Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146686.roa
File:                     AS146686.roa (raw, json)
Hash identifier:          pKgE/wfSvmMYHbKsoPY2frS7t1zuspr8dUpzrp8+suk=
Subject key identifier:   21:EC:F2:92:C0:0B:35:DE:A6:20:32:68:F8:F8:3F:28:8E:5A:FF:63
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       603482F128FB4B9C18A09212CB935397B64D6CDC
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146686.roa
Signing time:             Wed 04 Mar 2026 06:39:16 +0000
ROA not before:           Wed 04 Mar 2026 06:34:16 +0000
ROA not after:            Wed 03 Mar 2027 06:39:16 +0000
asID:                     146686
IP address blocks:        240a:afc4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:34:82:f1:28:fb:4b:9c:18:a0:92:12:cb:93:53:97:b6:4d:6c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:16 2026 GMT
            Not After : Mar  3 06:39:16 2027 GMT
        Subject: CN=21ECF292C00B35DEA6203268F8F83F288E5AFF63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:aa:69:67:e4:65:6e:94:15:ae:25:97:9b:b8:
                    5b:b7:15:06:27:4e:9f:f0:1c:98:86:19:34:2b:ae:
                    33:cd:ae:9a:50:20:e3:aa:45:f7:bd:34:26:6c:f2:
                    ec:b5:50:48:25:ce:5c:05:c3:93:e7:d6:e5:cc:f8:
                    51:83:53:32:af:4c:d4:3f:db:dc:16:e3:f9:14:f2:
                    03:91:01:bf:20:7e:43:d9:16:f2:7a:a7:39:67:35:
                    89:1b:96:f9:6c:2d:ed:bd:3a:67:85:9f:9b:d0:b8:
                    cc:3a:7e:0f:32:f2:d0:94:40:30:49:be:92:ec:2f:
                    74:ab:54:9a:bc:fa:ce:85:de:02:77:ee:2d:00:4e:
                    01:85:10:a6:5c:14:dc:18:26:40:db:ce:65:60:b6:
                    c1:97:68:10:fd:c5:05:70:0b:68:d0:3a:b8:0d:89:
                    6f:7b:0a:1b:83:39:f9:d0:ca:ee:3f:b8:70:d2:44:
                    72:e0:b2:a8:6d:70:08:76:f8:cc:20:4d:46:23:e1:
                    b3:60:d5:d7:2b:ef:27:21:68:b7:5d:f1:24:8c:85:
                    d7:dc:47:ad:4a:13:fb:4c:22:c7:b2:01:74:1d:bb:
                    4b:a5:18:16:bd:c3:a7:4b:a3:66:b3:c0:79:39:63:
                    36:be:0c:9d:3a:59:cd:0e:ff:6a:d8:43:7f:33:f9:
                    4e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:EC:F2:92:C0:0B:35:DE:A6:20:32:68:F8:F8:3F:28:8E:5A:FF:63
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146686.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afc4::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:8a:70:15:2a:74:80:b6:1f:06:79:22:66:c9:4e:c3:9b:9b:
         a1:7a:02:fd:c8:e5:b8:84:f5:f7:b6:b7:80:1b:1f:bf:e2:35:
         8e:e6:af:24:9d:76:1f:a6:1b:ba:9e:36:78:fc:79:a2:dc:73:
         03:fd:5c:af:e4:2c:0f:1f:78:fb:40:c9:2d:c1:5a:0f:80:1c:
         03:25:b5:a4:6c:a3:44:4d:2f:9d:17:1e:c3:9f:ff:f5:b8:13:
         4d:83:ed:14:00:09:79:55:3a:06:dc:bf:3c:df:62:2f:ea:32:
         a5:45:44:69:ad:d8:3e:6a:77:f1:10:72:65:20:ea:39:91:67:
         3d:7c:b4:68:eb:ee:0b:fb:7a:94:7b:f7:fd:99:c9:96:20:31:
         f0:da:89:47:c8:38:bc:a9:a0:77:29:bf:bd:de:02:4f:61:31:
         e1:5c:4e:cd:36:90:e8:e4:91:42:51:08:80:bc:98:f1:af:44:
         77:6c:30:42:b7:bc:25:12:1e:ff:0c:e8:e9:57:ee:f4:e1:e6:
         fb:08:95:3f:3f:b5:a1:e3:fa:bd:11:c1:ed:ec:20:bc:a9:66:
         8f:53:7b:d6:71:f9:ea:a2:2b:0b:ab:7e:ef:76:f4:13:53:5a:
         db:d8:82:a3:64:83:90:5f:de:6d:b9:52:5b:a0:25:45:0b:3a:
         45:67:80:3d
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYDSC8Sj7S5wYoJISy5NTl7ZNbNwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQxNloX
DTI3MDMwMzA2MzkxNlowMzExMC8GA1UEAxMoMjFFQ0YyOTJDMDBCMzVERUE2MjAz
MjY4RjhGODNGMjg4RTVBRkY2MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOOqaWfkZW6UFa4ll5u4W7cVBidOn/AcmIYZNCuuM82umlAg46pF9700Jmzy
7LVQSCXOXAXDk+fW5cz4UYNTMq9M1D/b3Bbj+RTyA5EBvyB+Q9kW8nqnOWc1iRuW
+Wwt7b06Z4Wfm9C4zDp+DzLy0JRAMEm+kuwvdKtUmrz6zoXeAnfuLQBOAYUQplwU
3BgmQNvOZWC2wZdoEP3FBXALaNA6uA2Jb3sKG4M5+dDK7j+4cNJEcuCyqG1wCHb4
zCBNRiPhs2DV1yvvJyFot13xJIyF19xHrUoT+0wix7IBdB27S6UYFr3Dp0ujZrPA
eTljNr4MnTpZzQ7/athDfzP5TsMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQh7PKS
wAs13qYgMmj4+D8ojlr/YzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjY4Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r8QwDQYJKoZIhvcNAQELBQADggEBABuKcBUqdIC2HwZ5ImbJTsObm6F6Av3I5biE
9fe2t4AbH7/iNY7mrySddh+mG7qeNnj8eaLccwP9XK/kLA8fePtAyS3BWg+AHAMl
taRso0RNL50XHsOf//W4E02D7RQACXlVOgbcvzzfYi/qMqVFRGmt2D5qd/EQcmUg
6jmRZz18tGjr7gv7epR79/2ZyZYgMfDaiUfIOLypoHcpv73eAk9hMeFcTs02kOjk
kUJRCIC8mPGvRHdsMEK3vCUSHv8M6OlX7vTh5vsIlT8/taHj+r0Rwe3sILypZo9T
e9Zx+eqiKwurfu929BNTWtvYgqNkg5Bf3m25UlugJUULOkVngD0=
-----END CERTIFICATE-----