This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144707.roa
File:                     AS144707.roa (raw, json)
Hash identifier:          uFSZiCjPYIperRiciG4GdG7I7v6TptZChWuNwOf0P/M=
Subject key identifier:   8D:35:04:7F:AF:45:85:1B:05:2E:8E:AD:0B:32:A3:9F:35:C6:2E:5B
Certificate issuer:       /CN=A91E5D610001/serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
Certificate serial:       6DBCB210A80E69605C65A6CC6C047ABFC8CB9125
Authority key identifier: 0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144707.roa
Signing time:             Tue 02 Dec 2025 08:47:49 +0000
ROA not before:           Tue 02 Dec 2025 08:42:49 +0000
ROA not after:            Tue 01 Dec 2026 08:47:49 +0000
asID:                     144707
IP address blocks:        240a:a809::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl
                          rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 07 Dec 2025 03:19:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:bc:b2:10:a8:0e:69:60:5c:65:a6:cc:6c:04:7a:bf:c8:cb:91:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=0B275E5B466B941AB84A742B4E3832BB1FDFEC9E
        Validity
            Not Before: Dec  2 08:42:49 2025 GMT
            Not After : Dec  1 08:47:49 2026 GMT
        Subject: CN=8D35047FAF45851B052E8EAD0B32A39F35C62E5B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bf:10:72:33:9a:43:d8:43:aa:ad:c5:87:c2:
                    76:87:93:71:38:48:74:1a:e5:58:aa:be:ee:2d:8a:
                    7e:07:7c:57:9a:29:51:38:a9:0a:60:7f:1b:2d:f4:
                    b7:c1:33:8d:10:57:07:e1:3d:d0:93:58:d5:d3:a6:
                    a3:5b:13:9b:a0:6a:9d:91:67:c3:0a:33:1c:72:ad:
                    f2:d5:2e:c0:5b:63:7c:f8:dc:22:59:65:a7:cb:7c:
                    32:3e:f6:da:78:b4:42:7e:70:36:f6:d0:7d:f5:1c:
                    07:6c:27:65:92:b2:d9:20:d7:9c:01:d4:e1:18:b2:
                    bd:92:21:8c:19:f0:8c:60:3f:16:fc:44:a8:df:fc:
                    8d:90:ab:03:3b:e8:5d:28:04:b2:5f:c4:8b:19:f3:
                    a2:58:d0:f1:88:e1:c7:5e:46:fd:1d:06:7b:81:7c:
                    2b:ff:a1:a8:ce:62:0e:f0:e8:89:a7:89:e3:04:48:
                    77:f2:f3:76:41:9a:39:d3:8e:97:37:b8:32:49:c0:
                    c3:3d:91:54:4a:fa:25:b9:70:0e:8e:fe:9a:89:ec:
                    b3:90:af:ab:0b:c1:97:c4:13:c6:25:8f:6c:b0:35:
                    c1:28:fd:c1:24:95:be:2b:32:94:2b:9f:56:6f:8b:
                    bc:6b:80:eb:4f:f6:31:39:4e:24:4f:d9:9d:b9:01:
                    7c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:35:04:7F:AF:45:85:1B:05:2E:8E:AD:0B:32:A3:9F:35:C6:2E:5B
            X509v3 Authority Key Identifier:
                keyid:0B:27:5E:5B:46:6B:94:1A:B8:4A:74:2B:4E:38:32:BB:1F:DF:EC:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/0B275E5B466B941AB84A742B4E3832BB1FDFEC9E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CydeW0ZrlBq4SnQrTjgyux_f7J4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144707.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a809::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:20:f1:cf:54:b1:a4:50:e9:f2:33:b2:b8:ed:46:68:9f:d5:
         16:fb:d1:5d:76:9e:26:cf:08:3a:8a:fa:bb:a5:eb:ab:f6:5d:
         59:ff:3d:bb:64:96:37:5c:e6:2e:bc:b4:90:a1:fb:49:d1:07:
         c9:b6:e7:86:5a:b8:0f:ac:34:da:be:c3:be:60:bc:03:19:2b:
         4d:0f:7e:53:65:9c:5d:c1:cf:30:8d:3a:7e:6a:f9:72:a0:a8:
         9c:c8:86:9f:df:89:b2:8b:ce:93:b5:b6:68:22:12:f8:75:7b:
         a5:6f:cc:c7:cf:5a:1d:da:21:41:69:78:38:1f:a1:81:b9:ca:
         e2:91:2c:43:4f:76:49:a2:39:99:f1:61:9a:62:6a:62:45:43:
         44:05:8e:2d:80:51:c6:6a:80:c0:bd:80:41:d3:00:b7:ef:17:
         f9:5f:81:94:a1:5c:88:05:ff:f3:43:aa:41:e3:97:16:51:8f:
         66:6b:e8:21:ed:93:b9:3d:a1:59:bc:80:1e:47:ef:ad:06:0f:
         fc:e5:01:32:f4:90:e5:94:ab:5e:a7:6b:54:2d:c0:55:f4:a8:
         90:a9:cf:54:a1:15:d0:c4:58:f3:f4:06:dd:86:c4:2d:04:e4:
         04:77:66:44:79:22:f1:64:d6:08:02:f0:50:e1:5b:bd:96:b6:
         0c:a7:8f:ba
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUbbyyEKgOaWBcZabMbAR6v8jLkSUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwQjI3NUU1QjQ2
NkI5NDFBQjg0QTc0MkI0RTM4MzJCQjFGREZFQzlFMB4XDTI1MTIwMjA4NDI0OVoX
DTI2MTIwMTA4NDc0OVowMzExMC8GA1UEAxMoOEQzNTA0N0ZBRjQ1ODUxQjA1MkU4
RUFEMEIzMkEzOUYzNUM2MkU1QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALu/EHIzmkPYQ6qtxYfCdoeTcThIdBrlWKq+7i2Kfgd8V5opUTipCmB/Gy30
t8EzjRBXB+E90JNY1dOmo1sTm6BqnZFnwwozHHKt8tUuwFtjfPjcIlllp8t8Mj72
2ni0Qn5wNvbQffUcB2wnZZKy2SDXnAHU4RiyvZIhjBnwjGA/FvxEqN/8jZCrAzvo
XSgEsl/EixnzoljQ8Yjhx15G/R0Ge4F8K/+hqM5iDvDoiaeJ4wRId/LzdkGaOdOO
lze4MknAwz2RVEr6JblwDo7+monss5CvqwvBl8QTxiWPbLA1wSj9wSSVvisylCuf
Vm+LvGuA60/2MTlOJE/ZnbkBfEMCAwEAAaOCAcUwggHBMB0GA1UdDgQWBBSNNQR/
r0WFGwUujq0LMqOfNcYuWzAfBgNVHSMEGDAWgBQLJ15bRmuUGrhKdCtOODK7H9/s
njAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wQjI3NUU1QjQ2NkI5NDFBQjg0QTc0
MkI0RTM4MzJCQjFGREZFQzlFLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9DeWRlVzBacmxCcTRTblFyVGpneXV4X2Y3
SjQuY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDcwNy5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qAkwDQYJKoZIhvcNAQELBQADggEBAAsg8c9UsaRQ6fIzsrjtRmif1Rb70V12nibP
CDqK+rul66v2XVn/Pbtkljdc5i68tJCh+0nRB8m254ZauA+sNNq+w75gvAMZK00P
flNlnF3BzzCNOn5q+XKgqJzIhp/fibKLzpO1tmgiEvh1e6VvzMfPWh3aIUFpeDgf
oYG5yuKRLENPdkmiOZnxYZpiamJFQ0QFji2AUcZqgMC9gEHTALfvF/lfgZShXIgF
//NDqkHjlxZRj2Zr6CHtk7k9oVm8gB5H760GD/zlATL0kOWUq16na1QtwFX0qJCp
z1ShFdDEWPP0Bt2GxC0E5AR3ZkR5IvFk1ggC8FDhW72Wtgynj7o=
-----END CERTIFICATE-----