This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144704.roa
File:                     AS144704.roa (raw, json)
Hash identifier:          c0kUBh+XoJLB59lEh5BCj3D45kXeOVOdMrinZSA+wCA=
Subject key identifier:   5E:F8:F8:FC:96:34:26:81:20:87:03:C3:24:76:8F:E3:06:7C:B4:A0
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       48E5AA28AAC2777337F216A6D9D231E4A6842F9A
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144704.roa
Signing time:             Tue 02 Dec 2025 08:47:42 +0000
ROA not before:           Tue 02 Dec 2025 08:42:42 +0000
ROA not after:            Tue 01 Dec 2026 08:47:42 +0000
asID:                     144704
IP address blocks:        240a:a806::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:e5:aa:28:aa:c2:77:73:37:f2:16:a6:d9:d2:31:e4:a6:84:2f:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:42 2025 GMT
            Not After : Dec  1 08:47:42 2026 GMT
        Subject: CN=5EF8F8FC96342681208703C324768FE3067CB4A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:11:ed:5a:d2:90:f1:7c:b6:ea:8c:ea:2e:46:
                    db:40:3c:43:c0:f0:54:1a:dd:25:88:b4:30:e8:d4:
                    df:b9:43:7e:91:88:87:60:eb:b9:2f:6b:cc:cb:54:
                    ce:9a:ee:54:a0:14:e4:dc:2d:e3:b9:31:79:14:28:
                    7f:80:62:b0:4e:38:f4:b9:c6:17:ac:4a:3a:ad:d2:
                    a7:6c:71:2e:55:21:0f:ac:99:99:e6:3a:39:5a:2a:
                    d7:10:01:34:19:62:50:b9:04:9f:2a:a4:cf:3c:55:
                    8a:14:84:62:26:32:04:7d:dc:16:93:86:16:22:8c:
                    3a:f4:1e:05:c9:fa:2d:67:ea:56:8a:1a:36:d8:36:
                    c2:90:49:39:da:7c:e6:6e:45:52:ec:45:9e:b9:5e:
                    66:ed:19:74:66:5e:8b:a6:7d:2f:2d:1d:4f:dd:ef:
                    2c:17:fa:8c:e8:9a:71:db:90:7d:35:50:45:d5:2e:
                    35:41:2a:13:ed:cb:52:e0:c7:0a:11:ed:c5:d8:d7:
                    e6:53:c9:ad:f1:8c:bc:0c:4b:a0:ab:ff:95:85:06:
                    23:84:5d:59:e7:1b:2d:91:8a:40:f7:03:6b:dd:e2:
                    06:24:0d:8d:6f:4c:2a:e6:15:a6:c9:40:72:a0:a6:
                    9c:7e:0f:c9:de:0f:49:c5:7d:9b:7b:ee:ab:65:94:
                    48:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:F8:F8:FC:96:34:26:81:20:87:03:C3:24:76:8F:E3:06:7C:B4:A0
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a806::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:c8:06:53:2a:0a:21:78:ad:f1:20:42:3b:d6:e5:62:1f:58:
         36:75:de:3a:43:57:5e:21:d2:0f:38:ba:0c:9c:e2:0b:33:55:
         97:61:86:13:46:91:12:18:d8:57:bc:24:b5:36:14:91:88:9d:
         24:7a:96:99:19:22:fc:b4:8d:5a:a9:8f:51:a3:55:37:b5:48:
         65:9a:ad:6d:ba:b8:ba:b1:f3:74:92:9a:b1:1e:fc:e0:04:c7:
         04:b1:df:74:1b:33:a7:bb:6f:dd:20:b6:d7:0b:8d:da:47:7b:
         d0:ec:cd:f2:44:14:c5:6d:ef:ed:e4:e7:59:8e:72:bc:29:1e:
         d5:91:b0:03:ff:75:3d:b3:7c:cf:c3:f2:cd:7a:97:e0:08:9a:
         d1:af:28:a4:c9:63:69:b4:71:67:66:8b:97:b8:0e:24:8c:4b:
         5f:0f:94:0d:88:53:01:4c:59:b9:c1:13:67:55:69:0c:a2:33:
         1d:6f:69:50:9f:ea:0f:69:8d:a8:ae:b5:a0:a6:3c:2d:93:9d:
         32:6c:e1:e8:01:89:32:ac:1d:1a:92:5f:aa:9e:83:5c:e3:4c:
         30:7c:33:c5:aa:46:0d:b1:54:90:57:7a:83:17:da:c0:0d:d4:
         fd:00:a9:9b:1f:5e:56:f8:af:d9:2d:2f:ee:05:5a:2c:a9:ac:
         b9:d3:bb:79
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUSOWqKKrCd3M38ham2dIx5KaEL5owDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI0MloX
DTI2MTIwMTA4NDc0MlowMzExMC8GA1UEAxMoNUVGOEY4RkM5NjM0MjY4MTIwODcw
M0MzMjQ3NjhGRTMwNjdDQjRBMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJYR7VrSkPF8tuqM6i5G20A8Q8DwVBrdJYi0MOjU37lDfpGIh2DruS9rzMtU
zpruVKAU5Nwt47kxeRQof4BisE449LnGF6xKOq3Sp2xxLlUhD6yZmeY6OVoq1xAB
NBliULkEnyqkzzxVihSEYiYyBH3cFpOGFiKMOvQeBcn6LWfqVooaNtg2wpBJOdp8
5m5FUuxFnrleZu0ZdGZei6Z9Ly0dT93vLBf6jOiacduQfTVQRdUuNUEqE+3LUuDH
ChHtxdjX5lPJrfGMvAxLoKv/lYUGI4RdWecbLZGKQPcDa93iBiQNjW9MKuYVpslA
cqCmnH4Pyd4PScV9m3vuq2WUSD8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRe+Pj8
ljQmgSCHA8Mkdo/jBny0oDAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcwNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAYwDQYJKoZIhvcNAQELBQADggEBAJfIBlMqCiF4rfEgQjvW5WIfWDZ13jpDV14h
0g84ugyc4gszVZdhhhNGkRIY2Fe8JLU2FJGInSR6lpkZIvy0jVqpj1GjVTe1SGWa
rW26uLqx83SSmrEe/OAExwSx33QbM6e7b90gttcLjdpHe9DszfJEFMVt7+3k51mO
crwpHtWRsAP/dT2zfM/D8s16l+AImtGvKKTJY2m0cWdmi5e4DiSMS18PlA2IUwFM
WbnBE2dVaQyiMx1vaVCf6g9pjaiutaCmPC2TnTJs4egBiTKsHRqSX6qeg1zjTDB8
M8WqRg2xVJBXeoMX2sAN1P0AqZsfXlb4r9ktL+4FWiyprLnTu3k=
-----END CERTIFICATE-----