Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146699.roa
File:                     AS146699.roa (raw, json)
Hash identifier:          sWn6JsJsTKmBwHdkCwxUPQu1iwg1enOaSmMYdtwRWFA=
Subject key identifier:   6F:1C:55:B8:48:84:E6:4E:0B:69:34:1D:70:30:C2:E6:99:83:16:22
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       5075136EF8D78413E2DEFB4C42F349F2D974DE2D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146699.roa
Signing time:             Wed 04 Mar 2026 06:39:34 +0000
ROA not before:           Wed 04 Mar 2026 06:34:34 +0000
ROA not after:            Wed 03 Mar 2027 06:39:34 +0000
asID:                     146699
IP address blocks:        240a:afd1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:75:13:6e:f8:d7:84:13:e2:de:fb:4c:42:f3:49:f2:d9:74:de:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:34 2026 GMT
            Not After : Mar  3 06:39:34 2027 GMT
        Subject: CN=6F1C55B84884E64E0B69341D7030C2E699831622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:66:b2:15:66:76:c0:1b:3d:1e:72:ac:f3:ba:
                    f7:8f:5d:a2:8d:1b:0c:90:23:2f:71:44:8e:b8:e4:
                    5e:88:5f:e4:33:44:66:42:ef:00:ba:51:9d:e0:e4:
                    21:4f:da:b1:c8:48:d5:75:5a:3a:0b:dd:77:72:50:
                    f3:f2:1b:93:f5:80:d7:26:e4:cf:5b:d3:06:e4:8a:
                    4a:da:ed:0e:ef:46:90:a7:b5:77:09:3a:8a:73:97:
                    ac:9f:3b:e2:6b:72:27:fe:47:66:e0:07:9c:b6:0c:
                    ed:85:d7:01:2f:0a:9e:78:32:18:25:8e:81:3f:4d:
                    ae:6c:8a:e6:1d:5d:89:7e:4b:e9:16:af:37:8e:3f:
                    73:5c:56:97:77:30:c1:6c:a8:f0:1e:fe:6e:49:c9:
                    e8:92:15:c6:fc:33:d1:af:f3:e4:d5:4b:1d:5d:ef:
                    8f:a8:58:58:1c:6b:68:13:53:be:e9:6c:f5:53:32:
                    00:6b:25:49:c3:8f:d9:8e:30:f8:03:80:20:f2:ff:
                    b1:3f:9b:f8:c8:64:6e:ae:17:c8:df:f5:3d:da:50:
                    7c:9a:b6:c8:13:6f:0f:ec:78:2c:2b:e7:eb:89:de:
                    32:38:83:7c:13:1f:4d:14:ec:ec:67:d7:e2:8d:aa:
                    ca:27:99:81:63:d3:e8:6f:aa:36:5c:2a:5c:3b:cb:
                    7a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:1C:55:B8:48:84:E6:4E:0B:69:34:1D:70:30:C2:E6:99:83:16:22
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146699.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afd1::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:2a:6f:bc:38:5e:0d:76:7f:28:05:40:7b:49:ed:33:11:ce:
         77:c1:6a:57:69:be:fe:13:de:da:5c:b6:4d:29:de:85:88:e9:
         3b:98:b8:44:a2:28:09:fe:80:bb:fd:3a:6e:01:c4:64:c4:57:
         24:d6:33:06:b7:c6:09:49:8a:b3:04:1a:76:ec:8d:b3:d7:ee:
         c2:da:de:f4:e4:69:8c:12:46:9c:e1:2c:4e:89:4d:16:f1:08:
         88:8f:0a:59:1e:fb:ae:fe:60:d2:09:0d:3d:d6:2b:3d:a3:71:
         a6:86:d5:10:b1:27:65:38:cc:62:a3:d9:1e:0b:4e:d9:67:ab:
         54:61:49:53:4f:90:eb:e1:7a:94:04:c7:93:bc:37:49:24:b3:
         21:b4:b4:53:c9:d6:38:f2:21:c0:24:ea:a4:d4:a5:cf:82:e8:
         1b:40:63:e2:5b:8b:55:2b:41:47:9a:ab:29:83:93:28:85:13:
         72:85:57:d9:02:9f:dd:a4:7e:83:c9:78:d4:d6:c2:1a:33:d6:
         23:f9:ea:01:0c:01:fb:f2:f7:b7:55:0e:6a:83:35:17:c3:6e:
         15:29:47:9e:40:9a:08:04:0c:a2:74:13:ac:db:d0:fa:c1:3b:
         84:2a:1b:06:ac:40:17:e0:88:86:c2:69:ca:9c:06:34:ef:55:
         16:5b:6d:c4
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUUHUTbvjXhBPi3vtMQvNJ8tl03i0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQzNFoX
DTI3MDMwMzA2MzkzNFowMzExMC8GA1UEAxMoNkYxQzU1Qjg0ODg0RTY0RTBCNjkz
NDFENzAzMEMyRTY5OTgzMTYyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVmshVmdsAbPR5yrPO6949doo0bDJAjL3FEjrjkXohf5DNEZkLvALpRneDk
IU/aschI1XVaOgvdd3JQ8/Ibk/WA1ybkz1vTBuSKStrtDu9GkKe1dwk6inOXrJ87
4mtyJ/5HZuAHnLYM7YXXAS8KnngyGCWOgT9NrmyK5h1diX5L6RavN44/c1xWl3cw
wWyo8B7+bknJ6JIVxvwz0a/z5NVLHV3vj6hYWBxraBNTvuls9VMyAGslScOP2Y4w
+AOAIPL/sT+b+Mhkbq4XyN/1PdpQfJq2yBNvD+x4LCvn64neMjiDfBMfTRTs7GfX
4o2qyieZgWPT6G+qNlwqXDvLehMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRvHFW4
SITmTgtpNB1wMMLmmYMWIjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjY5OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r9EwDQYJKoZIhvcNAQELBQADggEBAGUqb7w4Xg12fygFQHtJ7TMRznfBaldpvv4T
3tpctk0p3oWI6TuYuESiKAn+gLv9Om4BxGTEVyTWMwa3xglJirMEGnbsjbPX7sLa
3vTkaYwSRpzhLE6JTRbxCIiPClke+67+YNIJDT3WKz2jcaaG1RCxJ2U4zGKj2R4L
Ttlnq1RhSVNPkOvhepQEx5O8N0kksyG0tFPJ1jjyIcAk6qTUpc+C6BtAY+Jbi1Ur
QUeaqymDkyiFE3KFV9kCn92kfoPJeNTWwhoz1iP56gEMAfvy97dVDmqDNRfDbhUp
R55AmggEDKJ0E6zb0PrBO4QqGwasQBfgiIbCacqcBjTvVRZbbcQ=
-----END CERTIFICATE-----