This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142659.roa
File:                     AS142659.roa (raw, json)
Hash identifier:          ajyk6LAB1pJqiyBZGpS86m8nlTfFzcs5mV73Hqs+vRw=
Subject key identifier:   4C:BD:BD:88:77:41:95:1C:3B:64:EC:E4:4D:93:06:ED:2C:1A:F8:03
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       4A6123C0286FAFE0B767C35BC92952B1FBC9A22A
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142659.roa
Signing time:             Tue 02 Dec 2025 08:47:50 +0000
ROA not before:           Tue 02 Dec 2025 08:42:50 +0000
ROA not after:            Tue 01 Dec 2026 08:47:50 +0000
asID:                     142659
IP address blocks:        240a:a009::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:61:23:c0:28:6f:af:e0:b7:67:c3:5b:c9:29:52:b1:fb:c9:a2:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:50 2025 GMT
            Not After : Dec  1 08:47:50 2026 GMT
        Subject: CN=4CBDBD887741951C3B64ECE44D9306ED2C1AF803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:39:84:7c:f8:93:5e:79:ca:cd:ff:68:3d:8d:
                    27:48:00:6c:04:d7:7c:c4:77:b8:52:24:5a:c9:e1:
                    d8:4c:99:9c:d5:9e:8e:51:aa:ce:33:fa:49:d5:69:
                    fb:e0:43:8c:5e:a5:0c:27:71:99:ec:3b:2f:3f:82:
                    da:1c:22:78:ca:a5:b2:3f:e7:d1:c9:ac:98:4f:4f:
                    88:13:1b:36:e1:7e:af:84:6b:54:19:b2:23:6a:7c:
                    7a:35:8b:00:b2:85:fd:17:8b:8f:13:83:bc:6e:f4:
                    ae:4f:30:41:75:e5:dc:17:ee:82:e9:ec:53:03:d1:
                    d1:d1:d2:d3:9e:dc:2a:b4:6a:04:39:e3:3f:c3:15:
                    b0:53:3e:8e:06:f1:5e:f1:f7:0a:10:73:9f:cf:c2:
                    cc:84:b9:1c:b1:11:1e:18:d0:5a:69:95:fc:3b:a2:
                    15:19:f9:52:ec:53:de:a8:ce:0c:cc:95:6c:ce:ab:
                    ed:e4:f9:8b:0b:fb:03:69:6b:ea:07:92:08:13:02:
                    70:ef:4c:ff:c4:44:4d:da:29:b4:3f:03:b6:c8:55:
                    6f:e1:50:cc:15:43:9e:83:df:97:4d:35:8b:cc:c3:
                    cc:dc:54:fc:13:47:a8:8f:83:b5:07:31:cc:62:d6:
                    80:63:67:59:f4:5d:42:32:d4:45:1d:c5:0e:4d:07:
                    03:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:BD:BD:88:77:41:95:1C:3B:64:EC:E4:4D:93:06:ED:2C:1A:F8:03
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a009::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:04:99:a3:be:7c:84:ee:1f:97:e5:aa:6c:18:90:ad:6b:ed:
         46:b4:65:f9:9a:8f:c1:dc:7a:75:ec:29:b6:21:18:27:c1:99:
         9a:d8:b5:a2:b7:19:f9:ef:3f:cc:27:34:23:11:9e:d8:c8:80:
         6b:43:04:87:d6:6b:a1:31:59:ce:94:01:fb:7e:39:8b:a0:31:
         04:90:fa:d7:3d:c2:8a:c0:9e:6a:01:87:e9:b9:ec:66:35:aa:
         65:a0:1e:9f:64:05:b7:d5:48:46:55:d7:4e:15:c8:4d:00:1f:
         b6:fb:db:36:cf:cd:26:fc:3b:0f:c6:37:21:dc:56:04:e8:bf:
         78:a6:72:b8:ec:58:7d:59:ec:68:aa:32:0f:38:e4:f1:e2:74:
         74:16:36:4b:e4:0b:45:42:0e:ec:ef:0c:fc:d0:90:52:55:7f:
         c7:71:cf:fd:e9:cb:36:67:45:85:d8:0f:5d:af:00:42:1f:d2:
         74:03:6f:2a:7d:1f:3d:51:59:6d:2d:d4:55:5d:fd:21:cc:02:
         a4:b4:63:1d:e5:97:b6:a0:15:06:07:28:20:c3:6f:80:e0:15:
         7c:e1:74:2b:22:ef:80:eb:20:d9:e1:6a:38:41:6d:01:66:fd:
         2e:59:08:a6:56:d1:43:1e:e8:d3:15:e3:ca:a9:f5:44:2f:57:
         13:98:a5:92
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSmEjwChvr+C3Z8NbySlSsfvJoiowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI1MFoX
DTI2MTIwMTA4NDc1MFowMzExMC8GA1UEAxMoNENCREJEODg3NzQxOTUxQzNCNjRF
Q0U0NEQ5MzA2RUQyQzFBRjgwMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALg5hHz4k155ys3/aD2NJ0gAbATXfMR3uFIkWsnh2EyZnNWejlGqzjP6SdVp
++BDjF6lDCdxmew7Lz+C2hwieMqlsj/n0cmsmE9PiBMbNuF+r4RrVBmyI2p8ejWL
ALKF/ReLjxODvG70rk8wQXXl3BfugunsUwPR0dHS057cKrRqBDnjP8MVsFM+jgbx
XvH3ChBzn8/CzIS5HLERHhjQWmmV/DuiFRn5UuxT3qjODMyVbM6r7eT5iwv7A2lr
6geSCBMCcO9M/8RETdoptD8DtshVb+FQzBVDnoPfl001i8zDzNxU/BNHqI+DtQcx
zGLWgGNnWfRdQjLURR3FDk0HA60CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRMvb2I
d0GVHDtk7ORNkwbtLBr4AzAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY1OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oAkwDQYJKoZIhvcNAQELBQADggEBAJwEmaO+fITuH5flqmwYkK1r7Ua0Zfmaj8Hc
enXsKbYhGCfBmZrYtaK3GfnvP8wnNCMRntjIgGtDBIfWa6ExWc6UAft+OYugMQSQ
+tc9worAnmoBh+m57GY1qmWgHp9kBbfVSEZV104VyE0AH7b72zbPzSb8Ow/GNyHc
VgTov3imcrjsWH1Z7GiqMg845PHidHQWNkvkC0VCDuzvDPzQkFJVf8dxz/3pyzZn
RYXYD12vAEIf0nQDbyp9Hz1RWW0t1FVd/SHMAqS0Yx3ll7agFQYHKCDDb4DgFXzh
dCsi74DrINnhajhBbQFm/S5ZCKZW0UMe6NMV48qp9UQvVxOYpZI=
-----END CERTIFICATE-----