Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146692.roa
File:                     AS146692.roa (raw, json)
Hash identifier:          luXbCq6TR6TcP2lTCesJKWpEBqGbL3rqDdknHkzxY0Y=
Subject key identifier:   FA:D9:1D:C6:56:05:D0:FF:83:2E:8A:F8:34:1B:A1:4C:09:6A:27:7C
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       3E6BE4D0340D6D7E21A26E04472F0EC1C9A67BBE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146692.roa
Signing time:             Wed 04 Mar 2026 06:39:49 +0000
ROA not before:           Wed 04 Mar 2026 06:34:49 +0000
ROA not after:            Wed 03 Mar 2027 06:39:49 +0000
asID:                     146692
IP address blocks:        240a:afca::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:6b:e4:d0:34:0d:6d:7e:21:a2:6e:04:47:2f:0e:c1:c9:a6:7b:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:49 2026 GMT
            Not After : Mar  3 06:39:49 2027 GMT
        Subject: CN=FAD91DC65605D0FF832E8AF8341BA14C096A277C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:88:db:5e:0e:0a:09:ec:bd:79:e5:95:7c:68:
                    3a:d4:98:f1:24:09:df:24:1d:89:cf:13:6c:0c:8c:
                    2a:2c:8e:ef:30:03:0c:46:d8:1d:15:6c:e2:35:78:
                    7c:77:59:f3:84:ea:94:de:e9:05:70:82:2a:cf:b2:
                    37:95:83:30:f3:c5:46:f8:7d:8e:0a:5a:85:30:99:
                    24:cb:a6:d9:9d:97:de:ca:be:5e:08:03:f2:ee:cd:
                    8e:ed:0d:3b:a7:59:6c:60:18:84:58:07:18:c1:9f:
                    d9:63:ff:b7:7e:dd:a6:f6:9f:3e:a4:7f:8b:76:dd:
                    84:33:75:ec:1a:b0:19:1a:29:9d:85:8b:72:15:26:
                    45:b0:3e:aa:97:07:14:5e:24:92:5c:16:05:a5:c9:
                    f7:da:e5:8d:fb:ec:5b:5b:d0:7e:83:5c:18:86:15:
                    c4:50:bd:57:33:8d:d4:28:fc:f3:83:3e:ab:bd:97:
                    82:56:67:ed:1e:c6:68:4c:22:ea:c1:4f:4c:93:f9:
                    d4:14:a9:52:20:b6:ee:1f:c1:ff:96:0e:0b:bd:ce:
                    44:41:a5:1f:96:01:55:21:72:21:63:dc:c8:3f:77:
                    06:b5:94:5d:7c:6c:12:f0:c4:93:e6:57:5d:c8:5e:
                    ef:73:18:b3:f5:06:76:04:05:f0:fc:ff:c7:40:a4:
                    39:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D9:1D:C6:56:05:D0:FF:83:2E:8A:F8:34:1B:A1:4C:09:6A:27:7C
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146692.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afca::/32

    Signature Algorithm: sha256WithRSAEncryption
         18:12:50:76:18:28:4a:77:d3:f6:fb:55:a4:2d:4c:6d:8a:04:
         a0:6e:ad:d2:e5:ec:03:96:10:4a:0e:78:c7:d2:c9:64:2c:e7:
         e4:6a:51:aa:42:3a:67:14:27:9f:51:30:f6:fe:66:7b:01:68:
         86:4b:0b:66:a5:02:53:0a:73:4e:96:f4:21:ba:51:8e:95:22:
         0a:26:85:4f:7f:05:c9:e9:15:3b:96:65:8e:36:08:b3:58:35:
         a2:ef:45:0e:2f:7c:17:27:9d:16:7d:a0:c6:d0:a0:0a:31:17:
         06:69:73:5b:d8:5e:36:a1:d2:44:40:b0:bd:87:eb:78:0b:31:
         c4:a3:d4:55:2a:36:eb:8e:d8:f9:17:c4:98:66:72:66:2a:c1:
         99:41:35:94:42:e7:9f:11:33:e2:0a:eb:3b:2a:79:87:28:22:
         ef:86:2b:bd:94:cc:fe:09:d4:cb:02:26:b3:0f:06:47:5d:e0:
         7a:cb:49:cc:f0:b2:c2:86:c2:b8:8e:92:b0:8b:d4:e0:0b:e3:
         69:18:b3:c3:35:a7:92:de:47:21:7c:ea:46:c7:6a:a5:12:ff:
         89:9a:c5:ce:68:1e:6b:46:51:58:86:c9:2b:1f:dc:b2:76:37:
         93:9f:a8:d6:c4:76:cb:f2:64:9d:5d:9b:ac:99:75:11:9a:77:
         4d:9c:06:8f
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUPmvk0DQNbX4hom4ERy8Owcmme74wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQ0OVoX
DTI3MDMwMzA2Mzk0OVowMzExMC8GA1UEAxMoRkFEOTFEQzY1NjA1RDBGRjgzMkU4
QUY4MzQxQkExNEMwOTZBMjc3QzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOmI214OCgnsvXnllXxoOtSY8SQJ3yQdic8TbAyMKiyO7zADDEbYHRVs4jV4
fHdZ84TqlN7pBXCCKs+yN5WDMPPFRvh9jgpahTCZJMum2Z2X3sq+XggD8u7Nju0N
O6dZbGAYhFgHGMGf2WP/t37dpvafPqR/i3bdhDN17BqwGRopnYWLchUmRbA+qpcH
FF4kklwWBaXJ99rljfvsW1vQfoNcGIYVxFC9VzON1Cj884M+q72XglZn7R7GaEwi
6sFPTJP51BSpUiC27h/B/5YOC73OREGlH5YBVSFyIWPcyD93BrWUXXxsEvDEk+ZX
Xche73MYs/UGdgQF8Pz/x0CkOcUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT62R3G
VgXQ/4Muivg0G6FMCWonfDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjY5Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r8owDQYJKoZIhvcNAQELBQADggEBABgSUHYYKEp30/b7VaQtTG2KBKBurdLl7AOW
EEoOeMfSyWQs5+RqUapCOmcUJ59RMPb+ZnsBaIZLC2alAlMKc06W9CG6UY6VIgom
hU9/BcnpFTuWZY42CLNYNaLvRQ4vfBcnnRZ9oMbQoAoxFwZpc1vYXjah0kRAsL2H
63gLMcSj1FUqNuuO2PkXxJhmcmYqwZlBNZRC558RM+IK6zsqeYcoIu+GK72UzP4J
1MsCJrMPBkdd4HrLSczwssKGwriOkrCL1OAL42kYs8M1p5LeRyF86kbHaqUS/4ma
xc5oHmtGUViGySsf3LJ2N5OfqNbEdsvyZJ1dm6yZdRGad02cBo8=
-----END CERTIFICATE-----