Route Origin Authorization
$ rpki-client -vvf rsync.cernet.net/repo/cernet/0/AS24368.roa
File: AS24368.roa (raw, json)
Hash identifier: 01kB62OdadJBi/UQOB9TmKowxM920bAILzD9Sd0fdxE=
Subject key identifier: 90:CB:C4:AB:16:0F:71:6E:68:26:61:91:F1:A4:8C:3A:D1:A3:59:A4
Certificate issuer: /CN=A91E5D610001/serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Certificate serial: 5B4217D30CFFA4A00DA2EBA70021A1AB0F3AEE71
Authority key identifier: C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject info access: rsync://rsync.cernet.net/repo/cernet/0/AS24368.roa
Signing time: Thu 11 Jun 2026 07:39:32 +0000
ROA not before: Thu 11 Jun 2026 07:34:32 +0000
ROA not after: Thu 10 Jun 2027 07:39:32 +0000
asID: 24368
IP address blocks: 2001:250:6800::/48 maxlen: 48
2001:250:6801::/48 maxlen: 48
2001:250:6809::/48 maxlen: 48
2001:250:680a::/48 maxlen: 48
2001:250:680d::/48 maxlen: 48
2001:250:6810::/48 maxlen: 48
2001:250:6815::/48 maxlen: 48
2001:250:6816::/48 maxlen: 48
2001:250:681b::/48 maxlen: 48
2001:250:681d::/48 maxlen: 48
2001:250:681f::/48 maxlen: 48
2001:250:6821::/48 maxlen: 48
2001:250:6822::/48 maxlen: 48
2001:250:6824::/48 maxlen: 48
2001:250:6825::/48 maxlen: 48
2001:250:6826::/48 maxlen: 48
2001:250:6827::/48 maxlen: 48
2001:250:682a::/48 maxlen: 48
2001:da8:b5::/48 maxlen: 48
2001:da8:e800::/48 maxlen: 48
2001:da8:e803::/48 maxlen: 48
2001:da8:e805::/48 maxlen: 48
2001:da8:e806::/48 maxlen: 48
2001:da8:e807::/48 maxlen: 48
2001:da8:e808::/48 maxlen: 48
2001:da8:e809::/48 maxlen: 48
2001:da8:e80a::/48 maxlen: 48
2001:da8:e80b::/48 maxlen: 48
2001:da8:e80d::/48 maxlen: 48
2001:da8:e810::/48 maxlen: 48
2001:da8:e811::/48 maxlen: 48
2001:da8:e812::/48 maxlen: 48
2001:da8:e814::/48 maxlen: 48
2001:da8:e817::/48 maxlen: 48
2001:da8:e81b::/48 maxlen: 48
2001:da8:e81e::/48 maxlen: 48
2001:da8:e820::/48 maxlen: 48
2001:da8:e822::/48 maxlen: 48
Validation: OK
Signature path: rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.mft
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires: Sat 13 Jun 2026 03:41:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:42:17:d3:0c:ff:a4:a0:0d:a2:eb:a7:00:21:a1:ab:0f:3a:ee:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=A91E5D610001, serialNumber=C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2
Validity
Not Before: Jun 11 07:34:32 2026 GMT
Not After : Jun 10 07:39:32 2027 GMT
Subject: CN=90CBC4AB160F716E68266191F1A48C3AD1A359A4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:77:76:85:a8:23:a8:11:d8:bb:6d:67:88:d8:
66:5e:af:fd:41:22:0a:6f:08:c6:c2:3c:49:f1:54:
f6:de:23:03:cb:d7:cc:0b:a8:73:b0:d4:e7:ea:94:
48:5f:ba:37:7a:91:a1:e8:f5:d6:a3:7d:94:92:82:
45:2a:a5:2d:12:ae:b6:22:24:b5:d5:d7:4d:73:49:
2f:09:3d:f1:09:12:cc:c5:38:f6:fa:21:8a:d2:18:
e5:d6:21:e9:7d:23:0f:b9:8d:a4:9e:a1:8f:a6:b3:
30:59:da:8f:dd:b0:43:77:a6:39:89:32:08:f7:8c:
22:f5:a0:87:3b:cb:73:25:4d:65:00:ab:5d:19:81:
1a:7b:67:6b:13:e9:3b:2c:80:0e:3f:91:da:3e:7c:
8c:7c:cf:57:71:8a:cb:97:1d:ad:51:d8:9d:bb:9f:
c2:48:8d:01:34:e1:9b:d5:70:59:7e:8b:0d:52:25:
58:ef:97:d5:fc:77:4a:a1:4a:46:21:1e:01:b5:6a:
93:19:f8:4b:ae:fb:67:fe:7e:8d:28:36:10:ea:94:
8f:94:2a:8d:03:49:25:f5:38:03:6b:82:bc:06:48:
1e:c3:37:89:77:82:46:33:e5:62:d5:5d:7a:68:a0:
8e:3d:c4:e5:df:98:3b:da:95:c5:9e:ef:7d:68:ca:
8e:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:CB:C4:AB:16:0F:71:6E:68:26:61:91:F1:A4:8C:3A:D1:A3:59:A4
X509v3 Authority Key Identifier:
keyid:C1:EF:39:2C:50:05:97:CA:3C:BA:2E:1E:C7:AA:1E:C3:F5:0A:28:B2
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.cernet.net/repo/cernet/0/C1EF392C500597CA3CBA2E1EC7AA1EC3F50A28B2.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/we85LFAFl8o8ui4ex6oew_UKKLI.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.cernet.net/repo/cernet/0/AS24368.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:250:6800::/47
2001:250:6809::-2001:250:680a:ffff:ffff:ffff:ffff:ffff
2001:250:680d::/48
2001:250:6810::/48
2001:250:6815::-2001:250:6816:ffff:ffff:ffff:ffff:ffff
2001:250:681b::/48
2001:250:681d::/48
2001:250:681f::/48
2001:250:6821::-2001:250:6822:ffff:ffff:ffff:ffff:ffff
2001:250:6824::/46
2001:250:682a::/48
2001:da8:b5::/48
2001:da8:e800::/48
2001:da8:e803::/48
2001:da8:e805::-2001:da8:e80b:ffff:ffff:ffff:ffff:ffff
2001:da8:e80d::/48
2001:da8:e810::-2001:da8:e812:ffff:ffff:ffff:ffff:ffff
2001:da8:e814::/48
2001:da8:e817::/48
2001:da8:e81b::/48
2001:da8:e81e::/48
2001:da8:e820::/48
2001:da8:e822::/48
Signature Algorithm: sha256WithRSAEncryption
0d:f9:3d:67:71:78:91:7e:a8:06:8b:61:3f:d3:08:33:8a:91:
ae:7e:67:58:0b:6a:97:e9:d3:32:dd:27:22:21:2d:0e:85:f4:
15:18:4f:6d:23:a3:61:11:d0:30:ee:85:23:2d:67:bd:4c:36:
be:47:1f:95:1f:1a:97:72:59:14:4f:6a:47:44:31:36:7c:ba:
86:eb:41:9b:57:fa:95:de:eb:24:54:67:8a:21:64:c6:50:c2:
40:87:97:7c:6f:69:88:f0:68:c2:9f:f2:22:ae:1d:0b:84:2b:
a3:23:c3:8d:5c:1a:f9:3b:53:e8:eb:34:cd:a8:c1:e2:34:01:
d4:b7:a2:1a:72:34:4c:c8:3f:5f:54:53:1e:13:8c:eb:95:9f:
b1:f8:46:14:f1:d6:ba:3e:05:c4:bb:f4:05:01:1b:28:28:c6:
65:71:99:0e:58:dc:a9:7f:68:e1:67:f4:2b:ef:f8:06:dd:a6:
c1:b4:7f:3f:c3:e2:ff:85:65:a3:aa:5e:83:19:03:fd:64:e4:
0d:75:ff:d6:0a:8e:42:be:d6:6e:86:0b:b8:71:ba:f9:8e:75:
c7:59:56:ec:6a:92:ad:23:6e:d5:be:e1:d0:e1:b4:f2:72:c7:
f1:95:71:2c:f0:e4:2a:e7:14:51:6f:d7:f4:86:33:07:c8:77:
89:2a:39:2a
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgIUW0IX0wz/pKANouunACGhqw867nEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEyhDMUVGMzkyQzUw
MDU5N0NBM0NCQTJFMUVDN0FBMUVDM0Y1MEEyOEIyMB4XDTI2MDYxMTA3MzQzMloX
DTI3MDYxMDA3MzkzMlowMzExMC8GA1UEAxMoOTBDQkM0QUIxNjBGNzE2RTY4MjY2
MTkxRjFBNDhDM0FEMUEzNTlBNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALl3doWoI6gR2LttZ4jYZl6v/UEiCm8IxsI8SfFU9t4jA8vXzAuoc7DU5+qU
SF+6N3qRoej11qN9lJKCRSqlLRKutiIktdXXTXNJLwk98QkSzMU49vohitIY5dYh
6X0jD7mNpJ6hj6azMFnaj92wQ3emOYkyCPeMIvWghzvLcyVNZQCrXRmBGntnaxPp
OyyADj+R2j58jHzPV3GKy5cdrVHYnbufwkiNATThm9VwWX6LDVIlWO+X1fx3SqFK
RiEeAbVqkxn4S677Z/5+jSg2EOqUj5QqjQNJJfU4A2uCvAZIHsM3iXeCRjPlYtVd
emigjj3E5d+YO9qVxZ7vfWjKjjkCAwEAAaOCAs8wggLLMB0GA1UdDgQWBBSQy8Sr
Fg9xbmgmYZHxpIw60aNZpDAfBgNVHSMEGDAWgBTB7zksUAWXyjy6Lh7Hqh7D9Qoo
sjAOBgNVHQ8BAf8EBAMCB4AwZAYDVR0fBF0wWzBZoFegVYZTcnN5bmM6Ly9yc3lu
Yy5jZXJuZXQubmV0L3JlcG8vY2VybmV0LzAvQzFFRjM5MkM1MDA1OTdDQTNDQkEy
RTFFQzdBQTFFQzNGNTBBMjhCMi5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUF
BzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgx
RDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd2U4NUxGQUZsOG84dWk0ZXg2b2V3X1VL
S0xJLmNlcjBOBggrBgEFBQcBCwRCMEAwPgYIKwYBBQUHMAuGMnJzeW5jOi8vcnN5
bmMuY2VybmV0Lm5ldC9yZXBvL2Nlcm5ldC8wL0FTMjQzNjgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwggEnBggrBgEFBQcBBwEB/wSCARYwggESMIIBDgQC
AAIwggEGAwcBIAECUGgAMBIDBwAgAQJQaAkDBwAgAQJQaAoDBwAgAQJQaA0DBwAg
AQJQaBAwEgMHACABAlBoFQMHACABAlBoFgMHACABAlBoGwMHACABAlBoHQMHACAB
AlBoHzASAwcAIAECUGghAwcAIAECUGgiAwcCIAECUGgkAwcAIAECUGgqAwcAIAEN
qAC1AwcAIAENqOgAAwcAIAENqOgDMBIDBwAgAQ2o6AUDBwIgAQ2o6AgDBwAgAQ2o
6A0wEgMHBCABDajoEAMHACABDajoEgMHACABDajoFAMHACABDajoFwMHACABDajo
GwMHACABDajoHgMHACABDajoIAMHACABDajoIjANBgkqhkiG9w0BAQsFAAOCAQEA
Dfk9Z3F4kX6oBothP9MIM4qRrn5nWAtql+nTMt0nIiEtDoX0FRhPbSOjYRHQMO6F
Iy1nvUw2vkcflR8al3JZFE9qR0QxNny6hutBm1f6ld7rJFRniiFkxlDCQIeXfG9p
iPBowp/yIq4dC4QroyPDjVwa+TtT6Os0zajB4jQB1LeiGnI0TMg/X1RTHhOM65Wf
sfhGFPHWuj4FxLv0BQEbKCjGZXGZDljcqX9o4Wf0K+/4Bt2mwbR/P8Pi/4Vlo6pe
gxkD/WTkDXX/1gqOQr7WboYLuHG6+Y51x1lW7GqSrSNu1b7h0OG08nLH8ZVxLPDk
KucUUW/X9IYzB8h3iSo5Kg==
-----END CERTIFICATE-----
Generated at Fri Jun 12 09:48:55 2026 by rpki-client