Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146736.roa
File:                     AS146736.roa (raw, json)
Hash identifier:          YKuz5s2Mfmq51jedLosO/p1kXeSwbYgVEEDEeFFvljI=
Subject key identifier:   35:05:CF:00:5E:07:06:E4:9E:42:89:12:B0:F1:5D:70:E8:37:C5:33
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1DCCD8007382134B715E677E8F3DDE77E2855962
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146736.roa
Signing time:             Wed 04 Mar 2026 06:39:21 +0000
ROA not before:           Wed 04 Mar 2026 06:34:21 +0000
ROA not after:            Wed 03 Mar 2027 06:39:21 +0000
asID:                     146736
IP address blocks:        240a:aff6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:cc:d8:00:73:82:13:4b:71:5e:67:7e:8f:3d:de:77:e2:85:59:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:34:21 2026 GMT
            Not After : Mar  3 06:39:21 2027 GMT
        Subject: CN=3505CF005E0706E49E428912B0F15D70E837C533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:41:99:76:ac:4b:61:01:1f:59:bd:3e:f9:a3:
                    81:58:88:ed:f7:03:ab:1f:ec:19:90:59:46:22:22:
                    fc:8b:8a:e1:4a:59:d6:1b:1e:7d:fb:ca:c0:ad:1b:
                    9d:c9:ad:a6:64:74:1f:e7:93:4f:6b:5a:df:97:bd:
                    46:30:06:3b:63:0c:05:57:bf:a2:45:78:ba:2d:24:
                    19:58:7e:85:13:83:88:6b:20:a7:3e:86:9d:ee:4f:
                    f8:26:04:fd:79:60:19:00:79:f0:e0:e2:c8:b3:ef:
                    bd:80:56:15:fd:5b:47:ee:59:db:20:1d:d5:f6:9c:
                    f7:b3:5a:57:6b:78:b0:30:77:26:b7:81:16:d8:3c:
                    a6:ea:26:81:5a:cf:d1:ae:27:89:d4:fe:9a:de:45:
                    28:ef:66:4f:ce:4d:e9:6a:ca:ab:58:7b:f4:a1:56:
                    4a:48:34:76:89:91:86:09:ce:55:bd:1c:5e:5a:ad:
                    91:fb:c5:b4:d7:90:35:26:40:77:af:1b:e4:e1:46:
                    51:ab:f7:27:ea:2d:fc:eb:ea:36:28:fe:41:92:2f:
                    6c:93:04:83:03:35:7a:4a:82:1c:29:fd:ee:41:47:
                    64:24:f3:c7:9c:ca:4a:a1:54:86:e1:16:90:06:76:
                    d2:71:30:a6:56:ca:c6:0b:d1:60:ba:ca:0b:ae:95:
                    f8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:05:CF:00:5E:07:06:E4:9E:42:89:12:B0:F1:5D:70:E8:37:C5:33
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146736.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aff6::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:f5:c8:8e:e2:fc:98:7a:2e:f0:cf:28:4f:c2:54:1d:af:0e:
         0b:a4:2e:73:7d:9e:0d:b8:a7:b3:e8:a1:cf:4a:ed:fa:db:c1:
         6d:76:db:4b:a5:9b:83:db:c3:c1:aa:89:01:b7:c3:41:9a:62:
         75:88:34:3b:57:ad:04:78:7b:9a:f0:dc:fc:1b:01:a2:68:76:
         f6:31:c3:99:e3:9e:cb:da:3e:ce:6f:5d:65:61:bf:a1:78:ce:
         8e:bb:bf:c7:36:96:7e:a1:59:0f:15:04:a8:8f:e6:5b:15:80:
         06:03:e1:55:5f:96:d2:c3:3a:ff:b5:44:3c:61:70:aa:94:6e:
         32:ab:19:95:00:dc:62:6c:3f:5f:6d:fd:e8:73:6e:e9:49:64:
         a2:4b:52:0b:ed:ce:9c:46:3c:e3:07:3d:00:18:c5:97:d0:2b:
         c5:53:b1:7a:28:97:96:75:bd:57:5f:fd:68:18:8d:78:ac:92:
         0a:3e:21:18:04:b2:85:26:f9:c3:62:1c:b0:2b:97:59:df:14:
         98:0e:58:96:6b:8f:c0:23:cc:95:9f:8a:75:28:a5:37:39:2c:
         4d:bd:4e:6b:74:b3:d4:55:f3:f1:a3:c1:1f:e4:71:95:e0:e2:
         fa:58:cd:c6:37:74:c1:2c:7b:7f:10:93:35:88:e8:35:99:57:
         89:db:da:44
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHczYAHOCE0txXmd+jz3ed+KFWWIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MzQyMVoX
DTI3MDMwMzA2MzkyMVowMzExMC8GA1UEAxMoMzUwNUNGMDA1RTA3MDZFNDlFNDI4
OTEyQjBGMTVENzBFODM3QzUzMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNBmXasS2EBH1m9PvmjgViI7fcDqx/sGZBZRiIi/IuK4UpZ1hseffvKwK0b
ncmtpmR0H+eTT2ta35e9RjAGO2MMBVe/okV4ui0kGVh+hRODiGsgpz6Gne5P+CYE
/XlgGQB58ODiyLPvvYBWFf1bR+5Z2yAd1fac97NaV2t4sDB3JreBFtg8puomgVrP
0a4nidT+mt5FKO9mT85N6WrKq1h79KFWSkg0domRhgnOVb0cXlqtkfvFtNeQNSZA
d68b5OFGUav3J+ot/OvqNij+QZIvbJMEgwM1ekqCHCn97kFHZCTzx5zKSqFUhuEW
kAZ20nEwplbKxgvRYLrKC66V+B8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQ1Bc8A
XgcG5J5CiRKw8V1w6DfFMzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjczNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
r/YwDQYJKoZIhvcNAQELBQADggEBAHH1yI7i/Jh6LvDPKE/CVB2vDgukLnN9ng24
p7Pooc9K7frbwW1220ulm4Pbw8GqiQG3w0GaYnWINDtXrQR4e5rw3PwbAaJodvYx
w5njnsvaPs5vXWVhv6F4zo67v8c2ln6hWQ8VBKiP5lsVgAYD4VVfltLDOv+1RDxh
cKqUbjKrGZUA3GJsP19t/ehzbulJZKJLUgvtzpxGPOMHPQAYxZfQK8VTsXool5Z1
vVdf/WgYjXiskgo+IRgEsoUm+cNiHLArl1nfFJgOWJZrj8AjzJWfinUopTc5LE29
Tmt0s9RV8/GjwR/kcZXg4vpYzcY3dMEse38QkzWI6DWZV4nb2kQ=
-----END CERTIFICATE-----