Route Origin Authorization
$ rpki-client -vvf rsync.cernet.net/repo/cernet/0/AS24354.roa
File: AS24354.roa (raw, json)
Hash identifier: CMFMgBL9lsFhG7EVz0z0Du3YOh6lQ7sTxTvXE8ZxC8k=
Subject key identifier: 72:F6:AB:A0:40:91:8E:11:3E:11:4C:A2:97:E5:BC:F6:13:A3:B1:86
Certificate issuer: /CN=A91E5D610001/serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Certificate serial: 468E0E5A46DEE35D4DAB9C7BAD991A2060E5A05F
Authority key identifier: C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject info access: rsync://rsync.cernet.net/repo/cernet/0/AS24354.roa
Signing time: Thu 11 Jun 2026 07:31:09 +0000
ROA not before: Thu 11 Jun 2026 07:26:09 +0000
ROA not after: Thu 10 Jun 2027 07:31:09 +0000
asID: 24354
IP address blocks: 2001:250:1400::/48 maxlen: 48
2001:250:1401::/48 maxlen: 48
2001:250:1402::/48 maxlen: 48
2001:250:1403::/48 maxlen: 48
2001:250:1404::/48 maxlen: 48
2001:250:1405::/48 maxlen: 48
2001:250:1406::/48 maxlen: 48
2001:250:1408::/48 maxlen: 48
2001:250:1409::/48 maxlen: 48
2001:250:140a::/48 maxlen: 48
2001:250:140b::/48 maxlen: 48
2001:250:140c::/48 maxlen: 48
2001:250:140d::/48 maxlen: 48
2001:250:140e::/48 maxlen: 48
2001:250:140f::/48 maxlen: 48
2001:250:1410::/48 maxlen: 48
2001:250:1411::/48 maxlen: 48
2001:250:1412::/48 maxlen: 48
2001:250:1413::/48 maxlen: 48
2001:250:1414::/48 maxlen: 48
2001:250:1415::/48 maxlen: 48
2001:250:1416::/48 maxlen: 48
2001:250:1417::/48 maxlen: 48
2001:250:1418::/48 maxlen: 48
2001:250:1419::/48 maxlen: 48
2001:250:141a::/48 maxlen: 48
2001:250:141b::/48 maxlen: 48
2001:250:141c::/48 maxlen: 48
2001:250:141d::/48 maxlen: 48
2001:250:141e::/48 maxlen: 48
2001:250:141f::/48 maxlen: 48
2001:250:1420::/48 maxlen: 48
2001:250:1421::/48 maxlen: 48
2001:250:1422::/48 maxlen: 48
2001:250:1423::/48 maxlen: 48
2001:250:1424::/48 maxlen: 48
2001:250:1425::/48 maxlen: 48
2001:250:1426::/48 maxlen: 48
2001:250:1427::/48 maxlen: 48
2001:250:1428::/48 maxlen: 48
2001:da8:c000::/48 maxlen: 48
2001:da8:c001::/48 maxlen: 48
2001:da8:c002::/48 maxlen: 48
2001:da8:c003::/48 maxlen: 48
2001:da8:c004::/48 maxlen: 48
2001:da8:c005::/48 maxlen: 48
2001:da8:c006::/48 maxlen: 48
2001:da8:c007::/48 maxlen: 48
2001:da8:c008::/48 maxlen: 48
2001:da8:c009::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Jun 2026 03:41:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
46:8e:0e:5a:46:de:e3:5d:4d:ab:9c:7b:ad:99:1a:20:60:e5:a0:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E5D610001, serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Validity
Not Before: Jun 11 07:26:09 2026 GMT
Not After : Jun 10 07:31:09 2027 GMT
Subject: CN=72F6ABA040918E113E114CA297E5BCF613A3B186
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:2c:82:85:76:5b:46:3f:8c:3a:56:b1:d9:c0:
30:51:17:18:42:02:9a:91:db:17:9f:86:c9:51:1b:
76:9c:6c:52:8b:3c:87:c3:b8:31:66:f0:b9:d3:1e:
eb:3d:5f:f4:d2:3f:db:26:d2:97:61:e0:60:10:4a:
66:27:a5:9e:b1:ca:16:b2:72:48:59:ca:05:84:bf:
b6:63:93:08:d2:d3:28:df:ca:17:1e:3e:f6:3f:8c:
45:06:47:dc:08:8f:3c:16:2c:ac:c1:8c:b4:58:87:
ab:8f:95:a4:f9:e2:d6:c4:e1:38:d8:b0:81:75:51:
30:56:82:e4:b9:23:1e:9d:eb:e1:b1:19:22:08:3c:
ac:f6:18:79:7f:97:a0:ae:6e:63:a8:a4:8b:c1:d5:
ca:db:34:c3:c1:ee:39:b5:aa:0e:96:ea:c2:af:f3:
d8:22:05:2e:78:44:a0:78:6e:36:01:23:fd:66:18:
92:14:46:9d:e2:07:0d:03:f1:88:7c:ab:c3:5e:f2:
12:18:e1:4a:c6:7f:7a:f3:e8:66:92:ec:9e:b6:12:
07:b3:0d:06:f9:66:28:ba:84:35:90:b0:0e:49:d2:
06:73:54:70:4e:8e:4a:0d:4e:00:e4:0a:37:db:e2:
16:71:e4:46:b8:cf:5f:da:a2:44:d1:0e:f7:31:3b:
f0:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:F6:AB:A0:40:91:8E:11:3E:11:4C:A2:97:E5:BC:F6:13:A3:B1:86
X509v3 Authority Key Identifier:
keyid:C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.cernet.net/repo/cernet/0/AS24354.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:250:1400::-2001:250:1406:ffff:ffff:ffff:ffff:ffff
2001:250:1408::-2001:250:1428:ffff:ffff:ffff:ffff:ffff
2001:da8:c000::-2001:da8:c009:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
2c:d4:a6:75:04:aa:9d:f3:62:94:52:e5:c6:d3:f1:b2:c8:b1:
87:18:32:87:ea:ca:1d:41:28:e9:64:8d:bf:13:9b:5a:75:29:
51:fb:ff:e1:81:05:51:2c:ed:1b:b1:a9:d5:03:03:98:08:af:
6e:05:63:df:07:30:78:84:db:c1:c7:71:f7:50:37:43:f9:10:
f3:00:f8:a3:92:5b:db:9a:39:9f:75:de:a5:51:5e:b1:d7:54:
24:ed:e9:1c:4c:d2:1d:85:98:00:e4:de:be:fc:b4:ac:50:0a:
69:f3:aa:e5:15:03:59:a7:16:eb:d0:4b:d9:2e:8c:83:4a:d8:
47:88:ed:ef:d1:d5:81:90:48:b0:99:69:25:dd:4d:20:01:68:
60:3d:72:15:71:a3:2b:53:c6:51:7b:a6:8c:bf:62:0a:15:ca:
fa:e2:4f:07:de:41:bb:9f:94:70:6f:62:1d:c9:c3:49:10:a2:
e5:52:fc:f8:d4:e4:06:d3:8f:32:ab:c3:6d:ec:a4:66:a3:8d:
d6:95:63:cb:fd:61:58:be:5f:f0:04:5f:76:ca:dd:ac:71:2b:
5a:ff:62:bf:b5:d9:ea:20:8e:98:96:7f:ee:5b:0f:00:8d:54:
64:aa:99:27:48:ee:96:80:5d:5f:b4:3a:e6:27:92:ea:87:4b:
8b:d0:eb:92
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURo4OWkbe411Nq5x7rZkaIGDloF8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEyhDMUVGMzkyQzUw
MDU5N0NBM0NCQTJFMUVDN0FBMUVDM0Y1MEEyOEIyMB4XDTI2MDYxMTA3MjYwOVoX
DTI3MDYxMDA3MzEwOVowMzExMC8GA1UEAxMoNzJGNkFCQTA0MDkxOEUxMTNFMTE0
Q0EyOTdFNUJDRjYxM0EzQjE4NjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJksgoV2W0Y/jDpWsdnAMFEXGEICmpHbF5+GyVEbdpxsUos8h8O4MWbwudMe
6z1f9NI/2ybSl2HgYBBKZielnrHKFrJySFnKBYS/tmOTCNLTKN/KFx4+9j+MRQZH
3AiPPBYsrMGMtFiHq4+VpPni1sThONiwgXVRMFaC5LkjHp3r4bEZIgg8rPYYeX+X
oK5uY6iki8HVyts0w8HuObWqDpbqwq/z2CIFLnhEoHhuNgEj/WYYkhRGneIHDQPx
iHyrw17yEhjhSsZ/evPoZpLsnrYSB7MNBvlmKLqENZCwDknSBnNUcE6OSg1OAOQK
N9viFnHkRrjPX9qiRNEO9zE78EkCAwEAAaOCAfkwggH1MB0GA1UdDgQWBBRy9qug
QJGOET4RTKKX5bz2E6OxhjAfBgNVHSMEGDAWgBTB7zksUAWXyjy6Lh7Hqh7D9Qoo
sjAOBgNVHQ8BAf8EBAMCB4AwZAYDVR0fBF0wWzBZoFegVYZTcnN5bmM6Ly9yc3lu
Yy5jZXJuZXQubmV0L3JlcG8vY2VybmV0LzAvQzFFRjM5MkM1MDA1OTdDQTNDQkEy
RTFFQzdBQTFFQzNGNTBBMjhCMi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUF
BzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgx
RDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd2U4NUxGQUZsOG84dWk0ZXg2b2V3X1VL
S0xJLmNlcjBOBggrBgEFBQcBCwRCMEAwPgYIKwYBBQUHMAuGMnJzeW5jOi8vcnN5
bmMuY2VybmV0Lm5ldC9yZXBvL2Nlcm5ldC8wL0FTMjQzNTQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwUwYIKwYBBQUHAQcBAf8ERDBCMEAEAgACMDowEQMG
AiABAlAUAwcAIAECUBQGMBIDBwMgAQJQFAgDBwAgAQJQFCgwEQMGBiABDajAAwcB
IAENqMAIMA0GCSqGSIb3DQEBCwUAA4IBAQAs1KZ1BKqd82KUUuXG0/GyyLGHGDKH
6sodQSjpZI2/E5tadSlR+//hgQVRLO0bsanVAwOYCK9uBWPfBzB4hNvBx3H3UDdD
+RDzAPijklvbmjmfdd6lUV6x11Qk7ekcTNIdhZgA5N6+/LSsUApp86rlFQNZpxbr
0EvZLoyDSthHiO3v0dWBkEiwmWkl3U0gAWhgPXIVcaMrU8ZRe6aMv2IKFcr64k8H
3kG7n5Rwb2IdycNJEKLlUvz41OQG048yq8Nt7KRmo43WlWPL/WFYvl/wBF92yt2s
cSta/2K/tdnqII6Yln/uWw8AjVRkqpknSO6WgF1ftDrmJ5Lqh0uL0OuS
-----END CERTIFICATE-----
Generated at Fri Jun 12 09:49:20 2026 by rpki-client