Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146204.roa
File:                     AS146204.roa (raw, json)
Hash identifier:          dBKAhTWsPjPBZjTLmGP1aX2SMPeq9WGRZ6mEyGVLfPo=
Subject key identifier:   6A:32:C6:DB:F5:E2:EA:59:BC:43:71:BF:E4:5E:BF:1D:23:8C:5C:EF
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       25973E840BEBD65B8538CFE4FB85EA58EB8DEB55
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146204.roa
Signing time:             Wed 04 Mar 2026 06:34:08 +0000
ROA not before:           Wed 04 Mar 2026 06:29:08 +0000
ROA not after:            Wed 03 Mar 2027 06:34:08 +0000
asID:                     146204
IP address blocks:        240a:ade2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:97:3e:84:0b:eb:d6:5b:85:38:cf:e4:fb:85:ea:58:eb:8d:eb:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:08 2026 GMT
            Not After : Mar  3 06:34:08 2027 GMT
        Subject: CN=6A32C6DBF5E2EA59BC4371BFE45EBF1D238C5CEF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:21:9b:7e:9f:d2:08:6c:9c:80:93:18:16:41:
                    51:42:f0:1f:98:fd:3d:95:6e:75:8e:5d:d2:c3:29:
                    e2:c9:1e:09:2a:41:ff:db:13:97:8b:0e:da:8b:c1:
                    4d:9f:02:03:09:d7:9b:27:f8:cd:8e:61:28:6c:60:
                    81:1d:28:35:b3:5d:0a:82:74:d1:ab:3b:14:fa:40:
                    58:e5:5a:ee:81:58:a3:61:0f:af:fd:b9:8b:ce:ec:
                    23:c8:63:7a:0d:b6:dd:bc:2e:1b:c1:03:b5:62:06:
                    0d:c8:47:ca:ba:1e:6e:7b:1c:6b:93:c7:90:9b:32:
                    da:93:c0:71:15:48:45:90:08:09:63:df:30:73:d6:
                    48:d4:77:8f:fa:ec:ce:74:48:d3:d4:84:ff:9b:1d:
                    e7:18:80:bc:d3:e3:19:1a:dc:60:f0:18:79:36:2e:
                    2b:8a:34:51:40:88:7d:73:97:96:7f:a3:5d:c7:30:
                    86:09:20:f3:c4:1e:65:db:d1:66:30:73:42:c1:2c:
                    6f:b9:d1:ee:cf:7d:95:e6:57:ea:af:9b:72:a6:f1:
                    ae:78:c2:b8:1e:00:08:00:8d:52:a2:bc:c8:eb:f7:
                    34:f7:b8:3b:9d:7d:61:c2:48:61:0d:29:1e:84:7e:
                    52:4d:4d:9a:fe:78:a1:f4:7f:68:f2:7d:41:1b:72:
                    69:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:32:C6:DB:F5:E2:EA:59:BC:43:71:BF:E4:5E:BF:1D:23:8C:5C:EF
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146204.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ade2::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:40:23:10:da:ac:7a:6f:4f:7f:47:ff:9d:42:69:41:c9:9c:
         5a:82:0a:c0:f3:38:d3:1d:5e:6f:2a:23:34:8c:69:a2:7e:1b:
         78:c4:ec:ed:47:dc:ec:fc:4a:65:23:92:54:b0:4c:1c:11:9c:
         73:13:79:e9:17:a8:82:d0:0c:5d:e3:13:41:e5:b3:e4:d6:90:
         c1:4e:56:25:e2:82:9a:e1:9f:3a:c3:91:09:7e:bb:18:85:da:
         72:8b:d6:b9:35:78:31:18:7a:e8:68:f5:1f:f1:03:8a:95:25:
         0b:ab:0b:94:d1:f1:a2:9c:a9:29:09:c1:72:58:9f:6a:4f:b1:
         ee:69:d5:32:29:2f:d5:2e:22:85:d1:33:94:d7:62:a1:90:0c:
         31:c4:52:71:1e:7b:ff:ee:34:9d:04:39:35:f1:50:0d:c8:e5:
         1c:03:7b:9c:95:ba:29:90:9d:22:73:e7:5e:53:b8:33:4b:24:
         38:41:cb:7f:67:80:85:59:de:fc:f2:12:92:94:a4:e6:0c:e0:
         f4:35:04:c0:15:3a:16:71:fa:7c:96:cf:1c:32:2f:23:d1:db:
         f8:9a:24:5b:1c:5e:0e:8d:ab:ec:a3:68:f1:86:79:d2:d1:7f:
         9f:90:b9:d3:14:39:7f:8f:e9:8c:6c:03:c2:17:3d:b7:14:85:
         4e:78:e1:bd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUJZc+hAvr1luFOM/k+4XqWOuN61UwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwOFoX
DTI3MDMwMzA2MzQwOFowMzExMC8GA1UEAxMoNkEzMkM2REJGNUUyRUE1OUJDNDM3
MUJGRTQ1RUJGMUQyMzhDNUNFRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4hm36f0ghsnICTGBZBUULwH5j9PZVudY5d0sMp4skeCSpB/9sTl4sO2ovB
TZ8CAwnXmyf4zY5hKGxggR0oNbNdCoJ00as7FPpAWOVa7oFYo2EPr/25i87sI8hj
eg223bwuG8EDtWIGDchHyroebnsca5PHkJsy2pPAcRVIRZAICWPfMHPWSNR3j/rs
znRI09SE/5sd5xiAvNPjGRrcYPAYeTYuK4o0UUCIfXOXln+jXccwhgkg88QeZdvR
ZjBzQsEsb7nR7s99leZX6q+bcqbxrnjCuB4ACACNUqK8yOv3NPe4O519YcJIYQ0p
HoR+Uk1Nmv54ofR/aPJ9QRtyaWECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRqMsbb
9eLqWbxDcb/kXr8dI4xc7zAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjIwNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
reIwDQYJKoZIhvcNAQELBQADggEBABdAIxDarHpvT39H/51CaUHJnFqCCsDzONMd
Xm8qIzSMaaJ+G3jE7O1H3Oz8SmUjklSwTBwRnHMTeekXqILQDF3jE0Hls+TWkMFO
ViXigprhnzrDkQl+uxiF2nKL1rk1eDEYeuho9R/xA4qVJQurC5TR8aKcqSkJwXJY
n2pPse5p1TIpL9UuIoXRM5TXYqGQDDHEUnEee//uNJ0EOTXxUA3I5RwDe5yVuimQ
nSJz515TuDNLJDhBy39ngIVZ3vzyEpKUpOYM4PQ1BMAVOhZx+nyWzxwyLyPR2/ia
JFscXg6Nq+yjaPGGedLRf5+QudMUOX+P6YxsA8IXPbcUhU544b0=
-----END CERTIFICATE-----