Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146020.roa
File:                     AS146020.roa (raw, json)
Hash identifier:          UdK8z65HpK50a4m+3UkLO9b0pgt6RTVYi3XaundCiEw=
Subject key identifier:   E3:69:4C:96:74:CF:55:A6:C1:09:7B:18:C3:2C:85:AD:58:B6:6F:26
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       7C3EFF95257480A74A997A5BE50B2E3D744C91F1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146020.roa
Signing time:             Wed 04 Mar 2026 06:34:47 +0000
ROA not before:           Wed 04 Mar 2026 06:29:47 +0000
ROA not after:            Wed 03 Mar 2027 06:34:47 +0000
asID:                     146020
IP address blocks:        240a:ad2a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:3e:ff:95:25:74:80:a7:4a:99:7a:5b:e5:0b:2e:3d:74:4c:91:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:47 2026 GMT
            Not After : Mar  3 06:34:47 2027 GMT
        Subject: CN=E3694C9674CF55A6C1097B18C32C85AD58B66F26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:22:18:f2:a9:a5:d7:25:b5:4a:71:1a:f1:77:
                    48:c8:13:7b:05:43:a9:4b:0e:ec:64:a8:b1:a5:9f:
                    89:31:72:7f:34:84:e1:7b:92:8e:25:e9:42:75:73:
                    b7:f7:dd:a6:19:50:ce:de:6f:aa:1e:40:11:e4:49:
                    e1:27:32:cf:8e:5c:49:a1:46:0b:0c:f1:91:ef:34:
                    20:5f:95:23:e7:05:4e:cf:13:1c:bd:85:e4:dc:ed:
                    ec:3e:ec:47:bd:31:77:55:bb:cf:9d:66:d3:4b:76:
                    43:36:8b:57:e0:69:ac:6c:5c:31:b6:34:c8:f9:59:
                    84:67:6e:a6:ea:94:85:d9:0c:e9:a9:66:80:92:11:
                    5c:cc:aa:85:65:b9:82:de:fd:5a:09:e2:a9:53:f1:
                    7a:c0:4b:60:11:cf:5c:d5:8f:c1:16:ec:ad:e6:10:
                    ae:1f:dd:33:31:62:19:04:e3:b3:b6:13:59:9f:dd:
                    c2:91:6f:88:33:fc:9d:82:39:f9:a0:46:88:fd:c6:
                    9c:0b:11:38:80:5f:ca:ea:10:bd:eb:07:f5:01:c3:
                    06:85:5f:c8:96:01:ba:e9:cb:77:a7:97:8c:f9:80:
                    ba:5d:97:6f:4d:68:e4:3f:d3:04:f1:f2:5d:01:b5:
                    3b:24:67:8b:c2:82:69:7a:90:45:0f:66:dd:5e:12:
                    5d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:69:4C:96:74:CF:55:A6:C1:09:7B:18:C3:2C:85:AD:58:B6:6F:26
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146020.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad2a::/32

    Signature Algorithm: sha256WithRSAEncryption
         c9:59:24:ae:2c:31:dc:35:6d:48:a5:d7:5e:ac:5a:d0:87:de:
         3d:cd:c8:d2:48:71:8a:47:b6:1d:a6:8d:76:a6:40:07:90:33:
         7c:ce:f4:f7:6c:75:e4:58:a0:e7:b0:88:ce:68:1c:4e:84:5c:
         a4:a4:79:67:aa:72:4a:40:ac:aa:ad:87:6a:f6:4d:ed:4f:5f:
         72:7a:c5:37:ef:0a:b5:8c:ee:cf:96:bf:78:dc:0d:d5:70:cb:
         c0:ab:b2:3c:74:4b:f0:f9:49:71:26:93:e3:39:b4:28:59:91:
         24:24:e8:d9:0e:68:0f:9e:77:eb:c1:c6:5f:1a:50:ff:57:d2:
         f6:e3:ae:60:94:0b:bb:8d:da:1d:40:d9:82:61:d1:5e:e0:41:
         6f:d1:14:ac:ea:09:3d:38:c8:24:c2:40:1b:7b:d7:fc:4c:d1:
         9c:cc:31:3c:6d:29:ff:c0:51:c4:4c:1c:33:ef:6a:19:26:0c:
         dc:cc:58:29:20:ab:9a:4c:d7:80:38:32:e9:dc:22:65:9d:3c:
         fb:4f:51:4e:a1:59:cd:13:b5:7a:ec:f7:2e:17:8e:3a:a5:da:
         8c:14:6b:27:4d:66:30:e7:77:8b:45:64:89:ca:7e:87:4b:73:
         3c:be:84:c4:d1:d1:9f:67:70:21:e0:0b:0b:7d:e1:c9:16:09:
         c2:de:73:d5
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUfD7/lSV0gKdKmXpb5QsuPXRMkfEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjk0N1oX
DTI3MDMwMzA2MzQ0N1owMzExMC8GA1UEAxMoRTM2OTRDOTY3NENGNTVBNkMxMDk3
QjE4QzMyQzg1QUQ1OEI2NkYyNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJciGPKppdcltUpxGvF3SMgTewVDqUsO7GSosaWfiTFyfzSE4XuSjiXpQnVz
t/fdphlQzt5vqh5AEeRJ4Scyz45cSaFGCwzxke80IF+VI+cFTs8THL2F5Nzt7D7s
R70xd1W7z51m00t2QzaLV+BprGxcMbY0yPlZhGdupuqUhdkM6almgJIRXMyqhWW5
gt79WgniqVPxesBLYBHPXNWPwRbsreYQrh/dMzFiGQTjs7YTWZ/dwpFviDP8nYI5
+aBGiP3GnAsROIBfyuoQvesH9QHDBoVfyJYBuunLd6eXjPmAul2Xb01o5D/TBPHy
XQG1OyRni8KCaXqQRQ9m3V4SXf8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTjaUyW
dM9VpsEJexjDLIWtWLZvJjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjAyMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rSowDQYJKoZIhvcNAQELBQADggEBAMlZJK4sMdw1bUil116sWtCH3j3NyNJIcYpH
th2mjXamQAeQM3zO9PdsdeRYoOewiM5oHE6EXKSkeWeqckpArKqth2r2Te1PX3J6
xTfvCrWM7s+Wv3jcDdVwy8Crsjx0S/D5SXEmk+M5tChZkSQk6NkOaA+ed+vBxl8a
UP9X0vbjrmCUC7uN2h1A2YJh0V7gQW/RFKzqCT04yCTCQBt71/xM0ZzMMTxtKf/A
UcRMHDPvahkmDNzMWCkgq5pM14A4MuncImWdPPtPUU6hWc0TtXrs9y4Xjjql2owU
aydNZjDnd4tFZInKfodLczy+hMTR0Z9ncCHgCwt94ckWCcLec9U=
-----END CERTIFICATE-----