This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142657.roa
File:                     AS142657.roa (raw, json)
Hash identifier:          Et8ZsfJKS1XOP2uoRelcMTlviXQuLoLOd1JgdDUtQc8=
Subject key identifier:   F6:5F:F6:5B:72:CC:AF:35:17:A3:FB:FF:CA:8C:FB:D3:D9:B5:96:25
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       595BC9AE76742BD5AA37CCC98A0025A7FE2A27B1
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142657.roa
Signing time:             Tue 02 Dec 2025 08:47:46 +0000
ROA not before:           Tue 02 Dec 2025 08:42:46 +0000
ROA not after:            Tue 01 Dec 2026 08:47:46 +0000
asID:                     142657
IP address blocks:        240a:a007::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:5b:c9:ae:76:74:2b:d5:aa:37:cc:c9:8a:00:25:a7:fe:2a:27:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:46 2025 GMT
            Not After : Dec  1 08:47:46 2026 GMT
        Subject: CN=F65FF65B72CCAF3517A3FBFFCA8CFBD3D9B59625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:77:35:2e:4c:c1:08:ad:10:0a:e2:65:be:b2:
                    99:1f:e4:46:80:82:ff:c3:9e:7b:5e:0f:fa:96:8b:
                    81:da:9f:ec:a9:68:09:50:2e:fb:e4:77:d0:8e:99:
                    97:c7:2d:20:6d:03:0a:f9:b2:f3:ba:24:eb:a0:be:
                    1f:e0:83:55:b8:1b:58:c6:0b:c3:1a:a6:0c:17:be:
                    eb:12:54:ff:29:f8:60:30:07:72:62:85:b6:b9:7c:
                    b3:dc:ae:84:3f:fc:16:3a:6f:5f:62:c4:43:92:4c:
                    05:24:a4:9a:3f:08:66:2b:6d:df:72:5f:24:0f:6f:
                    a1:23:79:1f:06:55:cc:c3:f0:7e:8e:26:6d:85:02:
                    65:09:3a:42:9d:7d:63:75:16:7d:57:ba:63:30:c7:
                    17:9d:79:67:ad:82:73:58:27:e4:1a:61:33:d4:17:
                    71:ac:6c:3a:55:a9:41:52:96:67:bf:5b:1b:5c:e4:
                    0b:22:62:4c:8d:7e:2a:3b:28:15:2b:11:c7:8b:20:
                    26:5f:82:e8:a4:29:40:0d:81:2e:79:33:b0:f1:b6:
                    57:61:2b:f8:25:b9:c8:e9:f7:03:e3:15:fc:30:ac:
                    22:d6:c0:1d:d9:72:81:7a:68:31:e7:52:0b:94:cb:
                    50:f7:a3:51:e9:32:40:59:4c:67:96:a8:40:97:9f:
                    7b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5F:F6:5B:72:CC:AF:35:17:A3:FB:FF:CA:8C:FB:D3:D9:B5:96:25
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142657.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a007::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:9c:a1:d7:28:8e:81:00:32:4e:d7:ac:e6:11:ed:13:d9:25:
         9d:e4:fd:3a:7e:12:09:04:27:ef:88:8e:2f:07:0d:e9:8b:72:
         ac:5d:f2:8a:54:19:ac:a7:8e:88:23:c3:20:dd:f1:3a:7f:65:
         79:86:c7:5f:43:7d:60:7d:6e:fa:70:e8:bc:81:b6:38:ec:4b:
         f3:37:6b:c7:92:77:d8:68:a8:3a:99:4a:55:d2:63:49:bf:e9:
         28:2e:6a:05:a8:da:88:5b:b4:20:b0:34:f9:3c:3c:69:bb:ec:
         47:d6:f0:5d:de:89:d1:00:c5:e4:06:8e:8d:3e:ee:6b:d4:4e:
         be:bf:d5:86:49:44:f0:15:62:3c:6e:75:d5:f7:f3:7b:2c:dc:
         24:f8:52:85:47:c6:a3:c1:ef:bb:3e:b5:85:3d:58:a2:f7:a6:
         b7:88:42:7f:ac:39:76:72:54:36:e5:a3:44:a7:5d:08:7b:11:
         15:5c:45:03:3e:0d:a8:a2:30:6f:b0:a9:9b:3d:94:dd:aa:c6:
         71:54:0d:aa:f4:0b:42:46:a7:fa:e2:3a:b4:e4:16:12:8c:fe:
         87:0e:ad:8a:55:b3:7b:98:18:46:ad:14:5f:76:22:a2:1d:10:
         eb:d5:ee:fd:6d:d5:47:72:b3:8b:9b:94:de:b3:46:4b:85:5c:
         ae:75:18:d9
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUWVvJrnZ0K9WqN8zJigAlp/4qJ7EwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI0NloX
DTI2MTIwMTA4NDc0NlowMzExMC8GA1UEAxMoRjY1RkY2NUI3MkNDQUYzNTE3QTNG
QkZGQ0E4Q0ZCRDNEOUI1OTYyNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMV3NS5MwQitEAriZb6ymR/kRoCC/8Oee14P+paLgdqf7KloCVAu++R30I6Z
l8ctIG0DCvmy87ok66C+H+CDVbgbWMYLwxqmDBe+6xJU/yn4YDAHcmKFtrl8s9yu
hD/8FjpvX2LEQ5JMBSSkmj8IZitt33JfJA9voSN5HwZVzMPwfo4mbYUCZQk6Qp19
Y3UWfVe6YzDHF515Z62Cc1gn5BphM9QXcaxsOlWpQVKWZ79bG1zkCyJiTI1+Kjso
FSsRx4sgJl+C6KQpQA2BLnkzsPG2V2Er+CW5yOn3A+MV/DCsItbAHdlygXpoMedS
C5TLUPejUekyQFlMZ5aoQJefe98CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBT2X/Zb
csyvNRej+//KjPvT2bWWJTAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY1Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oAcwDQYJKoZIhvcNAQELBQADggEBAKOcodcojoEAMk7XrOYR7RPZJZ3k/Tp+EgkE
J++Iji8HDemLcqxd8opUGaynjogjwyDd8Tp/ZXmGx19DfWB9bvpw6LyBtjjsS/M3
a8eSd9hoqDqZSlXSY0m/6SguagWo2ohbtCCwNPk8PGm77EfW8F3eidEAxeQGjo0+
7mvUTr6/1YZJRPAVYjxuddX383ss3CT4UoVHxqPB77s+tYU9WKL3preIQn+sOXZy
VDblo0SnXQh7ERVcRQM+DaiiMG+wqZs9lN2qxnFUDar0C0JGp/riOrTkFhKM/ocO
rYpVs3uYGEatFF92IqIdEOvV7v1t1Udys4ublN6zRkuFXK51GNk=
-----END CERTIFICATE-----