Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3139342e3132372e3232392e302f32342d3234203d3e20313531343634.roa
File:                     3139342e3132372e3232392e302f32342d3234203d3e20313531343634.roa (raw, json)
Hash identifier:          7KwrI5EuBCcuLw5X1NF/PDWhcUoqozGhrQVDmDf42x4=
Subject key identifier:   DF:54:46:B6:12:F1:70:80:33:AD:EC:99:BE:84:BD:77:93:E8:2E:9E
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       3A541DA60221769FC1A6FB15158911F986C109F7
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3139342e3132372e3232392e302f32342d3234203d3e20313531343634.roa
Signing time:             Wed 13 Sep 2023 17:51:32 +0000
ROA not before:           Wed 13 Sep 2023 17:46:32 +0000
ROA not after:            Wed 11 Sep 2024 17:51:32 +0000
asID:                     151464
IP address blocks:        194.127.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:54:1d:a6:02:21:76:9f:c1:a6:fb:15:15:89:11:f9:86:c1:09:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Sep 13 17:46:32 2023 GMT
            Not After : Sep 11 17:51:32 2024 GMT
        Subject: CN=DF5446B612F1708033ADEC99BE84BD7793E82E9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6c:48:3f:9f:95:cb:07:69:70:88:53:75:80:
                    e8:97:57:94:85:77:bd:d2:0e:3d:bd:93:52:10:3b:
                    03:8e:6f:4e:35:b4:3f:a7:1e:87:e3:e4:41:98:54:
                    bc:76:58:50:d6:ae:0c:73:11:09:73:4c:4b:dc:41:
                    69:b3:62:06:9b:97:07:65:7f:a6:fd:d9:68:4e:5e:
                    13:9c:00:5a:e9:c7:60:1c:c1:1f:80:ee:ad:fd:90:
                    c9:c0:62:61:8a:90:ae:4c:83:3a:b4:92:52:ae:29:
                    aa:c2:18:bc:07:b0:bc:16:a0:f9:ea:b5:b1:42:49:
                    e5:e8:da:7b:e3:2a:2a:23:63:db:7a:79:20:db:4a:
                    71:0b:0f:c9:49:5e:3e:11:d2:85:3e:17:26:1e:08:
                    c4:04:c5:76:d0:3d:68:b2:a4:06:14:62:88:df:dc:
                    95:4a:67:d4:a5:d7:7e:a4:7d:0c:fa:d7:e4:36:e6:
                    8f:93:18:04:4f:61:d0:a8:4d:8b:28:a1:e7:b6:4a:
                    eb:2b:97:20:7c:86:89:3a:9d:be:38:71:79:37:3f:
                    b2:e0:32:20:69:13:52:5e:a9:8e:1f:a1:eb:63:76:
                    27:78:cb:a9:49:c0:e3:01:d9:f0:90:02:4b:0b:30:
                    27:33:f8:91:f1:19:ef:82:a5:07:ff:e3:f7:0e:d5:
                    3c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:54:46:B6:12:F1:70:80:33:AD:EC:99:BE:84:BD:77:93:E8:2E:9E
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3139342e3132372e3232392e302f32342d3234203d3e20313531343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:67:56:cd:02:35:32:d8:35:a6:8d:f3:f2:c5:d9:a1:b9:7a:
         78:5d:b3:da:90:29:f5:59:9c:ad:fc:d2:73:50:ed:70:a1:33:
         92:d0:46:8b:84:19:02:f3:15:b0:f1:71:fa:64:f2:87:94:74:
         bf:c4:af:82:a9:08:d3:00:53:28:29:6e:b6:d6:72:66:df:f8:
         c2:b1:81:bd:a3:d9:c0:5c:d2:cd:6c:69:e1:ef:f7:66:a4:03:
         62:14:4b:e7:27:38:dd:18:8a:f1:c9:e6:f3:fc:1d:97:16:d3:
         eb:a0:d3:7e:62:10:94:f5:56:9b:b5:c1:d6:81:0b:a4:dd:44:
         03:b1:f9:6f:c0:35:e6:90:ad:77:69:16:87:ce:77:c2:de:8f:
         db:18:e1:32:eb:31:04:0f:15:8d:af:0a:c0:2c:64:d2:f2:89:
         17:54:25:0a:fe:75:d5:cf:0e:e8:a1:37:cd:ba:c2:ed:cd:fb:
         38:89:e8:c6:6a:22:2c:2c:6a:47:55:8b:8c:0d:fb:f1:a6:18:
         d8:3f:9b:57:b3:b4:76:30:41:ed:b0:98:8b:3a:39:34:45:79:
         9c:07:52:4a:d5:2a:ee:3a:6a:2e:19:e0:61:26:90:21:e4:72:
         20:1f:db:f1:8e:d4:bf:61:42:19:a1:fe:b6:23:ca:67:95:c2:
         57:db:56:40
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIUOlQdpgIhdp/BpvsVFYkR+YbBCfcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yMzA5MTMxNzQ2MzJaFw0yNDA5MTExNzUxMzJaMDMxMTAvBgNV
BAMTKERGNTQ0NkI2MTJGMTcwODAzM0FERUM5OUJFODRCRDc3OTNFODJFOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVbEg/n5XLB2lwiFN1gOiXV5SF
d73SDj29k1IQOwOOb041tD+nHofj5EGYVLx2WFDWrgxzEQlzTEvcQWmzYgablwdl
f6b92WhOXhOcAFrpx2AcwR+A7q39kMnAYmGKkK5Mgzq0klKuKarCGLwHsLwWoPnq
tbFCSeXo2nvjKiojY9t6eSDbSnELD8lJXj4R0oU+FyYeCMQExXbQPWiypAYUYojf
3JVKZ9Sl136kfQz61+Q25o+TGARPYdCoTYsooee2SusrlyB8hok6nb44cXk3P7Lg
MiBpE1JeqY4foetjdid4y6lJwOMB2fCQAksLMCcz+JHxGe+CpQf/4/cO1TxXAgMB
AAGjggH4MIIB9DAdBgNVHQ4EFgQU31RGthLxcIAzreyZvoS9d5PoLp4wHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGOBggrBgEFBQcBCwSBgTB/MH0GCCsGAQUFBzAL
hnFyc3luYzovL3JzeW5jLnJwa2kudGlhbmhhaS5saW5rL3JlcG8vVGlhbmhhaVJw
a2kvMC8zMTM5MzQyZTMxMzIzNzJlMzIzMjM5MmUzMDJmMzIzNDJkMzIzNDIwM2Qz
ZTIwMzEzNTMxMzQzNjM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8G
CCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn/lMA0GCSqGSIb3DQEBCwUAA4IB
AQBiZ1bNAjUy2DWmjfPyxdmhuXp4XbPakCn1WZyt/NJzUO1woTOS0EaLhBkC8xWw
8XH6ZPKHlHS/xK+CqQjTAFMoKW621nJm3/jCsYG9o9nAXNLNbGnh7/dmpANiFEvn
JzjdGIrxyebz/B2XFtProNN+YhCU9VabtcHWgQuk3UQDsflvwDXmkK13aRaHznfC
3o/bGOEy6zEEDxWNrwrALGTS8okXVCUK/nXVzw7ooTfNusLtzfs4iejGaiIsLGpH
VYuMDfvxphjYP5tXs7R2MEHtsJiLOjk0RXmcB1JK1SruOmouGeBhJpAh5HIgH9vx
jtS/YUIZof62I8pnlcJX21ZA
-----END CERTIFICATE-----