Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146719.roa
File:                     AS146719.roa (raw, json)
Hash identifier:          9I8teYAl+ZFf9Ks6zdd/PKsqFjhtR+VXa5vD2I1/NjY=
Subject key identifier:   A1:47:19:41:91:80:73:F1:0E:11:B7:52:81:22:35:02:21:63:1A:15
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       75EAF6B04FD6DFFBD99D6E7E2FFAA6C3465055D7
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146719.roa
Signing time:             Wed 04 Mar 2026 06:39:38 +0000
ROA not before:           Wed 04 Mar 2026 06:34:38 +0000
ROA not after:            Wed 03 Mar 2027 06:39:38 +0000
asID:                     146719
IP address blocks:        240a:afe5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:ea:f6:b0:4f:d6:df:fb:d9:9d:6e:7e:2f:fa:a6:c3:46:50:55:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:38 2026 GMT
            Not After : Mar  3 06:39:38 2027 GMT
        Subject: CN=A1471941918073F10E11B7528122350221631A15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:47:c1:78:a9:24:d3:a6:a8:d7:f2:0a:dc:65:
                    51:6f:e0:08:0f:0e:47:2d:17:cf:38:00:19:71:31:
                    2b:67:3e:de:93:b3:ff:be:91:b8:eb:87:15:32:69:
                    cc:89:b1:cf:57:3d:51:7a:c1:03:a4:a8:5a:51:de:
                    c3:6d:da:65:82:8b:3d:bc:c2:d7:d1:28:4e:de:37:
                    ca:7b:91:e4:8f:93:1d:35:02:fc:01:2c:d4:5b:61:
                    ce:c4:80:38:75:e2:43:1c:0a:8a:77:82:cb:8f:d3:
                    90:4a:8f:90:00:9c:d2:6f:98:49:e0:9d:91:4d:e4:
                    6d:87:b6:db:6f:97:51:e6:87:96:18:64:62:46:fb:
                    02:41:72:d5:7e:2b:63:b6:93:6f:19:17:ff:3c:29:
                    c2:b7:18:38:c5:46:8d:71:43:d9:1d:70:d9:14:8c:
                    6a:21:43:1d:52:f4:a6:ef:88:9d:fc:47:34:e2:58:
                    fb:c9:98:51:cc:17:c3:be:df:0f:8d:c7:9e:80:b6:
                    20:50:7e:23:b6:6c:c6:3b:b7:0c:e7:e5:2d:9a:ba:
                    49:9f:60:8a:ee:26:0e:30:9b:74:5c:61:8c:e7:fc:
                    b3:10:30:bb:43:3d:2d:bf:ed:d1:58:b0:36:c3:6f:
                    ab:dc:3d:1f:50:85:c0:62:b8:a1:0e:6c:93:20:c4:
                    8a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:47:19:41:91:80:73:F1:0E:11:B7:52:81:22:35:02:21:63:1A:15
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146719.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afe5::/32

    Signature Algorithm: sha256WithRSAEncryption
         a8:bd:c0:5c:e7:84:47:8f:9d:b0:37:31:94:15:69:42:32:a9:
         aa:46:06:cf:c5:bc:44:74:d2:2f:fa:00:19:9e:77:93:d9:0a:
         36:84:00:88:65:d2:fa:2a:0d:e0:2f:65:af:7d:99:20:9b:55:
         32:85:30:75:15:06:26:ff:0b:8b:1d:90:23:63:92:79:be:dd:
         89:87:b0:dc:cb:47:4e:4a:f5:d0:87:ed:1e:28:88:6a:bb:5e:
         40:7b:97:9d:94:41:49:38:b9:a4:e8:49:09:4a:81:6c:34:b3:
         2f:b3:b0:ea:f8:d6:7b:20:c6:83:f3:7e:47:d2:67:2d:87:d1:
         84:65:d3:54:ae:72:bf:b1:42:2e:04:ec:8e:e5:3d:b1:12:67:
         30:2f:65:5e:16:e4:fe:4c:22:91:df:a8:f5:c0:fd:19:72:15:
         fb:5f:24:16:71:d3:7d:73:c9:ca:3e:c7:06:02:0d:bb:94:3a:
         18:41:f0:4d:e3:3e:b3:fa:5a:ae:06:73:da:b0:02:b7:51:03:
         a1:9c:04:d8:c0:31:ac:c8:53:8e:92:66:36:dd:36:a6:66:8d:
         f5:08:32:d7:cd:4b:12:8c:ad:61:83:b1:34:82:b9:35:a1:ab:
         26:a0:be:b7:ab:4f:b9:eb:a5:06:32:68:8a:e8:7c:b8:d2:4d:
         58:9e:1c:64
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUder2sE/W3/vZnW5+L/qmw0ZQVdcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQzOFoX
DTI3MDMwMzA2MzkzOFowMzExMC8GA1UEAxMoQTE0NzE5NDE5MTgwNzNGMTBFMTFC
NzUyODEyMjM1MDIyMTYzMUExNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpHwXipJNOmqNfyCtxlUW/gCA8ORy0XzzgAGXExK2c+3pOz/76RuOuHFTJp
zImxz1c9UXrBA6SoWlHew23aZYKLPbzC19EoTt43ynuR5I+THTUC/AEs1FthzsSA
OHXiQxwKineCy4/TkEqPkACc0m+YSeCdkU3kbYe222+XUeaHlhhkYkb7AkFy1X4r
Y7aTbxkX/zwpwrcYOMVGjXFD2R1w2RSMaiFDHVL0pu+InfxHNOJY+8mYUcwXw77f
D43HnoC2IFB+I7Zsxju3DOflLZq6SZ9giu4mDjCbdFxhjOf8sxAwu0M9Lb/t0Viw
NsNvq9w9H1CFwGK4oQ5skyDEijUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBShRxlB
kYBz8Q4Rt1KBIjUCIWMaFTAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjcxOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r+UwDQYJKoZIhvcNAQELBQADggEBAKi9wFznhEePnbA3MZQVaUIyqapGBs/FvER0
0i/6ABmed5PZCjaEAIhl0voqDeAvZa99mSCbVTKFMHUVBib/C4sdkCNjknm+3YmH
sNzLR05K9dCH7R4oiGq7XkB7l52UQUk4uaToSQlKgWw0sy+zsOr41nsgxoPzfkfS
Zy2H0YRl01Sucr+xQi4E7I7lPbESZzAvZV4W5P5MIpHfqPXA/RlyFftfJBZx031z
yco+xwYCDbuUOhhB8E3jPrP6Wq4Gc9qwArdRA6GcBNjAMazIU46SZjbdNqZmjfUI
MtfNSxKMrWGDsTSCuTWhqyagvrerT7nrpQYyaIrofLjSTVieHGQ=
-----END CERTIFICATE-----