Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146026.roa
File:                     AS146026.roa (raw, json)
Hash identifier:          mATKGF3xdEnBH/Tlgm0/I35p23DoW0fKKwe8gAyeQP0=
Subject key identifier:   21:80:2D:E8:8F:36:B6:2A:D6:22:C2:B8:F0:A7:39:13:49:88:2D:0F
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       24AA1E0150CD732E71A859B1A57363D2DA9F2FD0
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146026.roa
Signing time:             Wed 04 Mar 2026 06:33:39 +0000
ROA not before:           Wed 04 Mar 2026 06:28:39 +0000
ROA not after:            Wed 03 Mar 2027 06:33:39 +0000
asID:                     146026
IP address blocks:        240a:ad30::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:aa:1e:01:50:cd:73:2e:71:a8:59:b1:a5:73:63:d2:da:9f:2f:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:39 2026 GMT
            Not After : Mar  3 06:33:39 2027 GMT
        Subject: CN=21802DE88F36B62AD622C2B8F0A7391349882D0F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d9:82:23:17:74:55:69:7d:f6:ae:13:13:26:
                    ee:90:11:b8:47:bb:36:dc:89:60:16:d7:5e:08:de:
                    39:0a:f4:05:ac:8e:f8:80:08:9a:0f:79:15:ac:f0:
                    0b:c9:41:7a:f0:c6:19:5e:37:96:26:d9:2d:ef:ec:
                    b5:ce:3a:dc:aa:81:1c:21:38:4d:e3:f3:e5:21:9e:
                    53:4e:23:66:34:9c:b8:4c:d1:cd:2f:6a:54:a8:6b:
                    b2:78:98:f6:e2:b9:31:f9:6c:aa:56:c3:75:95:00:
                    ca:fb:90:e0:be:77:02:fa:a3:ca:5c:ab:fa:23:1a:
                    d3:f8:66:f2:33:7c:7d:6b:38:14:26:03:34:7a:4d:
                    a1:a8:6e:0b:df:dd:1e:ab:5d:10:ea:78:f4:3e:60:
                    65:9b:6d:c2:66:e1:f2:b6:ff:e6:01:12:62:7f:c9:
                    ff:f8:cb:2f:55:48:e2:78:3a:fc:bd:c7:e5:7a:b7:
                    02:71:3c:9a:a8:9a:9c:8e:7c:34:3d:a0:e3:d9:f4:
                    b4:31:be:4e:75:14:df:cc:21:83:89:74:2c:9c:8b:
                    3d:3d:7c:45:c5:aa:52:01:a1:db:31:4a:38:5b:35:
                    76:c3:e3:c6:bd:44:79:44:4f:8e:c5:25:29:ef:e0:
                    65:13:a3:0b:20:22:02:7b:f7:1c:5c:b9:33:f4:cf:
                    48:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:80:2D:E8:8F:36:B6:2A:D6:22:C2:B8:F0:A7:39:13:49:88:2D:0F
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146026.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad30::/32

    Signature Algorithm: sha256WithRSAEncryption
         60:a3:7d:4e:ec:9d:ea:01:e5:e0:80:35:bd:9a:d4:4f:a6:94:
         d0:3d:77:a6:1b:0f:71:e8:c2:53:11:b3:dc:ca:41:45:74:b6:
         6e:99:b5:36:76:34:3b:2e:57:5d:cb:14:27:28:b2:df:5c:d2:
         9e:0e:e5:8c:8e:79:bd:19:f4:1f:7e:dd:9a:1e:81:39:c0:e5:
         56:01:3d:ae:99:7f:d6:78:14:63:68:f1:61:99:d4:40:4a:d0:
         98:86:f2:b9:a0:93:78:1b:6f:88:d5:25:cd:b1:41:81:71:1e:
         29:f8:73:3f:3c:e6:e4:39:0b:b6:25:00:bd:5b:33:1e:ec:c5:
         c6:1d:13:1f:2d:88:c7:b5:ca:ab:df:37:af:48:c6:f4:b0:d6:
         6c:23:c6:df:08:17:2c:ae:ff:99:d4:09:9f:d3:e2:13:4a:33:
         2e:65:49:5c:b8:e0:ab:31:de:36:e5:a4:f4:73:39:dc:7a:5e:
         57:1d:b9:df:6b:60:ee:b9:c3:41:19:19:00:b5:bb:dd:d8:f6:
         00:a3:90:c2:65:5e:d5:8f:9a:46:8a:17:8a:dc:7e:96:8d:5f:
         c5:cf:dc:90:60:ef:4d:94:6e:d8:f5:39:65:f2:9c:08:1c:ed:
         a0:c9:9a:69:7d:a0:0a:79:66:73:13:f4:09:6d:6e:1b:7d:e5:
         b4:28:ea:f0
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJKoeAVDNcy5xqFmxpXNj0tqfL9AwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjgzOVoX
DTI3MDMwMzA2MzMzOVowMzExMC8GA1UEAxMoMjE4MDJERTg4RjM2QjYyQUQ2MjJD
MkI4RjBBNzM5MTM0OTg4MkQwRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIPZgiMXdFVpffauExMm7pARuEe7NtyJYBbXXgjeOQr0BayO+IAImg95Fazw
C8lBevDGGV43libZLe/stc463KqBHCE4TePz5SGeU04jZjScuEzRzS9qVKhrsniY
9uK5MflsqlbDdZUAyvuQ4L53Avqjylyr+iMa0/hm8jN8fWs4FCYDNHpNoahuC9/d
HqtdEOp49D5gZZttwmbh8rb/5gESYn/J//jLL1VI4ng6/L3H5Xq3AnE8mqianI58
ND2g49n0tDG+TnUU38whg4l0LJyLPT18RcWqUgGh2zFKOFs1dsPjxr1EeURPjsUl
Ke/gZROjCyAiAnv3HFy5M/TPSD8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQhgC3o
jza2KtYiwrjwpzkTSYgtDzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjAyNi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rTAwDQYJKoZIhvcNAQELBQADggEBAGCjfU7sneoB5eCANb2a1E+mlNA9d6YbD3Ho
wlMRs9zKQUV0tm6ZtTZ2NDsuV13LFCcost9c0p4O5YyOeb0Z9B9+3ZoegTnA5VYB
Pa6Zf9Z4FGNo8WGZ1EBK0JiG8rmgk3gbb4jVJc2xQYFxHin4cz885uQ5C7YlAL1b
Mx7sxcYdEx8tiMe1yqvfN69IxvSw1mwjxt8IFyyu/5nUCZ/T4hNKMy5lSVy44Ksx
3jblpPRzOdx6Xlcdud9rYO65w0EZGQC1u93Y9gCjkMJlXtWPmkaKF4rcfpaNX8XP
3JBg702Ubtj1OWXynAgc7aDJmml9oAp5ZnMT9Altbht95bQo6vA=
-----END CERTIFICATE-----