Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146709.roa
File:                     AS146709.roa (raw, json)
Hash identifier:          mIchofTHPqRzSIwxSt4lThiWosHcbGOJi+D5eHYLTPU=
Subject key identifier:   30:40:D4:F8:FF:B5:83:43:D9:7D:B9:26:10:A9:0B:1E:E0:92:88:CB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       69A6596CAA54DAF7E652EA11D70E8540FD0EC621
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146709.roa
Signing time:             Wed 04 Mar 2026 06:39:30 +0000
ROA not before:           Wed 04 Mar 2026 06:34:30 +0000
ROA not after:            Wed 03 Mar 2027 06:39:30 +0000
asID:                     146709
IP address blocks:        240a:afdb::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:a6:59:6c:aa:54:da:f7:e6:52:ea:11:d7:0e:85:40:fd:0e:c6:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:30 2026 GMT
            Not After : Mar  3 06:39:30 2027 GMT
        Subject: CN=3040D4F8FFB58343D97DB92610A90B1EE09288CB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:02:04:78:16:53:ee:81:c4:0b:b6:2d:8c:d3:
                    25:f9:b5:dc:c6:0b:e7:3d:6a:5d:d3:0a:97:5b:ae:
                    18:6d:b6:01:d4:d4:05:8e:1c:af:6e:d0:9b:c8:60:
                    a6:4c:28:ca:ea:5f:c7:e5:95:ed:e8:cc:29:d7:a2:
                    ab:df:bc:76:92:6e:0a:8f:cf:31:61:45:be:d7:45:
                    aa:74:73:7f:49:fa:e3:fb:31:c6:ba:63:2a:f4:18:
                    d1:67:e5:4f:66:eb:4d:bf:32:52:43:1b:5a:d3:40:
                    be:d9:8b:9a:1a:fd:38:d6:45:c4:66:f8:61:32:c6:
                    8b:c1:2d:b7:d7:0f:80:78:f9:03:8e:9e:9b:60:9b:
                    ce:3d:a2:d7:d1:62:b0:9e:a6:85:4b:5e:63:38:af:
                    e9:72:c9:d0:26:8d:18:37:6a:a7:e7:85:02:e4:e1:
                    33:54:25:66:06:b5:57:89:32:5f:07:82:f4:55:8e:
                    d2:56:b6:b2:f6:72:29:b3:d0:83:95:a9:b8:08:b2:
                    1e:a0:c4:43:60:ad:f5:0f:a8:2a:9d:8a:54:c9:56:
                    c0:65:1c:fc:67:a5:93:bf:22:36:db:d1:be:9a:14:
                    b9:a4:64:be:01:23:19:87:64:23:0e:7f:08:b3:94:
                    ba:e7:0d:2d:ee:68:73:2a:b2:dd:9a:09:fe:71:7e:
                    9f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:40:D4:F8:FF:B5:83:43:D9:7D:B9:26:10:A9:0B:1E:E0:92:88:CB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146709.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afdb::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:e3:fe:50:3e:3a:8e:c6:7a:5e:6b:6b:45:13:e2:87:cb:bb:
         fe:96:84:5f:4e:fa:bd:8b:81:28:3d:42:17:05:80:3c:77:5f:
         f0:ce:7e:21:1b:85:e3:1a:53:89:be:cb:bb:91:c4:31:e1:50:
         63:d4:5d:d3:ca:9a:64:d2:8b:47:ab:17:05:26:6a:40:97:4d:
         60:3c:5e:a5:f8:c2:a7:7d:e9:83:ab:f5:17:36:31:82:9f:f6:
         6b:d3:6e:ac:af:19:01:44:5a:ae:e3:d4:eb:13:2c:a1:d9:98:
         1c:57:dc:44:f9:fe:89:e3:99:db:6f:f5:c8:f1:85:f8:1d:3b:
         2d:78:02:29:af:e0:50:2d:cd:5c:bb:8b:c8:88:0a:a1:df:9a:
         c6:7c:34:7d:2f:cc:17:1c:2d:fb:ac:11:09:64:56:03:27:0e:
         49:63:78:60:01:dd:de:4f:50:bc:44:4b:59:80:43:6b:79:81:
         5b:1f:0a:49:f5:7d:88:63:4c:a2:73:6e:ba:38:e6:fc:96:2c:
         56:b9:cc:e1:67:c1:26:21:0a:a7:a2:52:38:e5:a8:de:c2:ab:
         6d:0c:d0:5e:0b:0a:f5:7d:70:8e:1a:2e:d9:8f:df:57:2d:b1:
         6b:dc:c5:2a:b6:f6:31:37:5f:3b:2b:06:42:1b:c5:6d:b7:cb:
         fb:60:51:fa
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaaZZbKpU2vfmUuoR1w6FQP0OxiEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQzMFoX
DTI3MDMwMzA2MzkzMFowMzExMC8GA1UEAxMoMzA0MEQ0RjhGRkI1ODM0M0Q5N0RC
OTI2MTBBOTBCMUVFMDkyODhDQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ8CBHgWU+6BxAu2LYzTJfm13MYL5z1qXdMKl1uuGG22AdTUBY4cr27Qm8hg
pkwoyupfx+WV7ejMKdeiq9+8dpJuCo/PMWFFvtdFqnRzf0n64/sxxrpjKvQY0Wfl
T2brTb8yUkMbWtNAvtmLmhr9ONZFxGb4YTLGi8Ett9cPgHj5A46em2Cbzj2i19Fi
sJ6mhUteYziv6XLJ0CaNGDdqp+eFAuThM1QlZga1V4kyXweC9FWO0la2svZyKbPQ
g5WpuAiyHqDEQ2Ct9Q+oKp2KVMlWwGUc/Gelk78iNtvRvpoUuaRkvgEjGYdkIw5/
CLOUuucNLe5ocyqy3ZoJ/nF+n8MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQwQNT4
/7WDQ9l9uSYQqQse4JKIyzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjcwOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r9swDQYJKoZIhvcNAQELBQADggEBAFHj/lA+Oo7Gel5ra0UT4ofLu/6WhF9O+r2L
gSg9QhcFgDx3X/DOfiEbheMaU4m+y7uRxDHhUGPUXdPKmmTSi0erFwUmakCXTWA8
XqX4wqd96YOr9Rc2MYKf9mvTbqyvGQFEWq7j1OsTLKHZmBxX3ET5/onjmdtv9cjx
hfgdOy14Aimv4FAtzVy7i8iICqHfmsZ8NH0vzBccLfusEQlkVgMnDkljeGAB3d5P
ULxES1mAQ2t5gVsfCkn1fYhjTKJzbro45vyWLFa5zOFnwSYhCqeiUjjlqN7Cq20M
0F4LCvV9cI4aLtmP31ctsWvcxSq29jE3XzsrBkIbxW23y/tgUfo=
-----END CERTIFICATE-----