This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142654.roa
File:                     AS142654.roa (raw, json)
Hash identifier:          VCGIzWzviQz/huEAXYkMJpcaubl+uQnPSs/uvefuNCQ=
Subject key identifier:   41:E1:29:D1:79:3F:44:A9:A8:10:82:1C:4A:B6:5E:C3:7A:CC:71:B2
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       61EC1C6B40042286702D79C66894B1B26157EC82
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142654.roa
Signing time:             Tue 02 Dec 2025 08:47:48 +0000
ROA not before:           Tue 02 Dec 2025 08:42:48 +0000
ROA not after:            Tue 01 Dec 2026 08:47:48 +0000
asID:                     142654
IP address blocks:        240a:a004::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:ec:1c:6b:40:04:22:86:70:2d:79:c6:68:94:b1:b2:61:57:ec:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:48 2025 GMT
            Not After : Dec  1 08:47:48 2026 GMT
        Subject: CN=41E129D1793F44A9A810821C4AB65EC37ACC71B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:79:65:f1:47:9b:4e:7d:a4:d4:24:9e:ef:fd:
                    d7:6d:91:ca:03:62:a8:cc:b1:42:8b:f1:59:70:e0:
                    e8:e1:93:dd:6d:c6:c9:88:08:0c:88:e4:db:21:c0:
                    2c:03:b0:e5:b6:de:fe:aa:4e:b9:57:5f:b6:ff:9a:
                    89:02:89:46:92:ca:af:f4:1c:58:ba:68:84:d6:04:
                    62:4e:19:11:ec:ca:b4:70:d3:ea:f5:61:94:08:db:
                    11:95:e8:8d:b5:28:12:56:c8:82:50:11:12:99:f0:
                    cc:a5:0c:5a:19:9d:60:2f:5e:33:0e:20:79:fa:8c:
                    03:ac:97:e6:b2:16:09:c7:d9:98:8b:ac:84:3b:da:
                    97:6b:15:40:97:d2:f3:1b:1f:ff:a3:f9:fe:e9:87:
                    e5:3a:ad:bb:f7:e1:b3:fa:04:2f:be:29:66:99:1e:
                    a6:1f:15:0e:5a:54:5f:28:f5:3f:5b:1f:b2:bd:b7:
                    d0:d0:fe:8e:a7:48:3e:05:44:74:47:4e:76:c1:ff:
                    20:2c:0c:4b:70:d7:07:fe:71:0e:e6:c4:40:81:ed:
                    65:ac:81:33:b9:73:46:d3:4c:63:4d:f7:95:df:d5:
                    97:b4:72:05:a4:46:fb:d5:85:bc:e0:b1:93:0b:5b:
                    82:1a:58:07:73:67:67:e1:9a:74:74:c4:6a:0e:b9:
                    6f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E1:29:D1:79:3F:44:A9:A8:10:82:1C:4A:B6:5E:C3:7A:CC:71:B2
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a004::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:f1:e8:34:7d:e7:60:6a:8d:51:d2:e1:14:bf:f3:3a:f7:67:
         fe:c4:8c:43:7f:1d:d6:3f:79:ff:3a:35:a3:d7:7d:15:6e:55:
         39:24:f8:1c:a3:ee:f6:25:01:00:f4:da:ad:a0:98:c0:98:56:
         88:00:9a:a4:cb:85:a3:40:f9:38:b5:49:fd:be:6b:86:67:a0:
         5c:1a:6e:80:d0:e8:56:d3:3f:51:52:62:6f:2d:5b:86:9e:e8:
         c5:8b:b1:19:7d:1e:14:a5:26:c9:a3:9f:eb:8b:e4:7a:bd:05:
         57:33:dc:9a:b2:1b:94:8a:2e:cf:8f:77:64:5f:ef:24:bc:e5:
         05:4c:60:9e:b2:0b:84:2b:3d:3e:dd:5b:14:82:9c:f9:f9:bf:
         0d:23:e6:da:90:61:a0:a1:3b:d0:a1:c1:91:d2:18:93:65:92:
         33:57:80:a4:19:2f:c8:b8:8b:62:9a:3f:b0:c5:15:c1:8a:12:
         14:98:1c:5e:99:13:4a:0e:bb:f0:62:bf:61:69:c9:8e:05:b8:
         2b:2e:19:8e:aa:c4:0a:cf:6b:c1:f8:fa:1b:85:6a:d9:95:fe:
         e3:df:67:72:0a:83:94:20:9f:07:a3:e8:c8:28:1b:49:ea:18:
         83:90:39:65:77:53:11:0c:7a:9a:1a:16:32:05:1b:88:96:b6:
         b7:b9:69:3e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUYewca0AEIoZwLXnGaJSxsmFX7IIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI0OFoX
DTI2MTIwMTA4NDc0OFowMzExMC8GA1UEAxMoNDFFMTI5RDE3OTNGNDRBOUE4MTA4
MjFDNEFCNjVFQzM3QUNDNzFCMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKh5ZfFHm059pNQknu/9122RygNiqMyxQovxWXDg6OGT3W3GyYgIDIjk2yHA
LAOw5bbe/qpOuVdftv+aiQKJRpLKr/QcWLpohNYEYk4ZEezKtHDT6vVhlAjbEZXo
jbUoElbIglAREpnwzKUMWhmdYC9eMw4gefqMA6yX5rIWCcfZmIushDval2sVQJfS
8xsf/6P5/umH5Tqtu/fhs/oEL74pZpkeph8VDlpUXyj1P1sfsr230ND+jqdIPgVE
dEdOdsH/ICwMS3DXB/5xDubEQIHtZayBM7lzRtNMY033ld/Vl7RyBaRG+9WFvOCx
kwtbghpYB3NnZ+GadHTEag65b18CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRB4SnR
eT9EqagQghxKtl7DesxxsjAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY1NC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oAQwDQYJKoZIhvcNAQELBQADggEBAFzx6DR952BqjVHS4RS/8zr3Z/7EjEN/HdY/
ef86NaPXfRVuVTkk+Byj7vYlAQD02q2gmMCYVogAmqTLhaNA+Ti1Sf2+a4ZnoFwa
boDQ6FbTP1FSYm8tW4ae6MWLsRl9HhSlJsmjn+uL5Hq9BVcz3JqyG5SKLs+Pd2Rf
7yS85QVMYJ6yC4QrPT7dWxSCnPn5vw0j5tqQYaChO9ChwZHSGJNlkjNXgKQZL8i4
i2KaP7DFFcGKEhSYHF6ZE0oOu/Biv2FpyY4FuCsuGY6qxArPa8H4+huFatmV/uPf
Z3IKg5Qgnwej6MgoG0nqGIOQOWV3UxEMepoaFjIFG4iWtre5aT4=
-----END CERTIFICATE-----