This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144703.roa
File:                     AS144703.roa (raw, json)
Hash identifier:          yFOMKFa834IlK+XBRBQ1Lkec4h9R1qklKWkFyO0Ds0w=
Subject key identifier:   0F:3F:CF:D1:CE:3A:04:36:EE:2B:7E:79:47:27:B0:EE:2F:E1:10:06
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       4071FBDC2726BF0118F583A8A62522539AFFB3DF
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144703.roa
Signing time:             Tue 02 Dec 2025 08:47:42 +0000
ROA not before:           Tue 02 Dec 2025 08:42:42 +0000
ROA not after:            Tue 01 Dec 2026 08:47:42 +0000
asID:                     144703
IP address blocks:        240a:a805::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:71:fb:dc:27:26:bf:01:18:f5:83:a8:a6:25:22:53:9a:ff:b3:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:42 2025 GMT
            Not After : Dec  1 08:47:42 2026 GMT
        Subject: CN=0F3FCFD1CE3A0436EE2B7E794727B0EE2FE11006
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:47:75:9f:3e:86:71:8a:70:af:74:01:d8:dc:
                    8d:02:cf:b0:73:d9:5b:55:d1:e6:60:9c:31:25:bc:
                    82:b1:2c:6f:7f:de:cc:b0:f5:f2:de:30:ce:f2:b0:
                    87:a1:6b:e5:a0:e7:64:ab:c8:af:c0:85:2f:db:93:
                    5f:aa:1e:75:82:5a:32:c9:58:df:80:90:93:85:ab:
                    2f:e5:a8:f0:8d:f2:1f:fb:b5:c4:84:92:69:b6:68:
                    d3:83:74:56:f4:2d:8d:d7:76:6b:b0:65:37:95:73:
                    b9:9a:bf:b5:eb:21:de:0e:33:8b:5a:be:27:6e:01:
                    8c:6a:2b:fb:4a:3b:7e:1a:90:d7:53:74:87:bb:f8:
                    1b:9e:b8:52:d3:5b:77:16:eb:45:c8:ec:7e:de:c1:
                    15:54:fd:c6:b9:12:62:a6:44:a8:e3:e3:6e:92:95:
                    a7:07:92:ab:76:6b:e8:de:ba:0f:5c:94:6b:2b:7b:
                    be:0a:15:80:ad:0a:c0:ce:cc:b1:e4:0d:31:d7:9f:
                    b4:f2:8d:e4:bd:21:fe:7a:44:b2:fc:cd:d1:d0:8f:
                    4e:fc:ad:d5:a6:c5:d0:f2:0f:2a:49:aa:34:dc:cd:
                    e6:f1:56:94:89:9c:05:05:71:17:5c:4c:fd:a0:d6:
                    8e:65:b7:bc:c2:5a:1a:35:d0:ee:13:e2:8d:72:8a:
                    85:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:3F:CF:D1:CE:3A:04:36:EE:2B:7E:79:47:27:B0:EE:2F:E1:10:06
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144703.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a805::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:3d:e6:f7:d3:28:c7:ac:48:98:05:aa:da:b0:96:e6:91:08:
         82:e5:5c:a6:6e:4d:e3:a6:68:0d:80:d2:68:3b:0f:4e:27:12:
         e3:8a:ce:e1:d8:95:56:0d:03:e4:30:e4:10:ae:5c:09:36:2c:
         fe:cc:7c:36:8e:fd:9d:85:15:62:d1:b4:a3:73:23:dc:7f:f9:
         9f:eb:d2:8d:2a:c0:a4:73:78:c1:f6:e5:cf:c0:47:16:c7:cb:
         3b:0e:c9:ba:44:0f:ab:6a:1c:68:e9:0c:bc:c8:98:4d:66:05:
         43:ff:09:9e:9e:b1:99:ff:c4:d5:2d:67:10:46:f9:b3:7b:ea:
         bd:38:55:18:82:d9:ce:a0:ab:b1:e2:dc:29:ef:64:a8:33:2c:
         d8:cc:08:9c:23:3e:57:aa:b6:07:6a:16:37:85:ea:e6:ea:a1:
         c0:37:91:79:3a:fe:ab:66:3a:db:4f:35:d8:23:58:b2:23:65:
         a0:9e:66:b4:78:b5:ca:3b:81:ea:13:12:60:c6:38:d6:8a:7e:
         8e:a5:bf:e1:e0:96:7e:b3:60:ac:df:a3:db:dd:89:b3:ce:84:
         05:19:06:c1:76:29:66:57:d0:e7:8d:f0:4e:2e:fa:8b:34:3a:
         b1:1a:d2:4e:53:4c:aa:f3:8a:ad:cd:f1:45:25:02:b5:c8:7e:
         d0:59:6e:5c
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUQHH73CcmvwEY9YOopiUiU5r/s98wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI0MloX
DTI2MTIwMTA4NDc0MlowMzExMC8GA1UEAxMoMEYzRkNGRDFDRTNBMDQzNkVFMkI3
RTc5NDcyN0IwRUUyRkUxMTAwNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAORHdZ8+hnGKcK90AdjcjQLPsHPZW1XR5mCcMSW8grEsb3/ezLD18t4wzvKw
h6Fr5aDnZKvIr8CFL9uTX6oedYJaMslY34CQk4WrL+Wo8I3yH/u1xISSabZo04N0
VvQtjdd2a7BlN5VzuZq/tesh3g4zi1q+J24BjGor+0o7fhqQ11N0h7v4G564UtNb
dxbrRcjsft7BFVT9xrkSYqZEqOPjbpKVpweSq3Zr6N66D1yUayt7vgoVgK0KwM7M
seQNMdeftPKN5L0h/npEsvzN0dCPTvyt1abF0PIPKkmqNNzN5vFWlImcBQVxF1xM
/aDWjmW3vMJaGjXQ7hPijXKKhT8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQPP8/R
zjoENu4rfnlHJ7DuL+EQBjAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcwMy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAUwDQYJKoZIhvcNAQELBQADggEBAJY95vfTKMesSJgFqtqwluaRCILlXKZuTeOm
aA2A0mg7D04nEuOKzuHYlVYNA+Qw5BCuXAk2LP7MfDaO/Z2FFWLRtKNzI9x/+Z/r
0o0qwKRzeMH25c/ARxbHyzsOybpED6tqHGjpDLzImE1mBUP/CZ6esZn/xNUtZxBG
+bN76r04VRiC2c6gq7Hi3CnvZKgzLNjMCJwjPleqtgdqFjeF6ubqocA3kXk6/qtm
OttPNdgjWLIjZaCeZrR4tco7geoTEmDGONaKfo6lv+Hgln6zYKzfo9vdibPOhAUZ
BsF2KWZX0OeN8E4u+os0OrEa0k5TTKrziq3N8UUlArXIftBZblw=
-----END CERTIFICATE-----