Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a31303a3a2f34382d3438203d3e2034383432.roa
File:                     326131333a313830303a31303a3a2f34382d3438203d3e2034383432.roa (raw, json)
Hash identifier:          hQDpZacWKQtyymoNvHrMV8GO+OeAGXW9c1cdbIO8RBY=
Subject key identifier:   09:EC:A8:11:90:08:B7:4C:0C:06:E5:B9:BB:F3:7B:25:9B:73:6D:25
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       5CF0EBADD636B6E0E4AC0831E14B478E5D332DE6
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a31303a3a2f34382d3438203d3e2034383432.roa
Signing time:             Tue 04 Jul 2023 18:54:06 +0000
ROA not before:           Tue 04 Jul 2023 18:49:06 +0000
ROA not after:            Tue 02 Jul 2024 18:54:06 +0000
asID:                     4842
IP address blocks:        2a13:1800:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:f0:eb:ad:d6:36:b6:e0:e4:ac:08:31:e1:4b:47:8e:5d:33:2d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Jul  4 18:49:06 2023 GMT
            Not After : Jul  2 18:54:06 2024 GMT
        Subject: CN=09ECA8119008B74C0C06E5B9BBF37B259B736D25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:91:4c:c2:ac:4e:47:b1:a3:f0:66:f2:36:0d:
                    c9:57:22:c8:8d:9e:75:0c:ca:c0:21:36:1c:fd:71:
                    9c:c4:a6:f9:a9:c3:72:85:f9:94:b9:47:ee:21:7b:
                    47:7d:93:34:e4:f8:76:60:15:bb:78:c9:19:96:a1:
                    ea:68:8e:61:7f:43:98:da:0e:54:c1:3d:65:3e:ad:
                    c8:6f:2c:ba:ae:3b:ab:c3:da:31:08:58:ea:6e:27:
                    d8:16:71:38:b7:e5:94:27:8a:51:23:56:13:05:fe:
                    aa:b3:0c:eb:4e:4d:08:ce:c7:c0:9c:d1:a7:06:06:
                    1f:de:81:29:27:91:c9:cc:60:ad:56:f0:b3:ba:d2:
                    f5:d6:95:34:f8:4a:03:40:02:32:b0:27:c4:94:70:
                    2f:03:64:5b:15:66:0c:8d:5a:d1:1e:7e:a1:e0:a1:
                    31:7c:71:74:97:06:87:85:56:00:0a:4c:93:5d:bc:
                    0f:ae:23:e2:12:ca:b4:46:1e:df:45:09:fb:1f:fb:
                    9c:e9:32:12:93:eb:87:f2:e5:1e:db:d3:fd:63:b4:
                    89:3e:38:cc:c8:df:4a:e9:0d:b7:26:d9:77:16:51:
                    75:ac:8a:9e:dd:03:c4:48:9d:23:9e:ff:c0:04:b3:
                    70:65:fe:0e:7c:f2:35:2b:68:20:a2:4a:cb:f7:ba:
                    aa:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:EC:A8:11:90:08:B7:4C:0C:06:E5:B9:BB:F3:7B:25:9B:73:6D:25
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a31303a3a2f34382d3438203d3e2034383432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1800:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:18:e2:25:64:2f:5f:f3:08:13:9b:cd:7d:ff:07:fc:cc:ed:
         bf:95:96:49:e6:c0:32:f2:ce:61:8b:d7:a2:6c:32:24:94:5f:
         7e:d3:9a:f0:93:21:db:f1:c9:08:9f:3a:a6:0e:19:6a:14:2d:
         5f:9e:7e:85:e2:f2:b7:d1:07:db:a3:72:a5:d0:49:8b:e4:17:
         5d:c1:b9:a6:6b:d3:df:8a:4a:af:b6:5b:45:d8:c7:c4:d9:82:
         51:85:12:ba:92:df:db:59:19:59:89:30:35:b1:0f:a7:e7:62:
         64:14:ed:a1:72:f9:ea:00:87:1d:2c:d2:9e:28:64:75:96:01:
         e8:6e:6a:c8:13:17:0c:45:00:21:b7:38:1d:ee:ea:7a:0c:f6:
         49:68:5c:25:b0:46:ec:12:9d:bc:b7:01:ad:51:1d:0e:89:28:
         47:18:24:04:d0:55:4e:d5:7b:81:6c:15:5d:4c:49:82:4f:db:
         0d:75:b9:fa:d7:50:c9:b0:28:1c:9f:9b:f1:3d:72:5f:f2:c1:
         3f:2e:61:bc:2e:1b:ab:f0:ca:7d:cd:83:05:a2:96:ef:81:5a:
         cc:2e:c4:d8:44:95:3d:bf:e4:c0:16:da:b7:49:ba:1a:b1:15:
         09:a6:5f:22:7a:9b:19:0c:ad:bf:05:99:a0:95:8f:e3:13:04:
         c3:7f:86:c9
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgIUXPDrrdY2tuDkrAgx4UtHjl0zLeYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yMzA3MDQxODQ5MDZaFw0yNDA3MDIxODU0MDZaMDMxMTAvBgNV
BAMTKDA5RUNBODExOTAwOEI3NEMwQzA2RTVCOUJCRjM3QjI1OUI3MzZEMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+kUzCrE5HsaPwZvI2DclXIsiN
nnUMysAhNhz9cZzEpvmpw3KF+ZS5R+4he0d9kzTk+HZgFbt4yRmWoepojmF/Q5ja
DlTBPWU+rchvLLquO6vD2jEIWOpuJ9gWcTi35ZQnilEjVhMF/qqzDOtOTQjOx8Cc
0acGBh/egSknkcnMYK1W8LO60vXWlTT4SgNAAjKwJ8SUcC8DZFsVZgyNWtEefqHg
oTF8cXSXBoeFVgAKTJNdvA+uI+ISyrRGHt9FCfsf+5zpMhKT64fy5R7b0/1jtIk+
OMzI30rpDbcm2XcWUXWsip7dA8RInSOe/8AEs3Bl/g588jUraCCiSsv3uqo5AgMB
AAGjggH4MIIB9DAdBgNVHQ4EFgQUCeyoEZAIt0wMBuW5u/N7JZtzbSUwHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGLBggrBgEFBQcBCwR/MH0wewYIKwYBBQUHMAuG
b3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFuaGFpUnBr
aS8wLzMyNjEzMTMzM2EzMTM4MzAzMDNhMzEzMDNhM2EyZjM0MzgyZDM0MzgyMDNk
M2UyMDM0MzgzNDMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsG
AQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhMYAAAQMA0GCSqGSIb3DQEBCwUAA4IB
AQAnGOIlZC9f8wgTm819/wf8zO2/lZZJ5sAy8s5hi9eibDIklF9+05rwkyHb8ckI
nzqmDhlqFC1fnn6F4vK30Qfbo3Kl0EmL5Bddwbmma9PfikqvtltF2MfE2YJRhRK6
kt/bWRlZiTA1sQ+n52JkFO2hcvnqAIcdLNKeKGR1lgHobmrIExcMRQAhtzgd7up6
DPZJaFwlsEbsEp28twGtUR0OiShHGCQE0FVO1XuBbBVdTEmCT9sNdbn611DJsCgc
n5vxPXJf8sE/LmG8Lhur8Mp9zYMFopbvgVrMLsTYRJU9v+TAFtq3SboasRUJpl8i
epsZDK2/BZmglY/jEwTDf4bJ
-----END CERTIFICATE-----