This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144702.roa
File:                     AS144702.roa (raw, json)
Hash identifier:          DqjoTn4Ef+5D+eyQsNAGon1lm/V7fFpK+PphFr3Tli8=
Subject key identifier:   86:D2:1D:B9:BF:E4:8F:2B:E2:55:56:7F:5D:09:29:C4:24:E1:06:06
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       703EB1E9400FDB9986591BDB290F356262825D22
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144702.roa
Signing time:             Tue 02 Dec 2025 08:47:42 +0000
ROA not before:           Tue 02 Dec 2025 08:42:42 +0000
ROA not after:            Tue 01 Dec 2026 08:47:42 +0000
asID:                     144702
IP address blocks:        240a:a804::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:3e:b1:e9:40:0f:db:99:86:59:1b:db:29:0f:35:62:62:82:5d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:42 2025 GMT
            Not After : Dec  1 08:47:42 2026 GMT
        Subject: CN=86D21DB9BFE48F2BE255567F5D0929C424E10606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:af:43:1b:fe:02:5a:15:6b:f4:17:9d:0b:69:
                    20:36:95:4e:0b:d3:e4:6d:12:aa:46:f7:29:0b:e4:
                    b6:0c:ec:ae:84:75:9c:3d:7c:78:dc:64:14:78:cf:
                    7f:56:02:3e:4b:1c:a1:10:04:b3:3a:71:36:ef:8e:
                    d3:dc:e1:6c:2f:e0:0d:81:fa:18:72:b6:cc:33:65:
                    b4:f0:75:79:05:04:e8:44:bf:dd:34:cd:c9:d2:23:
                    ed:e1:5d:fa:f0:1e:04:97:5b:44:63:1c:f8:64:f7:
                    72:34:ab:ed:58:d7:a2:bc:78:13:f3:60:2b:ca:4f:
                    c6:c9:2c:3f:20:15:16:49:14:70:24:05:20:15:19:
                    e7:5a:bb:d2:21:e7:e7:86:ea:df:0a:aa:fd:51:70:
                    c4:4e:f1:7c:c4:e5:f5:9a:3c:27:eb:1a:16:e9:87:
                    dc:e2:26:d2:b2:bb:68:86:1a:3d:9e:b9:fe:35:2e:
                    26:6e:ee:32:7f:41:50:6a:d1:c0:d0:7d:5d:e9:bd:
                    a0:9d:b9:6d:d9:6f:ec:3b:27:c2:90:79:95:a1:00:
                    51:8d:61:b8:53:ba:1d:70:e8:d6:4c:00:0a:db:54:
                    b5:b9:d0:29:d9:0f:76:7b:1a:67:38:68:cc:84:da:
                    27:9b:84:5f:b4:66:4f:5d:e0:cc:0f:35:91:c8:01:
                    b6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D2:1D:B9:BF:E4:8F:2B:E2:55:56:7F:5D:09:29:C4:24:E1:06:06
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144702.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a804::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:cf:99:45:f5:5d:35:86:26:82:79:7a:1d:ed:2b:93:1d:b6:
         62:46:00:bb:f9:bd:c1:84:b5:85:8f:b3:7a:aa:98:45:2e:24:
         40:e0:df:41:6d:30:20:7c:4c:3f:1f:8c:5f:c5:b4:1b:05:2d:
         10:58:cb:cf:f8:21:20:22:38:5d:41:f7:a3:23:9f:81:84:b7:
         ab:e2:f3:ed:d2:ef:0d:ff:d1:f9:f3:a3:43:ec:0f:83:9e:1f:
         1e:af:71:05:f4:84:e4:37:af:3b:39:01:82:d5:b6:50:fa:c8:
         00:3a:b9:6f:04:6e:dc:d7:bd:8a:22:d5:2f:0d:a9:75:d0:29:
         b6:5a:d6:16:76:9c:8e:c3:7d:b6:72:94:08:3d:e5:de:22:01:
         17:6f:42:a9:6d:e9:5e:cb:bd:9a:62:52:90:09:56:b7:41:a5:
         ee:e5:fb:86:1a:0d:57:9b:5c:14:bc:19:65:da:be:9b:1c:2b:
         d9:d0:e4:ff:37:a0:c5:8d:40:0d:f7:4f:a7:92:00:6d:c0:02:
         3f:9d:31:5c:51:e2:d2:f0:c3:3f:bb:92:05:e0:eb:39:66:1c:
         a7:49:95:98:e5:3f:8a:bb:4b:ab:e3:a3:27:2b:10:01:c9:06:
         cb:70:85:b5:83:6f:0f:86:1f:0c:78:77:03:4e:5e:c4:82:dc:
         b0:ad:66:e3
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUcD6x6UAP25mGWRvbKQ81YmKCXSIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI0MloX
DTI2MTIwMTA4NDc0MlowMzExMC8GA1UEAxMoODZEMjFEQjlCRkU0OEYyQkUyNTU1
NjdGNUQwOTI5QzQyNEUxMDYwNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuvQxv+AloVa/QXnQtpIDaVTgvT5G0Sqkb3KQvktgzsroR1nD18eNxkFHjP
f1YCPkscoRAEszpxNu+O09zhbC/gDYH6GHK2zDNltPB1eQUE6ES/3TTNydIj7eFd
+vAeBJdbRGMc+GT3cjSr7VjXorx4E/NgK8pPxsksPyAVFkkUcCQFIBUZ51q70iHn
54bq3wqq/VFwxE7xfMTl9Zo8J+saFumH3OIm0rK7aIYaPZ65/jUuJm7uMn9BUGrR
wNB9Xem9oJ25bdlv7DsnwpB5laEAUY1huFO6HXDo1kwACttUtbnQKdkPdnsaZzho
zITaJ5uEX7RmT13gzA81kcgBthkCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSG0h25
v+SPK+JVVn9dCSnEJOEGBjAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcwMi5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAQwDQYJKoZIhvcNAQELBQADggEBAHzPmUX1XTWGJoJ5eh3tK5MdtmJGALv5vcGE
tYWPs3qqmEUuJEDg30FtMCB8TD8fjF/FtBsFLRBYy8/4ISAiOF1B96Mjn4GEt6vi
8+3S7w3/0fnzo0PsD4OeHx6vcQX0hOQ3rzs5AYLVtlD6yAA6uW8EbtzXvYoi1S8N
qXXQKbZa1hZ2nI7DfbZylAg95d4iARdvQqlt6V7LvZpiUpAJVrdBpe7l+4YaDVeb
XBS8GWXavpscK9nQ5P83oMWNQA33T6eSAG3AAj+dMVxR4tLwwz+7kgXg6zlmHKdJ
lZjlP4q7S6vjoycrEAHJBstwhbWDbw+GHwx4dwNOXsSC3LCtZuM=
-----END CERTIFICATE-----