Route Origin Authorization
$ rpki-client -vvf rsync.cernet.net/repo/cernet/0/AS138376.roa
File: AS138376.roa (raw, json)
Hash identifier: pVWVKqS9sDOZgQLoYP00+UQlewgUXthc4daN1BVLYeU=
Subject key identifier: E5:98:42:CA:88:4D:EE:00:EC:D4:9E:29:F9:83:01:DF:9A:89:45:A2
Certificate issuer: /CN=A91E5D610001/serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Certificate serial: 69A0407B9A8C946C6831E8971A92829F7E430F33
Authority key identifier: C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject info access: rsync://rsync.cernet.net/repo/cernet/0/AS138376.roa
Signing time: Thu 11 Jun 2026 07:16:15 +0000
ROA not before: Thu 11 Jun 2026 07:11:15 +0000
ROA not after: Thu 10 Jun 2027 07:16:15 +0000
asID: 138376
IP address blocks: 2001:250:1c00::/48 maxlen: 48
2001:250:1c01::/48 maxlen: 48
2001:250:1c02::/48 maxlen: 48
2001:250:1c03::/48 maxlen: 48
2001:250:1c04::/48 maxlen: 48
2001:250:1c05::/48 maxlen: 48
2001:250:1c06::/48 maxlen: 48
2001:250:1c07::/48 maxlen: 48
2001:250:1c08::/48 maxlen: 48
2001:250:1c09::/48 maxlen: 48
2001:250:1c0a::/48 maxlen: 48
2001:250:1c0b::/48 maxlen: 48
2001:250:1c0d::/48 maxlen: 48
2001:250:1c0e::/48 maxlen: 48
2001:250:1c0f::/48 maxlen: 48
2001:250:1c10::/48 maxlen: 48
2001:250:1c11::/48 maxlen: 48
2001:da8:c0::/48 maxlen: 48
2001:da8:4e00::/48 maxlen: 48
2001:da8:4e01::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Jun 2026 03:41:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:a0:40:7b:9a:8c:94:6c:68:31:e8:97:1a:92:82:9f:7e:43:0f:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E5D610001, serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Validity
Not Before: Jun 11 07:11:15 2026 GMT
Not After : Jun 10 07:16:15 2027 GMT
Subject: CN=E59842CA884DEE00ECD49E29F98301DF9A8945A2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:d5:11:9c:f7:0c:15:71:da:85:d2:15:de:fc:
1d:de:fc:61:be:44:ff:d5:c3:80:ac:06:33:e5:ef:
36:c8:65:8d:56:d9:46:f3:3f:40:8d:31:6c:f4:dc:
d7:ae:a8:2b:8d:d8:26:00:1f:ca:2d:1c:03:ef:b2:
07:c9:64:56:5d:34:7f:be:49:22:7e:09:d4:07:dd:
0d:f2:b8:bb:3c:6c:80:ac:b8:10:45:dd:0d:75:59:
51:69:cc:2d:21:be:10:fb:df:28:b6:6b:1b:35:8e:
88:86:70:7a:16:f5:52:0b:4c:39:6f:f1:cf:cd:e2:
a5:5d:fb:7b:f5:f1:55:5a:bf:9e:c0:9c:e1:a8:dd:
52:76:cb:54:29:91:7a:b7:6f:fc:a6:cf:53:c2:6f:
ff:87:d1:d7:c7:45:bd:08:c1:a6:cd:1a:c2:c9:cc:
e5:77:7e:0f:1e:c6:aa:fe:fb:cc:65:f3:7e:8b:b9:
2b:fd:0a:50:26:61:e5:e1:af:0b:ce:e8:47:7a:74:
3a:73:7a:cb:4b:00:db:56:a6:10:6d:38:a0:77:09:
68:19:94:45:64:4f:1e:80:cd:5e:85:46:9b:d5:01:
6f:26:f0:e0:40:e1:4f:20:72:0d:94:7e:2b:ff:0a:
f9:dc:e4:0b:3f:7a:58:2f:f7:9a:22:31:48:cc:19:
20:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:98:42:CA:88:4D:EE:00:EC:D4:9E:29:F9:83:01:DF:9A:89:45:A2
X509v3 Authority Key Identifier:
keyid:C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.cernet.net/repo/cernet/0/AS138376.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:250:1c00::-2001:250:1c0b:ffff:ffff:ffff:ffff:ffff
2001:250:1c0d::-2001:250:1c11:ffff:ffff:ffff:ffff:ffff
2001:da8:c0::/48
2001:da8:4e00::/47
Signature Algorithm: sha256WithRSAEncryption
d4:e5:b8:27:22:19:84:92:aa:ee:6c:a6:cc:70:ee:09:50:1f:
da:80:79:cf:f1:e7:19:61:8f:9d:19:f5:96:89:b6:81:19:4f:
c6:e5:d1:f7:82:a2:51:7e:56:ab:52:be:0b:2c:93:60:92:49:
a1:38:bc:29:c7:3e:5c:e6:5c:e2:a7:5c:41:61:02:3f:78:cd:
ca:e0:93:34:40:99:4c:59:35:76:b0:d8:ba:b9:04:1c:9f:d8:
e6:3e:26:89:3f:50:f8:fa:4d:05:5f:6f:0f:c7:f8:7f:57:91:
44:79:6c:81:28:9a:26:43:15:2d:24:d9:14:68:1d:91:a1:d5:
8d:f1:2f:f7:4b:2e:9d:e0:be:ac:c6:05:d5:e3:61:b6:1a:43:
5e:02:2e:d1:47:df:c6:1e:45:2d:d1:78:17:52:7d:e7:91:7a:
79:e7:99:6e:6e:41:79:31:64:48:39:dc:8a:77:ca:a0:b4:24:
4a:a6:f2:02:28:da:27:82:0d:1c:66:8e:ae:81:7a:40:8e:c9:
ae:69:af:69:43:bd:a0:af:99:22:2e:3a:08:c2:04:5c:41:70:
71:24:67:5d:c7:fe:b7:86:ed:ca:75:9a:b7:a6:51:43:e5:e3:
1c:22:d8:93:c5:e8:b7:b8:36:31:50:67:19:42:94:d5:76:af:
af:fd:0c:2e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaaBAe5qMlGxoMeiXGpKCn35DDzMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEyhDMUVGMzkyQzUw
MDU5N0NBM0NCQTJFMUVDN0FBMUVDM0Y1MEEyOEIyMB4XDTI2MDYxMTA3MTExNVoX
DTI3MDYxMDA3MTYxNVowMzExMC8GA1UEAxMoRTU5ODQyQ0E4ODRERUUwMEVDRDQ5
RTI5Rjk4MzAxREY5QTg5NDVBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKHVEZz3DBVx2oXSFd78Hd78Yb5E/9XDgKwGM+XvNshljVbZRvM/QI0xbPTc
166oK43YJgAfyi0cA++yB8lkVl00f75JIn4J1AfdDfK4uzxsgKy4EEXdDXVZUWnM
LSG+EPvfKLZrGzWOiIZwehb1UgtMOW/xz83ipV37e/XxVVq/nsCc4ajdUnbLVCmR
erdv/KbPU8Jv/4fR18dFvQjBps0awsnM5Xd+Dx7Gqv77zGXzfou5K/0KUCZh5eGv
C87oR3p0OnN6y0sA21amEG04oHcJaBmURWRPHoDNXoVGm9UBbybw4EDhTyByDZR+
K/8K+dzkCz96WC/3miIxSMwZIG8CAwEAAaOCAfkwggH1MB0GA1UdDgQWBBTlmELK
iE3uAOzUnin5gwHfmolFojAfBgNVHSMEGDAWgBTB7zksUAWXyjy6Lh7Hqh7D9Qoo
sjAOBgNVHQ8BAf8EBAMCB4AwZAYDVR0fBF0wWzBZoFegVYZTcnN5bmM6Ly9yc3lu
Yy5jZXJuZXQubmV0L3JlcG8vY2VybmV0LzAvQzFFRjM5MkM1MDA1OTdDQTNDQkEy
RTFFQzdBQTFFQzNGNTBBMjhCMi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUF
BzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgx
RDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd2U4NUxGQUZsOG84dWk0ZXg2b2V3X1VL
S0xJLmNlcjBPBggrBgEFBQcBCwRDMEEwPwYIKwYBBQUHMAuGM3JzeW5jOi8vcnN5
bmMuY2VybmV0Lm5ldC9yZXBvL2Nlcm5ldC8wL0FTMTM4Mzc2LnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAAjA5MBED
BgIgAQJQHAMHAiABAlAcCDASAwcAIAECUBwNAwcBIAECUBwQAwcAIAENqADAAwcB
IAENqE4AMA0GCSqGSIb3DQEBCwUAA4IBAQDU5bgnIhmEkqrubKbMcO4JUB/agHnP
8ecZYY+dGfWWibaBGU/G5dH3gqJRflarUr4LLJNgkkmhOLwpxz5c5lzip1xBYQI/
eM3K4JM0QJlMWTV2sNi6uQQcn9jmPiaJP1D4+k0FX28Px/h/V5FEeWyBKJomQxUt
JNkUaB2RodWN8S/3Sy6d4L6sxgXV42G2GkNeAi7RR9/GHkUt0XgXUn3nkXp555lu
bkF5MWRIOdyKd8qgtCRKpvICKNongg0cZo6ugXpAjsmuaa9pQ72gr5kiLjoIwgRc
QXBxJGddx/63hu3KdZq3plFD5eMcItiTxei3uDYxUGcZQpTVdq+v/Qwu
-----END CERTIFICATE-----
Generated at Fri Jun 12 09:48:56 2026 by rpki-client