Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146266.roa
File:                     AS146266.roa (raw, json)
Hash identifier:          ba5rMvHgBaFyhK0U9HTnPwSrlbTeL6TehUx/xmhuNf8=
Subject key identifier:   52:8C:B1:11:2F:8B:64:31:E3:42:26:25:A5:03:A1:DA:79:60:D2:21
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       396C53D62253D2F312FCA69ED1F37A1291E1304D
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146266.roa
Signing time:             Wed 04 Mar 2026 06:34:09 +0000
ROA not before:           Wed 04 Mar 2026 06:29:09 +0000
ROA not after:            Wed 03 Mar 2027 06:34:09 +0000
asID:                     146266
IP address blocks:        240a:ae20::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:6c:53:d6:22:53:d2:f3:12:fc:a6:9e:d1:f3:7a:12:91:e1:30:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:29:09 2026 GMT
            Not After : Mar  3 06:34:09 2027 GMT
        Subject: CN=528CB1112F8B6431E3422625A503A1DA7960D221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:71:00:d6:55:be:43:2b:b4:47:74:0a:ac:4d:
                    e6:82:49:bb:33:66:b4:ee:a1:ee:e1:6c:1e:c3:cc:
                    60:36:a1:0b:6a:e5:aa:77:de:3e:29:4c:a9:d9:d7:
                    da:40:b0:64:a3:f6:d0:be:11:a2:73:8f:23:4f:56:
                    82:5e:0c:6d:dc:16:0a:33:32:57:a6:b0:ee:59:8b:
                    5a:da:dc:f8:a4:e8:f2:95:59:c2:08:26:a4:98:56:
                    fd:85:aa:66:0f:bd:f7:7a:68:5b:75:3b:ca:7a:3b:
                    95:dd:53:49:c3:b1:ef:cc:71:a6:c3:e5:b6:ce:14:
                    45:7b:9f:3e:b3:9f:51:ff:87:93:92:93:45:97:cd:
                    30:9e:d1:44:65:30:5a:41:a9:19:cb:70:49:de:3b:
                    29:58:80:0a:cd:ac:3d:fe:31:dc:c3:86:b1:c0:73:
                    bb:9b:21:cc:3c:0b:d1:0e:e4:66:05:89:36:3a:f4:
                    31:04:b5:58:79:ba:22:57:3f:4c:c3:72:6b:65:f9:
                    ab:6e:e9:63:a1:83:48:8a:40:68:5f:4d:1c:cc:fa:
                    c5:68:89:bd:96:11:2d:61:93:18:6c:1d:a6:bf:70:
                    7c:27:85:e0:e2:78:a7:f4:11:0e:82:91:9b:22:88:
                    23:d8:84:0f:e2:6a:47:40:d1:0b:a9:75:68:5c:b0:
                    32:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:8C:B1:11:2F:8B:64:31:E3:42:26:25:A5:03:A1:DA:79:60:D2:21
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146266.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:ae20::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:95:90:10:6b:1f:8a:4d:a9:df:45:03:07:81:4a:c4:46:91:
         fc:c1:60:a0:d9:a3:f9:80:6d:36:da:c7:19:f6:04:a5:db:38:
         c8:72:08:52:cf:ff:37:fa:65:b2:84:14:0f:ca:b3:c8:b3:8c:
         41:ee:28:02:00:2e:b2:cd:66:e7:a5:28:ba:95:fc:4e:8c:f1:
         14:1d:d0:84:9d:4a:2e:3b:23:76:71:cf:df:9b:b0:1e:be:d9:
         28:2a:88:43:2e:6f:8e:3e:c9:02:5a:09:50:02:b1:a0:ee:7a:
         09:e2:f6:21:15:36:f6:48:d4:f8:3b:9f:a7:ca:15:f1:37:cf:
         d3:60:fb:4b:23:d1:72:c6:da:0e:d0:c0:00:2c:de:5a:a3:7c:
         32:a3:48:38:2b:7c:68:e7:dd:15:70:75:48:3a:fa:5d:8f:68:
         0d:22:3d:78:b7:03:94:99:38:99:02:cd:fa:54:fa:19:a9:1a:
         38:ca:da:da:e0:48:ad:a4:32:84:b2:f2:aa:e1:a7:99:ed:f2:
         40:91:c7:97:45:b9:72:d3:10:d0:53:99:b3:78:36:ce:7a:37:
         3a:1e:a5:9f:d1:9b:74:18:53:67:11:eb:d1:31:eb:ef:ab:b8:
         00:e0:7e:77:0c:86:77:29:7d:b7:d9:bf:67:8d:f2:bc:f0:98:
         fb:8a:f4:47
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUOWxT1iJT0vMS/Kae0fN6EpHhME0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MjkwOVoX
DTI3MDMwMzA2MzQwOVowMzExMC8GA1UEAxMoNTI4Q0IxMTEyRjhCNjQzMUUzNDIy
NjI1QTUwM0ExREE3OTYwRDIyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpxANZVvkMrtEd0CqxN5oJJuzNmtO6h7uFsHsPMYDahC2rlqnfePilMqdnX
2kCwZKP20L4RonOPI09Wgl4MbdwWCjMyV6aw7lmLWtrc+KTo8pVZwggmpJhW/YWq
Zg+993poW3U7yno7ld1TScOx78xxpsPlts4URXufPrOfUf+Hk5KTRZfNMJ7RRGUw
WkGpGctwSd47KViACs2sPf4x3MOGscBzu5shzDwL0Q7kZgWJNjr0MQS1WHm6Ilc/
TMNya2X5q27pY6GDSIpAaF9NHMz6xWiJvZYRLWGTGGwdpr9wfCeF4OJ4p/QRDoKR
myKII9iED+JqR0DRC6l1aFywMtMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRSjLER
L4tkMeNCJiWlA6HaeWDSITAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjI2Ni5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
riAwDQYJKoZIhvcNAQELBQADggEBADmVkBBrH4pNqd9FAweBSsRGkfzBYKDZo/mA
bTbaxxn2BKXbOMhyCFLP/zf6ZbKEFA/Ks8izjEHuKAIALrLNZuelKLqV/E6M8RQd
0ISdSi47I3Zxz9+bsB6+2SgqiEMub44+yQJaCVACsaDuegni9iEVNvZI1Pg7n6fK
FfE3z9Ng+0sj0XLG2g7QwAAs3lqjfDKjSDgrfGjn3RVwdUg6+l2PaA0iPXi3A5SZ
OJkCzfpU+hmpGjjK2trgSK2kMoSy8qrhp5nt8kCRx5dFuXLTENBTmbN4Ns56Nzoe
pZ/Rm3QYU2cR69Ex6++ruADgfncMhncpfbfZv2eN8rzwmPuK9Ec=
-----END CERTIFICATE-----