Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146062.roa
File:                     AS146062.roa (raw, json)
Hash identifier:          Ycl/Egsd/j3WeEFmrA3LYsITthvuhoUkHcXwSoYz16k=
Subject key identifier:   20:F1:99:60:24:59:A8:A3:E2:44:0E:BD:F6:D7:19:05:6E:25:57:14
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1577D045B8A518EA5B1B50B02C69BAD93FA8A453
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146062.roa
Signing time:             Wed 04 Mar 2026 06:34:57 +0000
ROA not before:           Wed 04 Mar 2026 06:29:57 +0000
ROA not after:            Wed 03 Mar 2027 06:34:57 +0000
asID:                     146062
IP address blocks:        240a:ad54::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:77:d0:45:b8:a5:18:ea:5b:1b:50:b0:2c:69:ba:d9:3f:a8:a4:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:57 2026 GMT
            Not After : Mar  3 06:34:57 2027 GMT
        Subject: CN=20F199602459A8A3E2440EBDF6D719056E255714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7e:90:49:88:92:48:e8:26:0d:7a:cc:0e:4d:
                    c6:2a:92:52:85:41:3a:84:37:38:f0:52:d2:06:f4:
                    ac:45:39:73:11:7b:bf:66:80:a7:35:40:1e:c6:7e:
                    ad:cd:09:aa:cf:8e:67:ed:a2:75:67:a5:45:9a:8e:
                    2e:20:ef:63:d3:fe:b1:b1:64:fb:6c:7c:c0:24:fa:
                    ab:c1:fc:8f:69:97:74:d4:f5:db:78:c4:d6:65:8f:
                    7f:b4:c4:cf:df:c8:61:c8:60:d1:64:f3:8f:2f:fe:
                    ee:f5:04:98:a0:92:73:53:3e:91:59:5a:df:e1:7a:
                    d9:22:ce:8d:e4:71:7f:fd:ca:84:3c:79:70:5d:3e:
                    1c:3c:02:ca:23:0f:e0:14:b1:74:a7:7f:6c:09:d4:
                    8a:c1:a7:e9:af:58:38:d7:ee:a4:e3:74:c3:3a:7f:
                    eb:c1:19:eb:30:9d:74:63:c0:89:e5:03:8e:91:18:
                    53:db:ff:a6:20:f5:44:61:33:94:d8:17:d4:b0:25:
                    69:ce:c6:1a:a6:64:cd:e4:8d:64:c7:bb:a6:7e:11:
                    c9:c5:5d:88:da:2e:3d:1a:f7:c9:8d:c8:7d:4f:7d:
                    1c:80:5e:a4:50:be:b3:41:93:da:ea:e6:c1:7c:c1:
                    d3:cc:63:f4:0d:de:47:89:f7:48:93:e0:0c:be:2b:
                    4f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F1:99:60:24:59:A8:A3:E2:44:0E:BD:F6:D7:19:05:6E:25:57:14
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146062.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad54::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:50:91:13:7c:27:d5:27:d8:12:29:b5:75:e6:ba:35:d7:81:
         4c:03:9a:88:44:21:17:43:94:77:0c:94:e8:a2:d3:6d:6c:b8:
         a4:32:ba:54:e7:1a:d5:9c:07:46:d0:fa:52:d9:5a:d5:90:2d:
         24:4c:da:75:d4:73:3b:22:75:59:4d:b1:51:e0:dd:99:e6:a1:
         59:91:0f:0a:e0:71:7e:64:83:8d:b3:69:49:4e:f0:26:20:78:
         69:08:6e:b2:51:86:74:fd:67:72:89:bf:49:62:9d:2d:29:36:
         e3:c2:39:89:20:00:25:f1:85:61:77:09:0b:52:92:02:be:1c:
         3d:de:92:d5:38:7b:97:7f:b5:20:42:7a:a1:50:70:07:ae:79:
         1c:0d:2c:99:ad:1a:2a:78:50:8a:d3:c4:6e:a0:c4:cd:07:70:
         91:ad:43:a2:73:75:26:1d:03:2c:cc:7b:6a:77:89:fc:c6:ef:
         4b:a8:42:9b:8e:be:5e:92:64:78:ce:60:a8:62:5f:48:61:d7:
         65:5a:76:8e:45:22:96:de:a3:3a:7e:81:30:4b:05:48:18:91:
         e3:53:e8:44:a9:35:d4:14:ae:bd:60:79:a1:5b:b0:3e:74:77:
         64:8b:d5:c0:78:ec:eb:0b:f2:7e:ed:bb:7b:e4:1c:23:fc:d0:
         a3:ad:9f:8a
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUFXfQRbilGOpbG1CwLGm62T+opFMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjk1N1oX
DTI3MDMwMzA2MzQ1N1owMzExMC8GA1UEAxMoMjBGMTk5NjAyNDU5QThBM0UyNDQw
RUJERjZENzE5MDU2RTI1NTcxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJF+kEmIkkjoJg16zA5NxiqSUoVBOoQ3OPBS0gb0rEU5cxF7v2aApzVAHsZ+
rc0Jqs+OZ+2idWelRZqOLiDvY9P+sbFk+2x8wCT6q8H8j2mXdNT123jE1mWPf7TE
z9/IYchg0WTzjy/+7vUEmKCSc1M+kVla3+F62SLOjeRxf/3KhDx5cF0+HDwCyiMP
4BSxdKd/bAnUisGn6a9YONfupON0wzp/68EZ6zCddGPAieUDjpEYU9v/piD1RGEz
lNgX1LAlac7GGqZkzeSNZMe7pn4RycVdiNouPRr3yY3IfU99HIBepFC+s0GT2urm
wXzB08xj9A3eR4n3SJPgDL4rT9MCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQg8Zlg
JFmoo+JEDr321xkFbiVXFDAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjA2Mi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rVQwDQYJKoZIhvcNAQELBQADggEBACVQkRN8J9Un2BIptXXmujXXgUwDmohEIRdD
lHcMlOii021suKQyulTnGtWcB0bQ+lLZWtWQLSRM2nXUczsidVlNsVHg3ZnmoVmR
DwrgcX5kg42zaUlO8CYgeGkIbrJRhnT9Z3KJv0linS0pNuPCOYkgACXxhWF3CQtS
kgK+HD3ektU4e5d/tSBCeqFQcAeueRwNLJmtGip4UIrTxG6gxM0HcJGtQ6JzdSYd
AyzMe2p3ifzG70uoQpuOvl6SZHjOYKhiX0hh12Vado5FIpbeozp+gTBLBUgYkeNT
6ESpNdQUrr1geaFbsD50d2SL1cB47OsL8n7tu3vkHCP80KOtn4o=
-----END CERTIFICATE-----