This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144707.roa
File:                     AS144707.roa (raw, json)
Hash identifier:          E3VD4TsVu4oeZ3zi42Q/Jbx+qwgTy8AOxDyYeNJfDgc=
Subject key identifier:   14:48:E2:6C:D3:39:3F:33:F6:F3:E4:64:31:7B:36:F7:BD:66:E2:D9
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       13ED52CFC18CC702470E7F6FEE2F303B10FEC937
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144707.roa
Signing time:             Tue 20 Jan 2026 01:10:15 +0000
ROA not before:           Tue 20 Jan 2026 01:05:15 +0000
ROA not after:            Tue 19 Jan 2027 01:10:15 +0000
asID:                     144707
IP address blocks:        240a:a809::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 25 Jan 2026 19:21:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ed:52:cf:c1:8c:c7:02:47:0e:7f:6f:ee:2f:30:3b:10:fe:c9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Jan 20 01:05:15 2026 GMT
            Not After : Jan 19 01:10:15 2027 GMT
        Subject: CN=1448E26CD3393F33F6F3E464317B36F7BD66E2D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:36:99:1b:33:1f:d1:b8:bb:7c:b9:6c:f0:7c:
                    5e:4e:48:91:49:4f:c8:a4:d0:97:ce:14:90:d3:27:
                    c6:95:41:d5:e5:6c:8a:60:d6:db:73:e5:eb:ba:87:
                    21:a6:b2:f3:40:cd:c6:b7:60:ca:c8:f3:f9:43:5e:
                    bb:32:9f:22:59:36:58:4e:c9:94:dc:72:11:84:ea:
                    86:52:8f:b0:95:91:93:88:0b:04:02:fd:82:fe:95:
                    20:25:43:17:da:dc:f1:43:3e:10:dd:e5:40:61:c3:
                    75:28:e0:01:c8:96:06:41:5c:4e:ed:89:4c:73:96:
                    30:35:88:eb:65:72:c4:26:03:53:29:ce:e1:f4:72:
                    c8:9d:ef:f1:b0:96:7f:a2:f8:40:9a:c7:80:cc:9f:
                    c1:5e:bf:31:43:9b:39:47:39:e4:8f:2b:97:8b:b7:
                    c8:2c:be:e7:e1:23:57:b2:85:2e:e1:05:26:82:f4:
                    5a:f7:2d:59:4a:53:cb:d6:a1:42:61:32:bb:f3:fb:
                    a9:92:22:75:73:fd:d6:7e:a7:a7:a5:43:51:c6:c2:
                    2d:5c:68:48:30:68:0f:97:70:dd:5d:be:41:03:a7:
                    d0:f1:d6:4d:97:45:59:db:e3:59:16:02:3d:d4:8c:
                    3d:ef:a5:73:d5:ea:b2:f0:84:d5:85:7e:61:ab:6a:
                    47:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:48:E2:6C:D3:39:3F:33:F6:F3:E4:64:31:7B:36:F7:BD:66:E2:D9
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144707.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a809::/32

    Signature Algorithm: sha256WithRSAEncryption
         b4:bf:65:26:9f:78:59:5b:ec:f0:75:a7:39:3b:4d:8d:ba:ab:
         63:eb:85:2a:5c:e9:c2:c2:7a:0c:83:5f:74:8e:bf:ff:18:bf:
         6a:7c:fd:23:9d:e5:3d:e6:9a:c5:22:88:39:e4:f8:45:44:bc:
         c5:7a:87:1b:5e:b3:ac:95:b2:13:67:af:b8:12:04:c1:60:fe:
         6c:1b:a2:52:be:88:56:32:1d:7b:0b:a1:75:03:8a:23:bb:51:
         0c:98:a1:80:20:5b:af:b9:a2:9b:cd:b4:7c:04:88:51:f3:03:
         66:3b:6c:e5:ca:74:c8:84:f2:7f:3d:0a:ea:99:5c:a1:f4:b2:
         6e:b7:47:63:b0:2a:82:9d:23:fd:c7:a8:54:e2:44:ee:84:89:
         2d:49:95:38:bc:03:da:a0:5a:e5:7d:ac:01:cc:46:4e:52:fd:
         5c:cc:07:1c:90:6f:b9:45:55:2a:51:73:e9:cc:6e:66:85:b5:
         4a:9e:24:da:63:48:87:30:bb:8f:17:63:c2:c2:ef:40:52:8e:
         32:6c:de:e1:51:96:eb:1a:15:fd:d9:e3:a6:46:0c:46:ce:5c:
         c0:f8:cd:6e:47:ac:da:be:d8:84:74:dc:c4:d0:f2:05:b6:df:
         0c:fc:b0:56:f8:02:89:a5:45:83:90:09:a8:ad:05:d1:65:01:
         eb:35:cd:dd
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUE+1Sz8GMxwJHDn9v7i8wOxD+yTcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDEyMDAxMDUxNVoX
DTI3MDExOTAxMTAxNVowMzExMC8GA1UEAxMoMTQ0OEUyNkNEMzM5M0YzM0Y2RjNF
NDY0MzE3QjM2RjdCRDY2RTJEOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOg2mRszH9G4u3y5bPB8Xk5IkUlPyKTQl84UkNMnxpVB1eVsimDW23Pl67qH
Iaay80DNxrdgysjz+UNeuzKfIlk2WE7JlNxyEYTqhlKPsJWRk4gLBAL9gv6VICVD
F9rc8UM+EN3lQGHDdSjgAciWBkFcTu2JTHOWMDWI62VyxCYDUynO4fRyyJ3v8bCW
f6L4QJrHgMyfwV6/MUObOUc55I8rl4u3yCy+5+EjV7KFLuEFJoL0WvctWUpTy9ah
QmEyu/P7qZIidXP91n6np6VDUcbCLVxoSDBoD5dw3V2+QQOn0PHWTZdFWdvjWRYC
PdSMPe+lc9XqsvCE1YV+YatqRy8CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBQUSOJs
0zk/M/bz5GQxezb3vWbi2TAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcwNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAkwDQYJKoZIhvcNAQELBQADggEBALS/ZSafeFlb7PB1pzk7TY26q2PrhSpc6cLC
egyDX3SOv/8Yv2p8/SOd5T3mmsUiiDnk+EVEvMV6hxtes6yVshNnr7gSBMFg/mwb
olK+iFYyHXsLoXUDiiO7UQyYoYAgW6+5opvNtHwEiFHzA2Y7bOXKdMiE8n89CuqZ
XKH0sm63R2OwKoKdI/3HqFTiRO6EiS1JlTi8A9qgWuV9rAHMRk5S/VzMBxyQb7lF
VSpRc+nMbmaFtUqeJNpjSIcwu48XY8LC70BSjjJs3uFRlusaFf3Z46ZGDEbOXMD4
zW5HrNq+2IR03MTQ8gW23wz8sFb4AomlRYOQCaitBdFlAes1zd0=
-----END CERTIFICATE-----