Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146021.roa
File:                     AS146021.roa (raw, json)
Hash identifier:          2fBrFDlU5aZkYK16ZvGRDTxQqem54/Ufia9LvRgEAxQ=
Subject key identifier:   61:D2:C9:64:61:14:27:7A:CB:04:F1:4C:9C:A8:86:17:EA:38:D4:01
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       21BB2390E9B7CB5807F2248F3BDA73052B010C75
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146021.roa
Signing time:             Wed 04 Mar 2026 06:34:01 +0000
ROA not before:           Wed 04 Mar 2026 06:29:01 +0000
ROA not after:            Wed 03 Mar 2027 06:34:01 +0000
asID:                     146021
IP address blocks:        240a:ad2b::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:bb:23:90:e9:b7:cb:58:07:f2:24:8f:3b:da:73:05:2b:01:0c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:01 2026 GMT
            Not After : Mar  3 06:34:01 2027 GMT
        Subject: CN=61D2C9646114277ACB04F14C9CA88617EA38D401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:86:8d:f9:c4:57:78:ab:f5:e4:4c:86:e8:62:
                    ac:dc:8f:18:8b:80:c5:34:3d:94:bc:96:b6:92:29:
                    d1:24:22:5b:a7:55:9d:f1:2b:54:8c:24:19:a6:7e:
                    ed:fc:98:c8:d0:14:f1:a8:f9:2d:9d:31:9e:e4:2d:
                    f4:87:53:a2:43:b5:46:bd:5a:39:67:ce:68:7e:a2:
                    81:33:7e:52:a8:fe:69:50:01:62:b3:65:7a:57:ca:
                    9c:20:48:5c:7a:79:de:23:88:db:f9:43:ad:89:ba:
                    76:78:94:d5:fb:10:e5:48:50:5e:62:8a:a5:ca:3c:
                    e4:d5:4b:9e:0f:0c:11:74:63:bf:1d:89:94:c2:1c:
                    5c:56:84:fb:7e:25:26:c3:80:20:f8:02:39:de:e0:
                    1d:16:a9:39:3f:d7:d8:4f:f8:fe:d6:cb:cc:ce:c0:
                    05:d7:0d:36:89:02:3f:da:94:0f:36:d4:27:12:84:
                    c0:5e:7f:41:c7:55:63:d0:71:84:1a:0f:02:15:28:
                    00:70:0b:58:cc:75:05:9e:46:13:40:98:3b:6d:d5:
                    30:57:c6:93:c7:da:29:9f:7f:76:77:35:fd:ee:8e:
                    a8:53:3d:53:ce:d9:4f:47:5e:e3:cc:80:f8:2e:8f:
                    79:bc:97:89:f9:08:ee:30:0e:f7:be:8e:17:c1:2c:
                    14:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:D2:C9:64:61:14:27:7A:CB:04:F1:4C:9C:A8:86:17:EA:38:D4:01
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146021.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad2b::/32

    Signature Algorithm: sha256WithRSAEncryption
         cd:73:1c:cf:e2:36:1b:f6:8d:b3:4a:84:09:cd:b1:bd:18:f0:
         9f:1e:3d:97:a9:d8:26:95:06:0d:e1:b9:61:cd:0f:a3:ea:bf:
         ac:bc:80:b3:c7:a5:3c:c2:86:84:14:f5:00:05:bb:9b:0b:ad:
         5c:70:4b:9b:04:ae:a3:16:b9:75:33:48:58:19:ed:22:ce:d3:
         16:b0:2c:11:7d:40:af:05:4e:0a:43:a3:c2:36:18:fd:97:a3:
         2d:96:d5:e2:6d:f4:f5:bc:23:65:cb:d0:d8:fa:ee:01:c2:45:
         91:cc:f4:22:cf:ca:fb:2f:7f:f2:dd:6f:1f:7b:de:e4:b9:f8:
         48:13:0a:d2:77:f8:96:8f:a7:3a:3a:39:20:67:3e:b5:ae:89:
         b2:9a:3c:d9:28:93:93:84:ae:cf:9b:66:d8:11:85:5c:11:7e:
         4f:95:82:dd:99:1b:a6:67:05:8e:72:6a:ab:d7:4c:48:2d:50:
         b6:f0:41:3c:19:c0:bc:9f:da:7d:30:a6:6a:33:50:bc:f8:a1:
         7e:2e:ee:51:3e:83:e5:c2:b8:3d:60:53:f9:cc:c7:1a:ec:72:
         76:6d:1d:63:5d:85:87:5d:6f:76:fa:52:59:e6:98:d1:39:f5:
         1b:46:1d:f2:63:c4:1e:ec:9e:f6:5c:4e:41:4e:c1:5c:f1:93:
         0f:09:17:70
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIbsjkOm3y1gH8iSPO9pzBSsBDHUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwMVoX
DTI3MDMwMzA2MzQwMVowMzExMC8GA1UEAxMoNjFEMkM5NjQ2MTE0Mjc3QUNCMDRG
MTRDOUNBODg2MTdFQTM4RDQwMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKGjfnEV3ir9eRMhuhirNyPGIuAxTQ9lLyWtpIp0SQiW6dVnfErVIwkGaZ+
7fyYyNAU8aj5LZ0xnuQt9IdTokO1Rr1aOWfOaH6igTN+Uqj+aVABYrNlelfKnCBI
XHp53iOI2/lDrYm6dniU1fsQ5UhQXmKKpco85NVLng8MEXRjvx2JlMIcXFaE+34l
JsOAIPgCOd7gHRapOT/X2E/4/tbLzM7ABdcNNokCP9qUDzbUJxKEwF5/QcdVY9Bx
hBoPAhUoAHALWMx1BZ5GE0CYO23VMFfGk8faKZ9/dnc1/e6OqFM9U87ZT0de48yA
+C6PebyXifkI7jAO976OF8EsFJMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRh0slk
YRQnessE8UycqIYX6jjUATAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjAyMS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rSswDQYJKoZIhvcNAQELBQADggEBAM1zHM/iNhv2jbNKhAnNsb0Y8J8ePZep2CaV
Bg3huWHND6Pqv6y8gLPHpTzChoQU9QAFu5sLrVxwS5sErqMWuXUzSFgZ7SLO0xaw
LBF9QK8FTgpDo8I2GP2Xoy2W1eJt9PW8I2XL0Nj67gHCRZHM9CLPyvsvf/Ldbx97
3uS5+EgTCtJ3+JaPpzo6OSBnPrWuibKaPNkok5OErs+bZtgRhVwRfk+Vgt2ZG6Zn
BY5yaqvXTEgtULbwQTwZwLyf2n0wpmozULz4oX4u7lE+g+XCuD1gU/nMxxrscnZt
HWNdhYddb3b6UlnmmNE59RtGHfJjxB7snvZcTkFOwVzxkw8JF3A=
-----END CERTIFICATE-----