Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS146419.roa
File:                     AS146419.roa (raw, json)
Hash identifier:          iXzaWsJlxlNuxwV9eXIxXIAMQplf5iAdnWlh2HF6Dpw=
Subject key identifier:   45:5A:1C:FB:5D:4F:61:00:22:8E:D4:E0:23:1D:2B:7E:E6:7D:B1:AB
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       60D89ADFF1321338A48D2F1D4B8E925CE3E650DC
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS146419.roa
Signing time:             Wed 04 Mar 2026 06:33:44 +0000
ROA not before:           Wed 04 Mar 2026 06:28:44 +0000
ROA not after:            Wed 03 Mar 2027 06:33:44 +0000
asID:                     146419
IP address blocks:        240a:aeb9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:d8:9a:df:f1:32:13:38:a4:8d:2f:1d:4b:8e:92:5c:e3:e6:50:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:28:44 2026 GMT
            Not After : Mar  3 06:33:44 2027 GMT
        Subject: CN=455A1CFB5D4F6100228ED4E0231D2B7EE67DB1AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c0:f8:40:b2:6d:ba:46:d4:4b:7d:1e:4d:dc:
                    71:31:3e:47:99:07:cf:5b:76:0f:7d:a5:88:9e:39:
                    fc:a9:65:7d:09:1f:5b:0b:5a:11:bf:b4:05:4b:b2:
                    e0:ed:b7:26:ff:33:92:ac:b3:21:58:e9:2f:7b:a8:
                    b5:b5:8c:09:27:13:bb:40:07:20:5e:1a:38:54:99:
                    49:77:e9:37:ed:9a:b2:cb:e2:f1:e5:0b:e9:72:95:
                    fd:26:be:70:2d:0b:b5:8a:9f:2e:5c:18:d4:86:b8:
                    cc:92:54:f0:60:3a:b9:ac:35:08:94:ee:a5:ad:16:
                    d4:45:57:10:9d:df:4d:5b:59:20:3f:d2:88:8a:12:
                    12:cb:44:d9:34:13:9b:66:d4:c8:de:d5:a7:0a:d3:
                    b7:e4:c7:7f:09:c8:04:3e:8b:65:a5:10:9d:f8:de:
                    a1:61:f5:14:84:dc:13:39:2a:77:98:5f:98:ca:c7:
                    e0:69:f6:6a:b3:c2:67:d9:f8:29:ae:cc:0a:13:c0:
                    4a:a4:6e:20:b4:f6:ca:c3:0b:43:d3:f4:17:55:20:
                    ca:e3:52:65:ed:b4:49:06:d6:b2:93:4a:c7:34:41:
                    01:bc:b7:bc:96:46:b7:d1:80:de:83:33:81:c7:06:
                    b1:86:7a:be:b0:4a:e9:76:16:61:17:b2:11:35:b7:
                    33:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:5A:1C:FB:5D:4F:61:00:22:8E:D4:E0:23:1D:2B:7E:E6:7D:B1:AB
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS146419.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:aeb9::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:e9:a3:4c:00:1b:3a:29:f9:97:b8:d7:4e:33:64:a5:0b:3a:
         bf:17:95:ac:77:f9:37:ef:de:8d:56:a1:9a:7e:84:44:99:84:
         65:80:d8:f0:8b:a8:e6:40:36:e4:02:d7:85:f7:5d:68:a1:b4:
         6e:81:88:71:b0:55:eb:d2:e5:1a:c0:f7:d0:21:8f:53:80:33:
         f3:d7:83:ff:2e:be:86:27:5d:cd:d0:8a:09:f0:a9:8d:1e:77:
         8a:ad:a2:ca:e7:9f:fc:03:9b:71:c6:59:f0:8e:6b:22:88:e2:
         69:20:7f:73:77:23:7b:6e:62:f0:65:9c:5d:8f:5e:10:11:f9:
         51:0e:a8:70:a8:77:d8:d2:e5:43:94:58:56:0a:b8:ea:a0:e2:
         c8:49:92:94:18:c3:60:a8:39:53:20:8d:0f:b8:af:58:62:03:
         c9:c4:a1:72:d8:f0:d0:89:bb:32:8f:35:6e:c5:f9:f6:4d:9a:
         1e:72:37:59:d7:90:ef:fe:6c:a5:de:8f:45:f8:38:10:8a:38:
         43:86:1b:91:e0:6c:bb:aa:3a:f0:eb:82:d1:63:7a:41:14:69:
         a4:76:fc:ce:30:9a:d2:74:60:d5:f0:cc:71:01:8d:de:b1:2d:
         2e:16:5b:b9:64:5d:09:96:e1:5f:b9:5f:13:90:6d:dd:38:dc:
         99:b8:b3:63
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYNia3/EyEzikjS8dS46SXOPmUNwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2Mjg0NFoX
DTI3MDMwMzA2MzM0NFowMzExMC8GA1UEAxMoNDU1QTFDRkI1RDRGNjEwMDIyOEVE
NEUwMjMxRDJCN0VFNjdEQjFBQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/A+ECybbpG1Et9Hk3ccTE+R5kHz1t2D32liJ45/KllfQkfWwtaEb+0BUuy
4O23Jv8zkqyzIVjpL3uotbWMCScTu0AHIF4aOFSZSXfpN+2assvi8eUL6XKV/Sa+
cC0LtYqfLlwY1Ia4zJJU8GA6uaw1CJTupa0W1EVXEJ3fTVtZID/SiIoSEstE2TQT
m2bUyN7VpwrTt+THfwnIBD6LZaUQnfjeoWH1FITcEzkqd5hfmMrH4Gn2arPCZ9n4
Ka7MChPASqRuILT2ysMLQ9P0F1UgyuNSZe20SQbWspNKxzRBAby3vJZGt9GA3oMz
gccGsYZ6vrBK6XYWYReyETW3M8ECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRFWhz7
XU9hACKO1OAjHSt+5n2xqzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NjQxOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
rrkwDQYJKoZIhvcNAQELBQADggEBAFLpo0wAGzop+Ze4104zZKULOr8Xlax3+Tfv
3o1WoZp+hESZhGWA2PCLqOZANuQC14X3XWihtG6BiHGwVevS5RrA99Ahj1OAM/PX
g/8uvoYnXc3QignwqY0ed4qtosrnn/wDm3HGWfCOayKI4mkgf3N3I3tuYvBlnF2P
XhAR+VEOqHCod9jS5UOUWFYKuOqg4shJkpQYw2CoOVMgjQ+4r1hiA8nEoXLY8NCJ
uzKPNW7F+fZNmh5yN1nXkO/+bKXej0X4OBCKOEOGG5HgbLuqOvDrgtFjekEUaaR2
/M4wmtJ0YNXwzHEBjd6xLS4WW7lkXQmW4V+5XxOQbd043Jm4s2M=
-----END CERTIFICATE-----