This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144699.roa
File:                     AS144699.roa (raw, json)
Hash identifier:          UswFj0T67R9DruvbCQAxqJLGCZ/SeQCi7PUPIpfVbtY=
Subject key identifier:   8C:CC:14:50:DA:B5:17:52:E2:A9:1B:17:F1:2B:2F:7F:4B:BE:BC:5B
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       46CC09E75502D67610F78B69B213432C3D63D622
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144699.roa
Signing time:             Tue 02 Dec 2025 08:47:46 +0000
ROA not before:           Tue 02 Dec 2025 08:42:46 +0000
ROA not after:            Tue 01 Dec 2026 08:47:46 +0000
asID:                     144699
IP address blocks:        240a:a801::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:cc:09:e7:55:02:d6:76:10:f7:8b:69:b2:13:43:2c:3d:63:d6:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:46 2025 GMT
            Not After : Dec  1 08:47:46 2026 GMT
        Subject: CN=8CCC1450DAB51752E2A91B17F12B2F7F4BBEBC5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cc:13:29:ef:e6:0d:93:22:a3:e2:a2:49:6a:
                    08:f2:b1:f2:ea:a9:30:b9:73:f6:87:74:f1:a1:29:
                    1b:b2:6a:08:95:9f:c5:04:2f:44:5f:70:c8:a0:5f:
                    eb:88:9c:f4:4c:44:29:fe:3a:9c:99:0a:4b:5b:90:
                    d5:d3:2c:2c:90:72:36:47:ab:ca:f1:4e:85:56:f3:
                    9e:46:41:56:7d:eb:7c:67:29:82:2f:06:04:e8:d7:
                    62:ef:e1:e0:43:e5:c2:7a:00:e8:a6:ab:9e:9c:7a:
                    48:8a:32:e4:e7:f0:15:b1:12:24:36:2e:a0:5f:00:
                    27:30:9b:42:db:fd:4b:9c:35:72:ea:e7:30:1e:25:
                    33:5a:eb:e5:7d:d9:b5:cf:e4:bd:a3:e5:8d:f8:f5:
                    f5:da:89:b2:e9:91:91:b4:dd:e6:31:0c:96:97:33:
                    8b:21:d0:23:e7:36:a6:41:9f:7f:36:62:52:18:bf:
                    52:38:30:a6:77:c9:6a:f6:5e:5a:a1:62:54:07:73:
                    83:3d:cc:fd:1d:ec:5a:44:6f:70:3a:79:2c:21:00:
                    70:5c:30:61:d3:cf:5b:c3:a3:9d:fa:af:43:67:74:
                    ce:9e:ef:43:af:7b:f3:3f:2e:3d:a0:53:db:54:e4:
                    0c:de:52:84:3e:3b:b7:d4:2e:1d:b7:d1:b1:78:82:
                    96:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:CC:14:50:DA:B5:17:52:E2:A9:1B:17:F1:2B:2F:7F:4B:BE:BC:5B
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144699.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a801::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:2b:b0:f3:aa:02:b5:f8:ef:a7:e4:7c:69:e6:b9:77:8f:24:
         f3:fd:d6:81:8d:15:0b:ad:75:ec:85:45:20:0c:8c:ce:9f:b1:
         23:ce:31:ea:43:13:70:76:fa:a8:5d:dc:8f:d8:a6:82:f2:27:
         f2:b2:39:6b:f7:77:11:15:0e:1e:8a:21:7a:d0:bd:87:7f:f2:
         5e:a6:2b:94:87:15:29:22:37:f9:48:33:5c:cb:ac:81:88:c8:
         96:4b:39:55:5f:6d:27:5d:d8:70:07:b3:69:c5:2e:5c:4b:07:
         fa:a8:eb:17:8d:77:2b:41:12:ef:ba:b6:32:6c:3c:36:da:79:
         b1:cc:5c:32:96:46:08:1a:db:aa:37:ad:9f:79:a8:53:c2:62:
         0a:c5:77:d0:38:7a:c3:6a:12:ba:ac:9e:57:ed:9c:30:69:83:
         0c:f7:0c:b0:5b:0b:c3:8f:13:bd:9f:d5:d1:26:d2:b0:c3:4f:
         95:63:10:0a:65:e1:1b:a8:a1:41:09:ec:d9:d4:55:e0:d7:04:
         5e:1e:73:dc:f9:2d:3f:33:be:06:02:4e:77:0f:f4:4f:a6:cc:
         11:ad:a4:a9:84:ed:bd:7f:7a:82:7d:d0:bb:77:6a:0d:f5:17:
         b2:40:56:1d:c2:fe:ae:ff:57:c7:8f:f8:09:b9:1f:16:8f:2f:
         e3:4b:5c:8e
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIURswJ51UC1nYQ94tpshNDLD1j1iIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI0NloX
DTI2MTIwMTA4NDc0NlowMzExMC8GA1UEAxMoOENDQzE0NTBEQUI1MTc1MkUyQTkx
QjE3RjEyQjJGN0Y0QkJFQkM1QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDMEynv5g2TIqPioklqCPKx8uqpMLlz9od08aEpG7JqCJWfxQQvRF9wyKBf
64ic9ExEKf46nJkKS1uQ1dMsLJByNkeryvFOhVbznkZBVn3rfGcpgi8GBOjXYu/h
4EPlwnoA6Karnpx6SIoy5OfwFbESJDYuoF8AJzCbQtv9S5w1curnMB4lM1rr5X3Z
tc/kvaPljfj19dqJsumRkbTd5jEMlpcziyHQI+c2pkGffzZiUhi/UjgwpnfJavZe
WqFiVAdzgz3M/R3sWkRvcDp5LCEAcFwwYdPPW8OjnfqvQ2d0zp7vQ6978z8uPaBT
21TkDN5ShD47t9QuHbfRsXiClgECAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSMzBRQ
2rUXUuKpGxfxKy9/S768WzAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDY5OS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAEwDQYJKoZIhvcNAQELBQADggEBAFsrsPOqArX476fkfGnmuXePJPP91oGNFQut
deyFRSAMjM6fsSPOMepDE3B2+qhd3I/YpoLyJ/KyOWv3dxEVDh6KIXrQvYd/8l6m
K5SHFSkiN/lIM1zLrIGIyJZLOVVfbSdd2HAHs2nFLlxLB/qo6xeNdytBEu+6tjJs
PDbaebHMXDKWRgga26o3rZ95qFPCYgrFd9A4esNqErqsnlftnDBpgwz3DLBbC8OP
E72f1dEm0rDDT5VjEApl4RuooUEJ7NnUVeDXBF4ec9z5LT8zvgYCTncP9E+mzBGt
pKmE7b1/eoJ90Lt3ag31F7JAVh3C/q7/V8eP+Am5HxaPL+NLXI4=
-----END CERTIFICATE-----