Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146394.roa
File:                     AS146394.roa (raw, json)
Hash identifier:          owt1O66gHrk7up6TgEXiUTqnKdfhM2AtzGCx+c/K4o4=
Subject key identifier:   51:EA:90:6C:F4:C9:4E:8D:0F:A3:82:C6:21:8F:C0:1E:34:AE:4A:4B
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       20594EC0ECB12D1CF451CE938D7C24BBA16A1DCD
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146394.roa
Signing time:             Wed 04 Mar 2026 06:33:42 +0000
ROA not before:           Wed 04 Mar 2026 06:28:42 +0000
ROA not after:            Wed 03 Mar 2027 06:33:42 +0000
asID:                     146394
IP address blocks:        240a:aea0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:59:4e:c0:ec:b1:2d:1c:f4:51:ce:93:8d:7c:24:bb:a1:6a:1d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:42 2026 GMT
            Not After : Mar  3 06:33:42 2027 GMT
        Subject: CN=51EA906CF4C94E8D0FA382C6218FC01E34AE4A4B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b9:d1:80:b8:3a:77:24:2f:bb:6c:b1:28:7c:
                    8c:d5:6b:a0:2d:f2:78:99:dc:40:01:d6:e1:40:55:
                    98:a9:39:63:6d:8e:5d:4f:ba:14:3f:0c:e8:47:bf:
                    82:00:a4:05:14:52:fc:a9:58:b8:d0:14:21:eb:31:
                    dd:fc:43:8b:e2:84:45:cb:78:fd:a6:0a:12:22:1b:
                    22:b0:97:42:3c:b4:e3:45:b5:78:ba:17:05:68:28:
                    c6:34:58:0f:71:4d:74:90:f2:54:ac:5b:0e:ed:3a:
                    47:ab:d1:de:a9:bc:44:36:38:bb:76:c2:83:52:ce:
                    06:3c:69:59:e7:8c:e0:d5:44:3b:71:af:98:5f:df:
                    93:c3:b8:14:24:53:04:8e:a6:49:6f:2d:60:84:d3:
                    f1:41:a1:36:a4:12:d4:bb:ce:d6:68:04:5d:de:eb:
                    fc:a0:98:69:98:dc:80:d9:bf:62:29:b7:b5:54:a6:
                    6a:76:75:89:40:a9:fd:8b:e6:b8:09:1f:6f:7a:2c:
                    09:cd:24:a5:47:5b:63:82:95:59:7e:f3:79:f7:91:
                    8d:d9:66:32:3c:9e:a8:23:48:01:82:3a:fb:07:12:
                    10:c4:00:cf:05:f4:5a:25:0f:57:9d:e0:9e:88:2f:
                    14:9a:6d:e4:ab:35:19:e9:93:72:60:8e:76:0b:c1:
                    52:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:EA:90:6C:F4:C9:4E:8D:0F:A3:82:C6:21:8F:C0:1E:34:AE:4A:4B
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146394.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aea0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:8e:2d:0b:36:2f:84:09:6c:08:4e:87:5b:8b:bf:ec:70:dc:
         f2:2f:f7:12:e6:5c:1d:8a:39:17:65:51:8a:96:01:15:0f:66:
         2b:16:07:68:64:aa:62:ec:11:c8:55:14:5d:85:09:d3:e2:27:
         6c:55:53:c2:ed:47:5b:90:d8:5d:36:9a:2e:4d:d8:78:7c:eb:
         34:e2:2c:24:73:c3:d5:f9:c1:7e:49:20:2e:ec:5b:12:f4:af:
         b7:91:74:b4:fc:16:2e:dc:48:e1:f5:d8:db:65:58:4a:0d:af:
         93:61:f6:7d:36:6e:c9:83:b5:0a:ce:a2:bf:00:db:af:22:73:
         8e:a7:28:eb:5e:03:3d:3f:1c:1f:aa:52:2a:12:37:8d:92:7b:
         26:ba:a4:0e:de:17:15:81:42:c1:ad:45:2c:ef:e4:a0:84:56:
         cb:60:ef:7f:8d:fe:17:95:1c:50:bc:0e:53:fb:6d:e6:fe:98:
         e7:14:35:3e:f9:d4:21:6b:c5:46:89:2e:09:5e:2f:db:2a:78:
         1a:9a:ba:dc:72:45:de:0b:e0:e4:08:9c:b2:7c:8c:53:44:10:
         09:06:7b:96:48:c6:93:10:2a:be:2d:b7:99:54:28:d3:50:3b:
         16:2f:2e:8a:02:be:bb:55:e9:36:8d:5c:e0:5c:40:58:45:b5:
         d3:96:11:10
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIFlOwOyxLRz0Uc6TjXwku6FqHc0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0MloX
DTI3MDMwMzA2MzM0MlowMzExMC8GA1UEAxMoNTFFQTkwNkNGNEM5NEU4RDBGQTM4
MkM2MjE4RkMwMUUzNEFFNEE0QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKu50YC4OnckL7tssSh8jNVroC3yeJncQAHW4UBVmKk5Y22OXU+6FD8M6Ee/
ggCkBRRS/KlYuNAUIesx3fxDi+KERct4/aYKEiIbIrCXQjy040W1eLoXBWgoxjRY
D3FNdJDyVKxbDu06R6vR3qm8RDY4u3bCg1LOBjxpWeeM4NVEO3GvmF/fk8O4FCRT
BI6mSW8tYITT8UGhNqQS1LvO1mgEXd7r/KCYaZjcgNm/Yim3tVSmanZ1iUCp/Yvm
uAkfb3osCc0kpUdbY4KVWX7zefeRjdlmMjyeqCNIAYI6+wcSEMQAzwX0WiUPV53g
nogvFJpt5Ks1GemTcmCOdgvBUjsCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRR6pBs
9MlOjQ+jgsYhj8AeNK5KSzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjM5NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rqAwDQYJKoZIhvcNAQELBQADggEBACCOLQs2L4QJbAhOh1uLv+xw3PIv9xLmXB2K
ORdlUYqWARUPZisWB2hkqmLsEchVFF2FCdPiJ2xVU8LtR1uQ2F02mi5N2Hh86zTi
LCRzw9X5wX5JIC7sWxL0r7eRdLT8Fi7cSOH12NtlWEoNr5Nh9n02bsmDtQrOor8A
268ic46nKOteAz0/HB+qUioSN42Seya6pA7eFxWBQsGtRSzv5KCEVstg73+N/heV
HFC8DlP7beb+mOcUNT751CFrxUaJLgleL9sqeBqautxyRd4L4OQInLJ8jFNEEAkG
e5ZIxpMQKr4tt5lUKNNQOxYvLooCvrtV6TaNXOBcQFhFtdOWERA=
-----END CERTIFICATE-----