Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3139342e3132372e3232392e302f32342d3234203d3e2034383432.roa
File:                     3139342e3132372e3232392e302f32342d3234203d3e2034383432.roa (raw, json)
Hash identifier:          kp/B54VYVfHsNEAFajsnxzOEEcidnvHQ0igzOulXWdo=
Subject key identifier:   C8:E9:EC:55:2A:EB:84:CE:C0:77:D4:CD:B3:F2:5F:28:A3:83:AE:D4
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       11C22D05CAA0D90DAD078722EFF76B2C5BE64251
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3139342e3132372e3232392e302f32342d3234203d3e2034383432.roa
Signing time:             Wed 13 Sep 2023 17:51:18 +0000
ROA not before:           Wed 13 Sep 2023 17:46:18 +0000
ROA not after:            Wed 11 Sep 2024 17:51:18 +0000
asID:                     4842
IP address blocks:        194.127.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:c2:2d:05:ca:a0:d9:0d:ad:07:87:22:ef:f7:6b:2c:5b:e6:42:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Sep 13 17:46:18 2023 GMT
            Not After : Sep 11 17:51:18 2024 GMT
        Subject: CN=C8E9EC552AEB84CEC077D4CDB3F25F28A383AED4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:b3:1c:f2:2b:8a:c7:03:30:f0:0e:08:08:88:
                    cb:ed:48:96:9e:3a:28:5a:12:7d:c9:e0:a7:d2:95:
                    9f:e9:c0:8a:f4:ba:10:7a:2f:84:e6:18:43:d3:b4:
                    b5:9d:44:fc:ab:2a:a2:5e:41:6b:2f:3d:09:64:4f:
                    30:91:e8:8b:ce:48:3f:a2:95:3f:e2:ce:0b:11:41:
                    93:15:27:d3:14:50:48:05:7c:fd:cf:3a:76:9f:ee:
                    1e:82:0b:41:31:ea:09:95:bb:b9:fa:1f:53:7c:0e:
                    79:86:77:53:2a:d9:79:4c:15:b4:af:b0:93:75:13:
                    32:da:f9:1b:50:a1:64:09:84:37:7a:20:9d:19:21:
                    6d:c2:fc:5e:f8:d5:0e:81:95:ba:51:c0:46:ac:c8:
                    64:1a:13:23:64:57:67:c3:0f:e2:38:af:27:6f:e4:
                    44:d1:e9:29:e5:3f:10:3c:b7:cf:60:6d:d2:35:b4:
                    4a:02:0a:de:8c:25:a2:67:03:11:88:b0:b9:53:fc:
                    fc:c4:7a:ef:d3:dc:52:f3:34:67:80:0f:ee:1f:bc:
                    41:fc:20:d9:95:f3:da:3f:4a:81:df:3b:7b:14:5a:
                    70:b3:39:dc:e4:f5:bb:99:46:6c:ed:ea:07:32:84:
                    8e:a3:f5:e7:4f:a5:22:61:72:9d:c0:a9:d4:5e:53:
                    ac:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E9:EC:55:2A:EB:84:CE:C0:77:D4:CD:B3:F2:5F:28:A3:83:AE:D4
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3139342e3132372e3232392e302f32342d3234203d3e2034383432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.127.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:ee:8e:6c:55:89:bb:fe:2d:3c:4d:60:c2:de:3f:dd:c8:b4:
         2c:e1:41:79:a8:7e:d8:de:8e:93:f6:37:f1:b7:09:3a:60:15:
         e6:e9:f9:fd:ee:30:ff:2b:5b:69:40:95:11:e3:ad:52:3e:da:
         ab:2f:e3:9d:20:0b:95:40:6f:b8:73:ec:09:2b:4e:da:94:a7:
         e6:b8:c7:ef:0f:ae:41:d1:9a:04:f2:cd:5d:b9:e2:40:fa:5c:
         fe:90:97:0a:de:76:c9:a1:38:39:90:1b:50:32:16:dc:b3:86:
         73:e1:14:8a:30:11:3e:d0:96:11:9c:5c:b1:e0:9c:11:e6:9b:
         48:24:39:27:09:24:56:09:65:8a:86:e4:6a:c7:67:b2:ce:60:
         11:cc:02:3f:7c:f0:46:89:10:6c:35:ff:53:89:fa:5a:fc:72:
         ba:e3:64:7e:8a:72:56:40:f2:21:97:20:ba:30:22:dc:f4:99:
         98:29:c1:67:b8:d0:91:60:cf:b3:68:7f:73:41:39:c7:d3:1a:
         60:1e:58:d0:ea:9d:5e:c1:8c:43:15:db:92:59:e8:90:38:9f:
         d5:1b:11:1b:ef:46:20:c1:1b:1c:80:23:1b:6f:77:88:ae:6b:
         75:b8:a0:73:23:34:c3:89:52:57:2e:23:2a:5c:59:f3:36:7e:
         9f:c8:56:a0
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUEcItBcqg2Q2tB4ci7/drLFvmQlEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yMzA5MTMxNzQ2MThaFw0yNDA5MTExNzUxMThaMDMxMTAvBgNV
BAMTKEM4RTlFQzU1MkFFQjg0Q0VDMDc3RDRDREIzRjI1RjI4QTM4M0FFRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4sxzyK4rHAzDwDggIiMvtSJae
OihaEn3J4KfSlZ/pwIr0uhB6L4TmGEPTtLWdRPyrKqJeQWsvPQlkTzCR6IvOSD+i
lT/izgsRQZMVJ9MUUEgFfP3POnaf7h6CC0Ex6gmVu7n6H1N8DnmGd1Mq2XlMFbSv
sJN1EzLa+RtQoWQJhDd6IJ0ZIW3C/F741Q6BlbpRwEasyGQaEyNkV2fDD+I4rydv
5ETR6SnlPxA8t89gbdI1tEoCCt6MJaJnAxGIsLlT/PzEeu/T3FLzNGeAD+4fvEH8
INmV89o/SoHfO3sUWnCzOdzk9buZRmzt6gcyhI6j9edPpSJhcp3AqdReU6y7AgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUyOnsVSrrhM7Ad9TNs/JfKKODrtQwHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGJBggrBgEFBQcBCwR9MHsweQYIKwYBBQUHMAuG
bXJzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFuaGFpUnBr
aS8wLzMxMzkzNDJlMzEzMjM3MmUzMjMyMzkyZTMwMmYzMjM0MmQzMjM0MjAzZDNl
MjAzNDM4MzQzMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAMJ/5TANBgkqhkiG9w0BAQsFAAOCAQEAN+6O
bFWJu/4tPE1gwt4/3ci0LOFBeah+2N6Ok/Y38bcJOmAV5un5/e4w/ytbaUCVEeOt
Uj7aqy/jnSALlUBvuHPsCStO2pSn5rjH7w+uQdGaBPLNXbniQPpc/pCXCt52yaE4
OZAbUDIW3LOGc+EUijARPtCWEZxcseCcEeabSCQ5JwkkVglliobkasdnss5gEcwC
P3zwRokQbDX/U4n6WvxyuuNkfopyVkDyIZcgujAi3PSZmCnBZ7jQkWDPs2h/c0E5
x9MaYB5Y0OqdXsGMQxXbklnokDif1RsRG+9GIMEbHIAjG293iK5rdbigcyM0w4lS
Vy4jKlxZ8zZ+n8hWoA==
-----END CERTIFICATE-----