This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144704.roa
File:                     AS144704.roa (raw, json)
Hash identifier:          x2+vHPnckdDECuw1a58ykphhy63G/jWiwWdi9k8QToc=
Subject key identifier:   5F:C4:03:A9:22:84:38:39:A7:67:9A:5F:48:72:2F:A9:E6:27:CC:53
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       2305C3C73A88FDFD761734FA2DEA508F32C7D672
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144704.roa
Signing time:             Tue 20 Jan 2026 01:10:22 +0000
ROA not before:           Tue 20 Jan 2026 01:05:22 +0000
ROA not after:            Tue 19 Jan 2027 01:10:22 +0000
asID:                     144704
IP address blocks:        240a:a806::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 25 Jan 2026 19:21:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:05:c3:c7:3a:88:fd:fd:76:17:34:fa:2d:ea:50:8f:32:c7:d6:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Jan 20 01:05:22 2026 GMT
            Not After : Jan 19 01:10:22 2027 GMT
        Subject: CN=5FC403A922843839A7679A5F48722FA9E627CC53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:45:9e:a6:15:1d:6b:bd:2b:5e:79:d6:12:d5:
                    dd:f5:22:0a:32:05:a4:25:37:94:a8:ef:22:13:c2:
                    54:76:a0:b6:9e:19:42:1a:92:c5:ac:36:3e:2a:9b:
                    7f:30:87:0e:a4:a7:81:e5:e0:74:dd:88:9f:fb:53:
                    0f:9c:4f:6b:3e:23:d0:1e:9a:8f:0a:ca:ca:05:69:
                    53:ea:62:2f:4e:99:1b:f7:d6:b4:05:f7:b0:c2:9d:
                    af:de:d5:02:3c:7f:6b:d3:7a:23:f2:27:dc:ec:00:
                    07:d0:7a:ed:7d:17:f8:2c:16:81:34:1b:45:b2:c9:
                    bd:b8:cc:b7:9a:a6:8c:12:27:7c:de:13:cb:3e:41:
                    79:49:29:62:17:74:26:89:93:5b:2f:fc:65:aa:85:
                    56:c8:98:96:d8:5f:dc:87:d7:c1:63:a2:d3:b2:94:
                    49:f1:c3:30:02:7d:e4:8b:9c:73:5c:0a:4b:c3:95:
                    78:a1:2e:fe:c0:e2:57:ba:a6:6b:33:cc:9e:a8:02:
                    e6:0f:6a:66:b6:bc:1d:f9:83:bc:97:91:fb:13:99:
                    96:06:75:53:16:a2:88:e7:6d:4c:28:c6:1b:37:96:
                    fc:21:5a:84:92:0a:5e:85:89:9a:0b:bb:0c:6c:8b:
                    23:17:08:36:c4:74:39:cf:14:35:2e:39:3a:c8:ed:
                    22:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C4:03:A9:22:84:38:39:A7:67:9A:5F:48:72:2F:A9:E6:27:CC:53
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a806::/32

    Signature Algorithm: sha256WithRSAEncryption
         da:97:2a:7f:40:4b:97:e9:41:cd:de:f0:bb:a7:ee:81:1c:6d:
         4e:70:fc:9e:4b:a1:a5:e1:71:90:0a:61:76:bd:41:5d:93:0f:
         3e:68:ac:ed:b4:db:57:49:9d:11:7d:d0:0f:a5:a6:e7:18:2a:
         0e:e3:00:51:d8:bb:92:3b:9b:e0:d2:4d:6d:f7:a5:4a:fc:b7:
         5b:24:ff:7c:cf:7f:37:7e:1c:b6:90:2c:12:3d:aa:65:68:5f:
         88:08:54:ff:6b:43:c4:27:ae:51:62:fe:04:14:c5:6a:1e:ab:
         0a:a4:f7:99:28:16:c1:a1:67:42:eb:ae:67:d3:e2:03:9e:c6:
         f3:2e:98:ed:09:17:b8:38:eb:8b:1a:ed:b4:c2:8a:ed:44:50:
         08:64:24:d1:bf:ff:dc:8b:1d:47:08:80:0a:f9:3e:18:6c:ac:
         39:17:c3:26:dd:e2:98:ec:38:23:93:6d:e6:48:39:52:03:3c:
         87:b2:d9:fa:f3:34:d4:c2:13:ed:b8:e1:08:fb:7f:ed:8e:59:
         77:e7:ac:d9:71:dd:0d:24:67:7b:13:e8:ed:b0:97:a8:66:4a:
         89:11:02:56:a9:67:cc:e1:f6:7b:2c:98:ab:fc:e4:f6:16:87:
         e4:d7:ab:ad:92:a9:55:4e:0e:a7:c4:00:70:7d:58:85:9b:bc:
         5d:ec:0f:61
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUIwXDxzqI/f12FzT6LepQjzLH1nIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDEyMDAxMDUyMloX
DTI3MDExOTAxMTAyMlowMzExMC8GA1UEAxMoNUZDNDAzQTkyMjg0MzgzOUE3Njc5
QTVGNDg3MjJGQTlFNjI3Q0M1MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOZFnqYVHWu9K1551hLV3fUiCjIFpCU3lKjvIhPCVHagtp4ZQhqSxaw2Piqb
fzCHDqSngeXgdN2In/tTD5xPaz4j0B6ajwrKygVpU+piL06ZG/fWtAX3sMKdr97V
Ajx/a9N6I/In3OwAB9B67X0X+CwWgTQbRbLJvbjMt5qmjBInfN4Tyz5BeUkpYhd0
JomTWy/8ZaqFVsiYlthf3IfXwWOi07KUSfHDMAJ95Iucc1wKS8OVeKEu/sDiV7qm
azPMnqgC5g9qZra8HfmDvJeR+xOZlgZ1UxaiiOdtTCjGGzeW/CFahJIKXoWJmgu7
DGyLIxcINsR0Oc8UNS45OsjtIncCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBRfxAOp
IoQ4Oadnml9Ici+p5ifMUzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcwNC5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAYwDQYJKoZIhvcNAQELBQADggEBANqXKn9AS5fpQc3e8Lun7oEcbU5w/J5LoaXh
cZAKYXa9QV2TDz5orO2021dJnRF90A+lpucYKg7jAFHYu5I7m+DSTW33pUr8t1sk
/3zPfzd+HLaQLBI9qmVoX4gIVP9rQ8QnrlFi/gQUxWoeqwqk95koFsGhZ0LrrmfT
4gOexvMumO0JF7g464sa7bTCiu1EUAhkJNG//9yLHUcIgAr5PhhsrDkXwybd4pjs
OCOTbeZIOVIDPIey2frzNNTCE+244Qj7f+2OWXfnrNlx3Q0kZ3sT6O2wl6hmSokR
AlapZ8zh9nssmKv85PYWh+TXq62SqVVODqfEAHB9WIWbvF3sD2E=
-----END CERTIFICATE-----