Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146120.roa
File:                     AS146120.roa (raw, json)
Hash identifier:          F8YJepa5PkJ14Z/0O5E9YWmYUUuUUQPm5Kk7wE/QcG8=
Subject key identifier:   7E:5A:A2:B4:93:A5:D3:BC:13:A2:69:1C:D0:75:1D:D3:FF:04:C4:A6
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2AC60A6BD8D1A5D65BBB757E6EF6E47E9FB058B8
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146120.roa
Signing time:             Wed 04 Mar 2026 06:33:42 +0000
ROA not before:           Wed 04 Mar 2026 06:28:42 +0000
ROA not after:            Wed 03 Mar 2027 06:33:42 +0000
asID:                     146120
IP address blocks:        240a:ad8e::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c6:0a:6b:d8:d1:a5:d6:5b:bb:75:7e:6e:f6:e4:7e:9f:b0:58:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:42 2026 GMT
            Not After : Mar  3 06:33:42 2027 GMT
        Subject: CN=7E5AA2B493A5D3BC13A2691CD0751DD3FF04C4A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a8:a0:fd:26:8e:43:66:8a:da:cb:6b:b2:f5:
                    39:58:aa:d2:28:1a:38:5b:79:4d:5f:ce:8c:a0:4f:
                    e7:8d:70:c7:f5:e2:57:46:43:a6:8c:28:00:65:b5:
                    00:98:b1:7b:3f:73:78:a8:d8:0a:d2:7b:62:2a:2e:
                    ac:d9:a2:61:4d:ac:e1:41:69:9a:d1:c1:11:e1:b0:
                    57:43:9f:53:d9:e3:ce:da:3a:19:1a:9a:8e:aa:c6:
                    c6:5b:e9:37:a7:80:88:d1:e1:49:64:3f:f5:33:ff:
                    cc:85:10:d0:c6:f5:74:52:dc:67:b2:c8:7b:e1:71:
                    a0:b7:2b:e1:75:8b:f7:35:d7:0a:5d:a5:e9:21:79:
                    d7:39:09:45:1a:b6:b4:a4:7e:b3:d7:9c:ae:8e:a7:
                    0d:cc:e5:37:dd:65:bf:d7:35:b6:63:2c:e8:75:c1:
                    e5:98:50:86:ec:8a:d5:df:d6:82:c0:c8:54:73:64:
                    89:f6:08:a0:f6:16:ae:6e:d8:c3:ca:75:99:cb:2b:
                    34:e2:e8:30:51:ad:cb:55:0d:cc:d5:09:44:0f:0f:
                    8b:07:42:40:cd:b5:20:9f:30:1b:18:6f:ad:11:93:
                    87:15:c7:c8:0e:c7:d5:3d:f4:4e:92:59:66:9b:95:
                    0a:88:16:b2:18:00:61:28:d8:b0:b8:3c:44:f5:79:
                    57:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:5A:A2:B4:93:A5:D3:BC:13:A2:69:1C:D0:75:1D:D3:FF:04:C4:A6
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146120.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ad8e::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:d6:3f:7e:a8:9c:a1:b6:1b:93:bc:c2:5b:fc:93:57:d3:c3:
         1d:b1:81:f5:19:66:c3:1b:82:59:96:c6:81:67:fc:c4:13:f2:
         d4:a9:9e:b8:a7:57:b8:4c:a3:85:45:66:b6:2f:32:d0:c8:0d:
         6f:4f:67:f9:f8:e8:f8:45:7a:53:30:c4:e0:aa:3f:2d:d9:37:
         63:0b:6a:b2:4d:bc:a7:47:d9:af:dc:84:fe:73:af:61:dc:f9:
         cf:cf:57:ed:32:47:62:9e:9f:b5:e8:a3:82:6e:08:a6:47:d5:
         e7:1c:dc:35:35:e5:f9:fc:30:e4:98:33:54:86:86:72:b4:a0:
         10:c1:33:12:7b:b3:e8:cc:11:81:b8:a9:e8:d1:57:d4:ea:88:
         a5:a0:86:92:31:4a:9e:0d:91:c2:7b:f2:80:47:06:42:9e:3f:
         ba:f4:7a:ef:31:17:f5:de:6f:e7:7e:45:a7:be:dd:b1:44:47:
         59:23:50:f1:93:22:0a:c0:f9:59:88:f6:d5:66:91:4e:ca:18:
         b9:f1:65:af:5e:67:e1:a3:fc:fa:92:67:8c:50:66:b5:4b:5c:
         93:ad:51:7e:0d:9e:50:88:87:6c:03:f5:b9:af:7b:41:84:24:
         30:9d:50:9e:93:6b:01:da:fd:2f:5b:14:d3:ef:72:77:37:90:
         87:eb:7f:c8
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUKsYKa9jRpdZbu3V+bvbkfp+wWLgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0MloX
DTI3MDMwMzA2MzM0MlowMzExMC8GA1UEAxMoN0U1QUEyQjQ5M0E1RDNCQzEzQTI2
OTFDRDA3NTFERDNGRjA0QzRBNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMSooP0mjkNmitrLa7L1OViq0igaOFt5TV/OjKBP541wx/XiV0ZDpowoAGW1
AJixez9zeKjYCtJ7YiourNmiYU2s4UFpmtHBEeGwV0OfU9njzto6GRqajqrGxlvp
N6eAiNHhSWQ/9TP/zIUQ0Mb1dFLcZ7LIe+FxoLcr4XWL9zXXCl2l6SF51zkJRRq2
tKR+s9ecro6nDczlN91lv9c1tmMs6HXB5ZhQhuyK1d/WgsDIVHNkifYIoPYWrm7Y
w8p1mcsrNOLoMFGty1UNzNUJRA8PiwdCQM21IJ8wGxhvrRGThxXHyA7H1T30TpJZ
ZpuVCogWshgAYSjYsLg8RPV5V0kCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR+WqK0
k6XTvBOiaRzQdR3T/wTEpjAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjEyMC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rY4wDQYJKoZIhvcNAQELBQADggEBADXWP36onKG2G5O8wlv8k1fTwx2xgfUZZsMb
glmWxoFn/MQT8tSpnrinV7hMo4VFZrYvMtDIDW9PZ/n46PhFelMwxOCqPy3ZN2ML
arJNvKdH2a/chP5zr2Hc+c/PV+0yR2Ken7Xoo4JuCKZH1ecc3DU15fn8MOSYM1SG
hnK0oBDBMxJ7s+jMEYG4qejRV9TqiKWghpIxSp4NkcJ78oBHBkKeP7r0eu8xF/Xe
b+d+Rae+3bFER1kjUPGTIgrA+VmI9tVmkU7KGLnxZa9eZ+Gj/PqSZ4xQZrVLXJOt
UX4NnlCIh2wD9bmve0GEJDCdUJ6TawHa/S9bFNPvcnc3kIfrf8g=
-----END CERTIFICATE-----