Route Origin Authorization
$ rpki-client -vvf rsync.cernet.net/repo/cernet/0/AS24350.roa
File: AS24350.roa (raw, json)
Hash identifier: 3U11sVW7UzMLMxllvlQm05WGO7QrF1PS73l6g95aq4U=
Subject key identifier: D3:53:21:45:F3:EE:FA:D8:2B:53:84:3B:06:55:EF:05:50:91:4F:2E
Certificate issuer: /CN=A91E5D610001/serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Certificate serial: 6D4E38425AAE7A62FB1EC0EA64CD897A22E782E6
Authority key identifier: C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject info access: rsync://rsync.cernet.net/repo/cernet/0/AS24350.roa
Signing time: Thu 11 Jun 2026 06:43:38 +0000
ROA not before: Thu 11 Jun 2026 06:38:38 +0000
ROA not after: Thu 10 Jun 2027 06:43:38 +0000
asID: 24350
IP address blocks: 2001:250:20b::/48 maxlen: 48
2001:da8:ad::/48 maxlen: 48
2001:da8:202::/48 maxlen: 48
2001:da8:205::/48 maxlen: 48
2001:da8:206::/48 maxlen: 48
2001:da8:207::/48 maxlen: 48
2001:da8:208::/48 maxlen: 48
2001:da8:214::/48 maxlen: 48
2001:da8:215::/48 maxlen: 48
2001:da8:216::/48 maxlen: 48
2001:da8:224::/48 maxlen: 48
2001:da8:22b::/48 maxlen: 48
2001:da8:231::/48 maxlen: 48
2001:da8:238::/48 maxlen: 48
2001:da8:23a::/48 maxlen: 48
2001:da8:23e::/48 maxlen: 48
2001:da8:241::/48 maxlen: 48
2001:da8:242::/48 maxlen: 48
2001:da8:247::/48 maxlen: 48
2001:da8:249::/48 maxlen: 48
2001:da8:24f::/48 maxlen: 48
2001:da8:250::/48 maxlen: 48
2001:da8:252::/48 maxlen: 48
2001:da8:255::/48 maxlen: 48
2001:da8:262::/48 maxlen: 48
2001:da8:264::/48 maxlen: 48
2001:da8:265::/48 maxlen: 48
2001:da8:26f::/48 maxlen: 48
2001:da8:ffd::/48 maxlen: 48
240c:c018::/32 maxlen: 32
Validation: OK
Signature path: rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Jun 2026 03:41:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:4e:38:42:5a:ae:7a:62:fb:1e:c0:ea:64:cd:89:7a:22:e7:82:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E5D610001, serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Validity
Not Before: Jun 11 06:38:38 2026 GMT
Not After : Jun 10 06:43:38 2027 GMT
Subject: CN=D3532145F3EEFAD82B53843B0655EF0550914F2E
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:9f:e3:8b:d1:54:6b:75:42:c3:57:f0:74:7f:
65:7c:09:91:1d:15:f6:f6:a7:6f:d7:10:48:e5:3f:
41:18:ce:ad:62:7e:c9:ef:87:7e:15:45:cb:ff:b3:
d1:ca:8d:c1:16:ab:c8:0d:4e:11:1f:3e:ab:5d:9e:
77:75:04:8f:a3:71:fb:63:9f:51:b6:7b:d0:68:35:
ba:0b:6b:59:df:bf:ae:a8:76:2c:a2:52:1b:15:99:
ea:b5:fd:70:58:98:20:2f:86:ee:85:71:08:e6:3d:
e2:ee:d5:2e:e8:23:5b:f6:6a:a1:35:1d:be:85:e3:
51:fb:e9:92:1d:fe:83:50:ea:2e:d6:f3:4b:7a:95:
46:c1:39:72:b1:8b:b4:e6:19:aa:fa:ad:6f:19:87:
53:1e:0c:79:a4:b6:7d:cb:3a:1e:f6:70:e6:d4:68:
d8:34:78:05:97:6e:b4:b7:f7:09:69:7c:84:b1:81:
bc:07:6d:16:61:34:b6:a3:91:93:01:d6:0c:26:88:
6b:d4:c9:16:9d:93:d4:8e:6b:07:a2:77:9c:c4:9d:
82:9d:f8:e1:f8:da:a6:c5:ce:cd:5b:5a:cd:8d:02:
ce:19:37:c2:9a:40:1a:b2:36:01:79:85:01:28:30:
0c:5e:48:89:97:d2:7a:e4:e4:7b:1f:d5:73:c1:c6:
d3:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:53:21:45:F3:EE:FA:D8:2B:53:84:3B:06:55:EF:05:50:91:4F:2E
X509v3 Authority Key Identifier:
keyid:C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.cernet.net/repo/cernet/0/AS24350.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:250:20b::/48
2001:da8:ad::/48
2001:da8:202::/48
2001:da8:205::-2001:da8:208:ffff:ffff:ffff:ffff:ffff
2001:da8:214::-2001:da8:216:ffff:ffff:ffff:ffff:ffff
2001:da8:224::/48
2001:da8:22b::/48
2001:da8:231::/48
2001:da8:238::/48
2001:da8:23a::/48
2001:da8:23e::/48
2001:da8:241::-2001:da8:242:ffff:ffff:ffff:ffff:ffff
2001:da8:247::/48
2001:da8:249::/48
2001:da8:24f::-2001:da8:250:ffff:ffff:ffff:ffff:ffff
2001:da8:252::/48
2001:da8:255::/48
2001:da8:262::/48
2001:da8:264::/47
2001:da8:26f::/48
2001:da8:ffd::/48
240c:c018::/32
Signature Algorithm: sha256WithRSAEncryption
85:6f:d2:47:31:7c:2e:18:dd:1e:cd:67:4d:ae:54:e9:f8:b9:
3f:95:e4:63:b8:b8:c1:1d:9a:a3:80:84:3d:be:c3:90:3e:f5:
fa:eb:c6:ee:a6:d9:05:5b:13:c0:7a:49:d7:69:ee:47:3f:9e:
42:d7:64:fd:36:b1:10:77:e7:b6:d8:aa:2f:45:d1:90:53:20:
7e:a4:4c:92:be:4f:77:51:22:ea:1a:fe:5b:34:af:80:38:6e:
14:cc:81:82:cf:b9:79:62:f9:e9:f1:cc:9d:53:91:b4:da:af:
b1:9b:5a:fe:d9:a4:72:02:ca:94:1a:2a:a4:28:c1:1e:01:44:
3f:a1:56:f2:28:d2:ba:9b:e0:e4:c6:18:e0:b7:ce:67:c9:8b:
e2:84:5a:3c:c9:6f:41:03:76:36:de:c8:d5:92:a1:a5:19:df:
81:c3:46:05:68:33:33:3e:f0:e7:33:26:23:98:f3:8d:c2:76:
35:8e:3f:ce:d5:f0:89:75:04:8f:fe:10:f7:97:88:e9:c1:de:
f4:74:52:e7:cf:a6:e5:9d:8e:6e:bb:ce:49:60:05:fe:2f:6c:
f2:07:84:58:37:7f:2e:97:f3:67:91:e7:a6:a4:6a:c2:86:2b:
37:93:f1:96:ff:de:19:25:39:88:2a:e3:eb:82:a3:bf:68:ea:
ca:5b:18:11
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUbU44QlquemL7HsDqZM2JeiLnguYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEyhDMUVGMzkyQzUw
MDU5N0NBM0NCQTJFMUVDN0FBMUVDM0Y1MEEyOEIyMB4XDTI2MDYxMTA2MzgzOFoX
DTI3MDYxMDA2NDMzOFowMzExMC8GA1UEAxMoRDM1MzIxNDVGM0VFRkFEODJCNTM4
NDNCMDY1NUVGMDU1MDkxNEYyRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMKf44vRVGt1QsNX8HR/ZXwJkR0V9vanb9cQSOU/QRjOrWJ+ye+HfhVFy/+z
0cqNwRaryA1OER8+q12ed3UEj6Nx+2OfUbZ70Gg1ugtrWd+/rqh2LKJSGxWZ6rX9
cFiYIC+G7oVxCOY94u7VLugjW/ZqoTUdvoXjUfvpkh3+g1DqLtbzS3qVRsE5crGL
tOYZqvqtbxmHUx4MeaS2fcs6HvZw5tRo2DR4BZdutLf3CWl8hLGBvAdtFmE0tqOR
kwHWDCaIa9TJFp2T1I5rB6J3nMSdgp344fjapsXOzVtazY0Czhk3wppAGrI2AXmF
ASgwDF5IiZfSeuTkex/Vc8HG0wkCAwEAAaOCArUwggKxMB0GA1UdDgQWBBTTUyFF
8+762CtThDsGVe8FUJFPLjAfBgNVHSMEGDAWgBTB7zksUAWXyjy6Lh7Hqh7D9Qoo
sjAOBgNVHQ8BAf8EBAMCB4AwZAYDVR0fBF0wWzBZoFegVYZTcnN5bmM6Ly9yc3lu
Yy5jZXJuZXQubmV0L3JlcG8vY2VybmV0LzAvQzFFRjM5MkM1MDA1OTdDQTNDQkEy
RTFFQzdBQTFFQzNGNTBBMjhCMi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUF
BzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgx
RDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd2U4NUxGQUZsOG84dWk0ZXg2b2V3X1VL
S0xJLmNlcjBOBggrBgEFBQcBCwRCMEAwPgYIKwYBBQUHMAuGMnJzeW5jOi8vcnN5
bmMuY2VybmV0Lm5ldC9yZXBvL2Nlcm5ldC8wL0FTMjQzNTAucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwggENBggrBgEFBQcBBwEB/wSB/TCB+jCB9wQCAAIw
gfADBwAgAQJQAgsDBwAgAQ2oAK0DBwAgAQ2oAgIwEgMHACABDagCBQMHACABDagC
CDASAwcCIAENqAIUAwcAIAENqAIWAwcAIAENqAIkAwcAIAENqAIrAwcAIAENqAIx
AwcAIAENqAI4AwcAIAENqAI6AwcAIAENqAI+MBIDBwAgAQ2oAkEDBwAgAQ2oAkID
BwAgAQ2oAkcDBwAgAQ2oAkkwEgMHACABDagCTwMHACABDagCUAMHACABDagCUgMH
ACABDagCVQMHACABDagCYgMHASABDagCZAMHACABDagCbwMHACABDagP/QMFACQM
wBgwDQYJKoZIhvcNAQELBQADggEBAIVv0kcxfC4Y3R7NZ02uVOn4uT+V5GO4uMEd
mqOAhD2+w5A+9frrxu6m2QVbE8B6Sddp7kc/nkLXZP02sRB357bYqi9F0ZBTIH6k
TJK+T3dRIuoa/ls0r4A4bhTMgYLPuXli+enxzJ1TkbTar7GbWv7ZpHICypQaKqQo
wR4BRD+hVvIo0rqb4OTGGOC3zmfJi+KEWjzJb0EDdjbeyNWSoaUZ34HDRgVoMzM+
8OczJiOY843CdjWOP87V8Il1BI/+EPeXiOnB3vR0UufPpuWdjm67zklgBf4vbPIH
hFg3fy6X82eR56akasKGKzeT8Zb/3hklOYgq4+uCo79o6spbGBE=
-----END CERTIFICATE-----
Generated at Fri Jun 12 09:49:20 2026 by rpki-client