Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146727.roa
File:                     AS146727.roa (raw, json)
Hash identifier:          FLnv+5nUuMK3cisdCKPX6fZhpjTm3usgGO1JuLgWLS8=
Subject key identifier:   DD:D8:65:48:7B:20:75:99:72:F9:92:FB:4B:65:F0:9A:03:1F:CE:B3
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       69EAA297E82584AF88166DE995058DFEDB307674
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146727.roa
Signing time:             Wed 04 Mar 2026 06:39:24 +0000
ROA not before:           Wed 04 Mar 2026 06:34:24 +0000
ROA not after:            Wed 03 Mar 2027 06:39:24 +0000
asID:                     146727
IP address blocks:        240a:afed::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ea:a2:97:e8:25:84:af:88:16:6d:e9:95:05:8d:fe:db:30:76:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:24 2026 GMT
            Not After : Mar  3 06:39:24 2027 GMT
        Subject: CN=DDD865487B20759972F992FB4B65F09A031FCEB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:88:ee:06:bd:f6:86:fe:dc:37:e8:14:00:8a:
                    94:5a:87:31:04:b0:ca:0e:e0:10:26:52:2e:89:b3:
                    87:c7:c0:31:3b:4f:08:62:b0:f0:04:06:c2:6b:d2:
                    fb:e8:6b:4b:79:cb:42:ea:01:33:e8:6c:03:42:97:
                    c5:0d:a6:68:56:27:17:6a:bb:d6:2e:5d:31:b6:ed:
                    a4:6a:5e:bb:6e:1e:55:44:44:5f:b6:72:9b:46:ab:
                    39:4a:91:dc:bd:4e:3f:46:24:69:8a:ae:b6:60:13:
                    0e:f2:e8:f6:09:ae:db:6e:12:7d:61:f3:05:d6:1a:
                    d5:7c:1d:ec:b5:01:aa:1f:58:63:bf:b3:29:b2:ea:
                    93:cb:be:bb:71:8f:76:ab:5b:eb:c5:db:94:c7:cf:
                    5c:4a:61:f0:3a:b2:ce:2b:17:0d:54:36:6e:8e:ec:
                    21:0c:e5:0c:f0:53:b7:c5:89:66:d3:54:be:4a:19:
                    c9:8d:50:29:42:8b:42:33:46:67:1d:1c:15:aa:c0:
                    55:f3:36:22:61:d0:ca:e3:c1:ef:a8:91:6d:51:3d:
                    0e:54:39:39:94:82:96:2f:96:b9:b0:2d:23:10:bd:
                    cd:3a:a6:8f:3b:8a:1c:dd:50:28:69:87:ee:02:5e:
                    68:35:a7:31:d3:da:bb:6c:92:ec:9b:65:74:c1:83:
                    62:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D8:65:48:7B:20:75:99:72:F9:92:FB:4B:65:F0:9A:03:1F:CE:B3
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146727.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:afed::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:32:66:73:80:65:90:9e:bf:a9:7c:a5:17:f8:16:e2:f3:9c:
         b9:82:06:00:23:0e:9f:ae:bb:22:fd:89:ed:03:ef:c5:2d:f4:
         8f:a1:3d:b6:e9:0c:c1:9d:55:e2:3a:6c:c4:f8:63:17:a7:5a:
         ad:cf:23:31:68:00:ac:b6:49:f7:39:02:74:d6:4c:7f:5c:39:
         44:b5:7e:1f:2e:4d:a6:2d:48:0f:9f:6c:32:61:31:16:05:68:
         33:38:60:18:10:c8:a4:0d:ad:f8:46:a7:2f:37:37:df:92:2e:
         72:47:31:d1:b3:0b:d8:77:b2:b7:12:73:d9:ca:54:e4:38:0e:
         e8:cc:86:43:fb:bb:cf:06:6a:fe:3a:d6:80:1c:db:db:74:31:
         3a:bf:21:59:c2:2d:61:16:63:17:9a:70:55:b3:b7:85:9e:50:
         0b:65:ca:3d:85:10:95:5d:7c:d2:0e:03:61:15:fb:e8:3d:a1:
         70:c5:12:f2:37:8b:da:a5:1f:28:ec:5d:c3:87:9c:f8:88:59:
         72:d1:68:51:d6:40:a6:58:82:45:43:5d:7e:e6:42:fb:bf:53:
         ba:26:a6:7b:59:ba:94:65:8d:c7:85:94:3b:bc:84:82:c2:2b:
         5b:e1:98:5c:d9:9e:1c:a9:8d:c3:4e:e3:a3:cb:ae:1c:be:47:
         7d:b3:34:61
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUaeqil+glhK+IFm3plQWN/tswdnQwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQyNFoX
DTI3MDMwMzA2MzkyNFowMzExMC8GA1UEAxMoREREODY1NDg3QjIwNzU5OTcyRjk5
MkZCNEI2NUYwOUEwMzFGQ0VCMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI6I7ga99ob+3DfoFACKlFqHMQSwyg7gECZSLomzh8fAMTtPCGKw8AQGwmvS
++hrS3nLQuoBM+hsA0KXxQ2maFYnF2q71i5dMbbtpGpeu24eVUREX7Zym0arOUqR
3L1OP0YkaYqutmATDvLo9gmu224SfWHzBdYa1Xwd7LUBqh9YY7+zKbLqk8u+u3GP
dqtb68XblMfPXEph8DqyzisXDVQ2bo7sIQzlDPBTt8WJZtNUvkoZyY1QKUKLQjNG
Zx0cFarAVfM2ImHQyuPB76iRbVE9DlQ5OZSCli+WubAtIxC9zTqmjzuKHN1QKGmH
7gJeaDWnMdPau2yS7JtldMGDYpcCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTd2GVI
eyB1mXL5kvtLZfCaAx/OszAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjcyNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r+0wDQYJKoZIhvcNAQELBQADggEBADEyZnOAZZCev6l8pRf4FuLznLmCBgAjDp+u
uyL9ie0D78Ut9I+hPbbpDMGdVeI6bMT4YxenWq3PIzFoAKy2Sfc5AnTWTH9cOUS1
fh8uTaYtSA+fbDJhMRYFaDM4YBgQyKQNrfhGpy83N9+SLnJHMdGzC9h3srcSc9nK
VOQ4DujMhkP7u88Gav461oAc29t0MTq/IVnCLWEWYxeacFWzt4WeUAtlyj2FEJVd
fNIOA2EV++g9oXDFEvI3i9qlHyjsXcOHnPiIWXLRaFHWQKZYgkVDXX7mQvu/U7om
pntZupRljceFlDu8hILCK1vhmFzZnhypjcNO46PLrhy+R32zNGE=
-----END CERTIFICATE-----