6UZyGHNoxDMEkl8dUTPPrLCoqoMf0FBlsHEVG+Bv5P5vhKljWL
S2BlJdt+oznv2PWKuv9CmHFwQCPVrdU39qma7EvIkIV1lVUdbcRpnQtcaF/YsNsR
l74ctvFa5j+y6XJDenJX5fA4qWVN6dzmIXizDkyvoBqQGKMKUkIUllLKN6GVjc9o
a7W5fctUOK1ciHECS6ejHqxi4spry8lr6QnS7jpPyBOkaodve6f2UxlBHiHl+JP5
Kw+/t64vYEe3FJhugP79SWnj00ntWGi8PhrOrxAmgzi6mP74Erm5ih2jcbiVH2qI
KU9xtCDCGU6l4KhZ9u/AsuZKsacCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT+M9kt
jTF+0QV4g5K7HcFfHkbEpjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjY4MC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r74wDQYJKoZIhvcNAQELBQADggEBAGL1ECCp+XpRoUfyStpSmhr1VKg7SRjt1NLU
0C+jhBwjvA+5IrYuOefijV+fTJDX2T7HP0urJjYHvG9tkcL8S9ZOQjXLfXdC/na4
tPFoA/XGnZ1NXislgm0K5uJN8Q/L+PPucToMSR6ks/kSs4GimN2rABQ9aeeskCOS
NQZyJzNFfdhJz38WGTirdTaWxBNUomvnZ2tVQul+xu91JTBHW8e3acH/JGb8acXd
k67/0C141z9vxRU/JDpRx6Zwsr0iLNpDgByttm403vsk1+BW+8DO3Ux3u+B/hOLA
WSrCzh5/sXy7vpDJHYL8CgOiT5Xzuk9oQZ01ExJgq7TFtp0eWcc=
-----END CERTIFICATE-----