Route Origin Authorization
$ rpki-client -vvf rsync.cernet.net/repo/cernet/0/AS138440.roa
File: AS138440.roa (raw, json)
Hash identifier: GOilHXq4IfliVfQ4uNetIgxRB/coV6OZbtvBHvUP9xs=
Subject key identifier: 39:98:C3:B8:17:B3:EA:4D:81:80:45:0B:B7:40:FC:07:64:6B:99:8D
Certificate issuer: /CN=A91E5D610001/serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Certificate serial: 1DDFBB3F64C1DAF4D7E6BEDA96411AE8BB6820A3
Authority key identifier: C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject info access: rsync://rsync.cernet.net/repo/cernet/0/AS138440.roa
Signing time: Thu 11 Jun 2026 07:16:17 +0000
ROA not before: Thu 11 Jun 2026 07:11:17 +0000
ROA not after: Thu 10 Jun 2027 07:16:17 +0000
asID: 138440
IP address blocks: 2001:250:3800::/48 maxlen: 48
2001:250:3801::/48 maxlen: 48
2001:250:3802::/48 maxlen: 48
2001:250:3803::/48 maxlen: 48
2001:250:3806::/48 maxlen: 48
2001:250:3808::/48 maxlen: 48
2001:250:3809::/48 maxlen: 48
2001:250:380a::/48 maxlen: 48
2001:250:380b::/48 maxlen: 48
2001:250:380c::/48 maxlen: 48
2001:250:380d::/48 maxlen: 48
2001:250:380e::/48 maxlen: 48
2001:250:380f::/48 maxlen: 48
2001:250:3810::/48 maxlen: 48
2001:250:3811::/48 maxlen: 48
2001:250:3813::/48 maxlen: 48
2001:250:3814::/48 maxlen: 48
2001:250:3815::/48 maxlen: 48
2001:250:3816::/48 maxlen: 48
2001:250:3817::/48 maxlen: 48
2001:250:3818::/48 maxlen: 48
2001:da8:c6::/48 maxlen: 48
240c:c0a8:9c01::/48 maxlen: 48
240c:cec1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Jun 2026 03:41:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:df:bb:3f:64:c1:da:f4:d7:e6:be:da:96:41:1a:e8:bb:68:20:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E5D610001, serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Validity
Not Before: Jun 11 07:11:17 2026 GMT
Not After : Jun 10 07:16:17 2027 GMT
Subject: CN=3998C3B817B3EA4D8180450BB740FC07646B998D
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:3f:6c:bf:d1:de:d5:bd:c1:45:b3:53:4e:c2:
12:44:96:5c:36:dc:44:0b:1b:87:76:d6:2c:40:25:
d4:7b:a9:be:c0:0b:5e:63:b6:cd:38:70:c3:1a:2a:
8c:d7:b5:1e:b9:32:79:a7:7e:03:5c:82:37:63:85:
03:94:15:d4:80:cb:59:98:79:07:98:0a:e6:94:7e:
c7:9a:b4:2c:81:4f:b6:4b:14:e2:b7:18:eb:37:f2:
dc:b6:70:28:e3:32:4a:5f:eb:4d:a2:9e:2f:90:6a:
fd:95:e6:da:c0:66:80:c5:87:bc:59:8b:77:8e:b9:
42:f8:6a:0c:b8:1b:47:9d:7b:7c:9a:09:14:b4:b6:
2e:67:9f:f5:a1:3c:39:ba:7e:56:d7:2d:c1:b9:52:
88:bc:fc:63:be:20:cb:51:da:23:22:42:08:4d:e8:
cb:23:bb:29:4b:8e:74:08:f0:8f:ec:af:bd:6b:4d:
fa:8b:51:f9:98:dc:cc:52:f5:c0:b4:48:6f:d3:94:
28:d2:86:57:41:a7:35:fb:0a:fe:40:c7:a5:90:5d:
77:ae:cf:d6:b9:bc:b1:9b:50:79:60:e6:1c:a8:12:
27:aa:28:24:85:9e:d7:cb:65:d2:67:d9:80:36:26:
f5:44:0e:1f:52:ed:e2:f3:5e:f8:e7:60:1a:be:e3:
99:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:98:C3:B8:17:B3:EA:4D:81:80:45:0B:B7:40:FC:07:64:6B:99:8D
X509v3 Authority Key Identifier:
keyid:C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.cernet.net/repo/cernet/0/AS138440.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:250:3800::/46
2001:250:3806::/48
2001:250:3808::-2001:250:3811:ffff:ffff:ffff:ffff:ffff
2001:250:3813::-2001:250:3818:ffff:ffff:ffff:ffff:ffff
2001:da8:c6::/48
240c:c0a8:9c01::/48
240c:cec1::/32
Signature Algorithm: sha256WithRSAEncryption
67:61:8f:80:8f:29:1f:5c:39:12:01:99:30:e5:3a:39:b4:b8:
3a:9f:51:3c:10:88:4c:6a:c0:bf:cd:95:36:ad:82:8b:fe:7f:
33:af:58:eb:b7:f5:7a:ad:d7:89:0b:9d:43:3e:e3:00:cd:19:
fc:6c:7f:ff:e3:1f:9b:80:02:90:b8:c0:c3:7b:1c:8d:63:f3:
aa:0d:e2:1c:d0:44:22:41:ec:39:d6:bc:00:25:0f:f2:3d:84:
6d:65:1a:88:08:18:fb:36:b5:e2:bd:ba:56:b3:0c:cc:f6:21:
f7:90:04:b7:bf:57:44:d7:bd:d5:c2:30:21:5c:5b:32:f4:00:
bd:02:ac:1a:94:8a:0a:b9:10:0a:2b:59:86:b7:e8:54:c1:d2:
47:5a:db:b4:41:f7:35:74:12:a2:0c:02:e1:dd:b3:38:32:86:
5a:be:d8:8c:7c:a3:33:35:91:84:fc:56:ba:50:70:15:5a:90:
d1:24:5f:1e:a1:81:95:71:e9:05:b1:03:15:81:d8:e6:02:34:
c2:60:75:88:aa:82:7d:a6:ff:20:e5:8c:a5:68:df:d7:eb:94:
65:47:8f:6a:db:cd:21:0c:94:b6:f3:49:be:67:ba:c3:1d:12:
eb:07:e1:22:9f:40:58:b6:08:93:ee:35:8e:bb:31:a5:40:a8:
26:73:b0:7f
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIUHd+7P2TB2vTX5r7alkEa6LtoIKMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEyhDMUVGMzkyQzUw
MDU5N0NBM0NCQTJFMUVDN0FBMUVDM0Y1MEEyOEIyMB4XDTI2MDYxMTA3MTExN1oX
DTI3MDYxMDA3MTYxN1owMzExMC8GA1UEAxMoMzk5OEMzQjgxN0IzRUE0RDgxODA0
NTBCQjc0MEZDMDc2NDZCOTk4RDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANM/bL/R3tW9wUWzU07CEkSWXDbcRAsbh3bWLEAl1HupvsALXmO2zThwwxoq
jNe1Hrkyead+A1yCN2OFA5QV1IDLWZh5B5gK5pR+x5q0LIFPtksU4rcY6zfy3LZw
KOMySl/rTaKeL5Bq/ZXm2sBmgMWHvFmLd465QvhqDLgbR517fJoJFLS2Lmef9aE8
Obp+VtctwblSiLz8Y74gy1HaIyJCCE3oyyO7KUuOdAjwj+yvvWtN+otR+ZjczFL1
wLRIb9OUKNKGV0GnNfsK/kDHpZBdd67P1rm8sZtQeWDmHKgSJ6ooJIWe18tl0mfZ
gDYm9UQOH1Lt4vNe+OdgGr7jmacCAwEAAaOCAhMwggIPMB0GA1UdDgQWBBQ5mMO4
F7PqTYGARQu3QPwHZGuZjTAfBgNVHSMEGDAWgBTB7zksUAWXyjy6Lh7Hqh7D9Qoo
sjAOBgNVHQ8BAf8EBAMCB4AwZAYDVR0fBF0wWzBZoFegVYZTcnN5bmM6Ly9yc3lu
Yy5jZXJuZXQubmV0L3JlcG8vY2VybmV0LzAvQzFFRjM5MkM1MDA1OTdDQTNDQkEy
RTFFQzdBQTFFQzNGNTBBMjhCMi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUF
BzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgx
RDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd2U4NUxGQUZsOG84dWk0ZXg2b2V3X1VL
S0xJLmNlcjBPBggrBgEFBQcBCwRDMEEwPwYIKwYBBQUHMAuGM3JzeW5jOi8vcnN5
bmMuY2VybmV0Lm5ldC9yZXBvL2Nlcm5ldC8wL0FTMTM4NDQwLnJvYTAYBgNVHSAB
Af8EDjAMMAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBZBAIAAjBTAwcC
IAECUDgAAwcAIAECUDgGMBIDBwMgAQJQOAgDBwEgAQJQOBAwEgMHACABAlA4EwMH
ACABAlA4GAMHACABDagAxgMHACQMwKicAQMFACQMzsEwDQYJKoZIhvcNAQELBQAD
ggEBAGdhj4CPKR9cORIBmTDlOjm0uDqfUTwQiExqwL/NlTatgov+fzOvWOu39Xqt
14kLnUM+4wDNGfxsf//jH5uAApC4wMN7HI1j86oN4hzQRCJB7DnWvAAlD/I9hG1l
GogIGPs2teK9ulazDMz2IfeQBLe/V0TXvdXCMCFcWzL0AL0CrBqUigq5EAorWYa3
6FTB0kda27RB9zV0EqIMAuHdszgyhlq+2Ix8ozM1kYT8VrpQcBVakNEkXx6hgZVx
6QWxAxWB2OYCNMJgdYiqgn2m/yDljKVo39frlGVHj2rbzSEMlLbzSb5nusMdEusH
4SKfQFi2CJPuNY67MaVAqCZzsH8=
-----END CERTIFICATE-----
Generated at Fri Jun 12 09:49:25 2026 by rpki-client