Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146700.roa
File:                     AS146700.roa (raw, json)
Hash identifier:          fE2okuqtnokxBukev3YiP9O8SpSzdyziSV+/HlNF5ys=
Subject key identifier:   75:C5:7E:B6:AB:FC:16:46:DC:36:75:A0:6B:A5:99:5C:39:38:F3:F8
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       4781388C8B9C7AAC665DE2DB75A0A32D8506C0AE
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146700.roa
Signing time:             Wed 04 Mar 2026 06:39:21 +0000
ROA not before:           Wed 04 Mar 2026 06:34:21 +0000
ROA not after:            Wed 03 Mar 2027 06:39:21 +0000
asID:                     146700
IP address blocks:        240a:afd2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:81:38:8c:8b:9c:7a:ac:66:5d:e2:db:75:a0:a3:2d:85:06:c0:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:21 2026 GMT
            Not After : Mar  3 06:39:21 2027 GMT
        Subject: CN=75C57EB6ABFC1646DC3675A06BA5995C3938F3F8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:98:a7:4f:a8:6f:78:b6:f7:13:ca:89:54:9b:
                    8a:7f:a8:22:a2:29:7e:32:e6:85:c4:79:33:b4:76:
                    06:cd:42:c7:83:57:08:31:ee:a9:15:cf:b6:20:5a:
                    7b:cc:08:a2:74:19:d6:9d:dd:f9:16:2a:fe:fa:aa:
                    80:fd:b9:de:d2:27:04:20:3d:d8:ce:62:d5:6b:94:
                    00:03:89:45:9e:50:dc:f7:42:6d:43:23:ca:79:af:
                    99:21:92:f1:d0:eb:88:c3:00:9f:81:bf:de:2c:26:
                    d4:8f:24:67:7c:d1:0e:0f:42:b4:f5:d2:dc:f3:7b:
                    ef:f9:40:e4:a0:0d:42:e3:3e:dd:fa:65:61:a6:7b:
                    82:91:c4:f4:8e:2a:4c:b5:0b:a9:b0:43:07:4b:e3:
                    32:6c:e7:cb:67:8b:9a:1e:c6:eb:29:e1:cf:ce:58:
                    0f:8c:df:8a:45:ca:0e:44:67:0a:f9:ab:fa:d1:2d:
                    bf:7b:5c:9f:fa:8d:ec:72:ba:f2:35:82:4c:fc:d0:
                    c0:e9:ad:97:28:55:34:1a:b4:f4:5f:d0:d4:ed:e7:
                    01:67:8d:42:fa:9f:12:a0:02:88:e7:b2:8c:f6:cb:
                    41:e6:2b:2e:96:d3:a8:9e:a9:bb:e6:cd:c6:1f:15:
                    8a:dd:d0:49:8f:8c:e1:d5:1e:d2:16:3d:70:12:35:
                    9e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:C5:7E:B6:AB:FC:16:46:DC:36:75:A0:6B:A5:99:5C:39:38:F3:F8
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146700.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afd2::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:c8:68:bb:27:78:6e:71:8b:55:39:76:ba:e3:33:8a:eb:07:
         b3:a5:b7:a1:e7:83:93:6a:46:29:7f:d3:c2:f3:dd:e3:27:06:
         d6:4e:be:16:cb:f3:b4:51:eb:a3:1b:d3:00:55:50:a9:bf:c2:
         e2:fb:99:60:aa:2f:39:27:9b:e3:5b:f7:86:b7:ad:91:b9:5a:
         ab:21:1e:7a:0f:7c:05:5b:2d:a9:8c:3e:7e:95:61:ab:7f:f8:
         ce:3b:9f:82:ab:33:23:4c:b6:18:6c:b9:84:8b:96:44:c1:4e:
         b5:cc:45:dc:7e:4f:8d:ed:cc:27:6a:83:41:50:92:c7:b7:a8:
         4f:49:32:a8:3d:b5:bf:49:51:f2:a8:86:de:fd:82:69:52:c5:
         cb:b5:a7:46:a5:07:67:cb:16:47:3d:7c:7b:ad:02:0a:8a:e6:
         29:0c:23:ab:52:04:99:6b:35:22:c4:87:95:05:24:a1:fe:11:
         40:ed:31:e8:72:a7:5c:84:30:6b:49:b5:92:45:87:1c:7f:3f:
         aa:31:7f:f6:69:cd:90:78:a9:20:86:be:25:74:58:ee:2d:b7:
         92:1a:6c:e6:a6:22:8e:b5:0d:ac:7d:23:75:64:04:76:a6:7b:
         27:7f:82:f4:3a:d8:36:d3:eb:3d:b4:a0:51:36:15:61:d9:ee:
         57:5b:c1:10
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUR4E4jIuceqxmXeLbdaCjLYUGwK4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQyMVoX
DTI3MDMwMzA2MzkyMVowMzExMC8GA1UEAxMoNzVDNTdFQjZBQkZDMTY0NkRDMzY3
NUEwNkJBNTk5NUMzOTM4RjNGODCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJyYp0+ob3i29xPKiVSbin+oIqIpfjLmhcR5M7R2Bs1Cx4NXCDHuqRXPtiBa
e8wIonQZ1p3d+RYq/vqqgP253tInBCA92M5i1WuUAAOJRZ5Q3PdCbUMjynmvmSGS
8dDriMMAn4G/3iwm1I8kZ3zRDg9CtPXS3PN77/lA5KANQuM+3fplYaZ7gpHE9I4q
TLULqbBDB0vjMmzny2eLmh7G6ynhz85YD4zfikXKDkRnCvmr+tEtv3tcn/qN7HK6
8jWCTPzQwOmtlyhVNBq09F/Q1O3nAWeNQvqfEqACiOeyjPbLQeYrLpbTqJ6pu+bN
xh8Vit3QSY+M4dUe0hY9cBI1nukCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR1xX62
q/wWRtw2daBrpZlcOTjz+DAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjcwMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r9IwDQYJKoZIhvcNAQELBQADggEBAEzIaLsneG5xi1U5drrjM4rrB7Olt6Hng5Nq
Ril/08Lz3eMnBtZOvhbL87RR66Mb0wBVUKm/wuL7mWCqLzknm+Nb94a3rZG5Wqsh
HnoPfAVbLamMPn6VYat/+M47n4KrMyNMthhsuYSLlkTBTrXMRdx+T43tzCdqg0FQ
kse3qE9JMqg9tb9JUfKoht79gmlSxcu1p0alB2fLFkc9fHutAgqK5ikMI6tSBJlr
NSLEh5UFJKH+EUDtMehyp1yEMGtJtZJFhxx/P6oxf/ZpzZB4qSCGviV0WO4tt5Ia
bOamIo61Dax9I3VkBHameyd/gvQ62DbT6z20oFE2FWHZ7ldbwRA=
-----END CERTIFICATE-----