This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS142659.roa
File:                     AS142659.roa (raw, json)
Hash identifier:          EBe7I0D7q+Fpo9nR6FTbG3d2UwTWkCiKZKhl3EsRTLk=
Subject key identifier:   D3:1D:2C:72:FE:88:33:D5:41:1C:68:D1:24:D9:2E:BC:47:71:05:13
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       12D80DC2285FADFE13A7C4E153BC9AFB9DC8B58E
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS142659.roa
Signing time:             Tue 20 Jan 2026 01:10:21 +0000
ROA not before:           Tue 20 Jan 2026 01:05:21 +0000
ROA not after:            Tue 19 Jan 2027 01:10:21 +0000
asID:                     142659
IP address blocks:        240a:a009::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 26 Jan 2026 12:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:d8:0d:c2:28:5f:ad:fe:13:a7:c4:e1:53:bc:9a:fb:9d:c8:b5:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Jan 20 01:05:21 2026 GMT
            Not After : Jan 19 01:10:21 2027 GMT
        Subject: CN=D31D2C72FE8833D5411C68D124D92EBC47710513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:53:f8:68:29:d9:6f:6f:ad:28:ad:80:64:9d:
                    10:5d:e3:ed:de:89:bf:2b:53:de:b1:fa:8a:19:88:
                    58:71:08:aa:58:66:aa:1d:71:a5:c9:7e:3f:ec:35:
                    fb:10:ab:f9:7a:25:bb:ef:4f:87:26:e0:e5:9d:6d:
                    66:27:85:82:5a:8d:91:23:73:c4:92:17:1b:ab:36:
                    57:fd:dc:f6:ed:e7:1d:38:5d:2d:27:cb:0c:c8:3e:
                    2f:86:0d:e4:0e:93:94:89:6e:fd:3c:96:11:18:d8:
                    5b:92:f5:cb:f2:22:e8:29:89:a1:73:ee:7c:c6:f0:
                    87:98:f1:4b:d2:59:d7:b0:d6:14:a5:44:99:fe:c8:
                    ce:c4:f6:d6:ad:d2:a0:8a:2a:ac:99:63:51:6e:80:
                    34:68:c9:07:65:ef:89:45:58:8d:f9:cc:e3:b0:4d:
                    02:66:09:74:36:b4:50:0e:82:7a:90:fc:91:51:3e:
                    ec:f5:37:b4:ab:29:91:91:80:d1:e9:21:1b:80:e5:
                    9e:b7:4c:f3:1e:31:88:58:c7:12:5d:3f:0c:fe:70:
                    8c:b1:bc:ff:40:9b:61:c6:d3:fb:5c:27:48:d4:56:
                    3d:6c:3e:d7:52:ca:cb:ac:08:38:67:f0:28:41:be:
                    17:3f:24:6e:65:b0:09:d4:c9:1c:cc:f1:ae:ba:26:
                    28:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:1D:2C:72:FE:88:33:D5:41:1C:68:D1:24:D9:2E:BC:47:71:05:13
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS142659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a009::/32

    Signature Algorithm: sha256WithRSAEncryption
         cf:d5:bc:20:24:aa:a7:86:52:39:11:4d:92:39:d7:3f:b5:4f:
         88:98:ec:e0:12:53:af:98:f4:16:b3:bc:52:8f:f2:c3:b3:ee:
         16:67:eb:e4:df:4f:80:a5:ee:e7:9b:25:ed:f5:c6:04:8e:4c:
         53:a5:af:97:56:55:39:33:8e:41:6c:8c:fc:f5:2a:31:3c:41:
         ac:0e:5c:dc:07:b7:fb:be:6f:d9:af:f2:bd:49:8f:ec:75:59:
         71:1c:d3:fd:9e:fa:33:cc:45:5e:7e:42:20:44:f1:77:e8:64:
         fb:48:cc:67:ef:52:6d:41:c7:08:a6:0a:8c:3c:de:df:fb:08:
         b7:e6:85:0f:93:1d:07:b6:e1:a5:ca:13:a5:2a:8b:72:11:56:
         0d:6f:43:86:bc:53:2d:26:78:e3:84:7d:2d:95:e9:95:e0:e1:
         ab:2f:89:7b:cc:b7:ee:23:8c:b4:43:5c:32:12:b5:9b:14:79:
         c3:7f:91:47:75:a9:70:c5:61:b3:9a:50:cc:4d:23:bb:db:fe:
         22:d4:98:31:37:aa:06:64:b9:d9:57:b5:cf:e1:7c:44:5b:3d:
         58:7e:65:00:44:31:1b:3c:e3:2c:8b:79:d1:8b:89:15:1e:40:
         4a:95:76:dd:e1:7c:e2:ce:09:bc:81:02:52:db:4e:38:a5:5f:
         f4:b3:6b:b3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUEtgNwihfrf4Tp8ThU7ya+53ItY4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDEyMDAxMDUyMVoX
DTI3MDExOTAxMTAyMVowMzExMC8GA1UEAxMoRDMxRDJDNzJGRTg4MzNENTQxMUM2
OEQxMjREOTJFQkM0NzcxMDUxMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPhT+Ggp2W9vrSitgGSdEF3j7d6JvytT3rH6ihmIWHEIqlhmqh1xpcl+P+w1
+xCr+Xolu+9Phybg5Z1tZieFglqNkSNzxJIXG6s2V/3c9u3nHThdLSfLDMg+L4YN
5A6TlIlu/TyWERjYW5L1y/Ii6CmJoXPufMbwh5jxS9JZ17DWFKVEmf7IzsT21q3S
oIoqrJljUW6ANGjJB2XviUVYjfnM47BNAmYJdDa0UA6CepD8kVE+7PU3tKspkZGA
0ekhG4DlnrdM8x4xiFjHEl0/DP5wjLG8/0CbYcbT+1wnSNRWPWw+11LKy6wIOGfw
KEG+Fz8kbmWwCdTJHMzxrromKAUCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBTTHSxy
/ogz1UEcaNEk2S68R3EFEzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0MjY1OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
oAkwDQYJKoZIhvcNAQELBQADggEBAM/VvCAkqqeGUjkRTZI51z+1T4iY7OASU6+Y
9BazvFKP8sOz7hZn6+TfT4Cl7uebJe31xgSOTFOlr5dWVTkzjkFsjPz1KjE8QawO
XNwHt/u+b9mv8r1Jj+x1WXEc0/2e+jPMRV5+QiBE8XfoZPtIzGfvUm1BxwimCow8
3t/7CLfmhQ+THQe24aXKE6Uqi3IRVg1vQ4a8Uy0meOOEfS2V6ZXg4asviXvMt+4j
jLRDXDIStZsUecN/kUd1qXDFYbOaUMxNI7vb/iLUmDE3qgZkudlXtc/hfERbPVh+
ZQBEMRs84yyLedGLiRUeQEqVdt3hfOLOCbyBAlLbTjilX/Sza7M=
-----END CERTIFICATE-----