Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a3a2f33322d3434203d3e2034383432.roa
File:                     326131333a313830303a3a2f33322d3434203d3e2034383432.roa (raw, json)
Hash identifier:          QbUNKUpU2CPXvK6kmjfpEwjrO4kZHMc/TAogkasZjc0=
Subject key identifier:   90:8E:5A:2F:F8:65:7D:7A:A7:74:1A:05:7A:26:77:07:93:34:3C:40
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       1D0BB5EFCA1D7F0C2A3C1629AF8352D860D3E945
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a3a2f33322d3434203d3e2034383432.roa
Signing time:             Tue 04 Jul 2023 18:54:07 +0000
ROA not before:           Tue 04 Jul 2023 18:49:07 +0000
ROA not after:            Tue 02 Jul 2024 18:54:07 +0000
asID:                     4842
IP address blocks:        2a13:1800::/32 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:0b:b5:ef:ca:1d:7f:0c:2a:3c:16:29:af:83:52:d8:60:d3:e9:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Jul  4 18:49:07 2023 GMT
            Not After : Jul  2 18:54:07 2024 GMT
        Subject: CN=908E5A2FF8657D7AA7741A057A26770793343C40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:45:34:e2:b8:8a:26:15:39:7d:9a:f8:00:93:
                    b3:02:c9:b7:a8:04:e4:3c:05:41:79:a2:32:3c:c8:
                    3b:0b:8c:58:7e:24:d9:d8:90:54:00:f3:51:46:75:
                    a2:b7:54:84:d1:85:33:5b:99:3c:fa:a9:4c:ae:7f:
                    bd:73:3b:35:d7:0a:2f:a0:bd:f4:4f:03:fc:70:c6:
                    36:bf:ee:f7:0a:d4:90:75:37:7b:5e:16:db:39:f7:
                    8c:7e:a5:c3:45:e5:e5:8c:0c:e3:41:fe:1f:90:23:
                    bc:5c:e1:29:1c:bd:f3:6e:e9:d8:c4:ad:5f:08:f5:
                    11:a7:b5:fd:73:6f:d6:54:50:6f:87:5f:3b:67:71:
                    40:2e:ec:fe:a1:ad:78:65:3e:45:cc:0b:88:df:7a:
                    31:7c:b5:0b:67:3f:c6:3c:88:ec:3d:bf:fa:fd:02:
                    a4:0a:ad:63:a1:1d:df:e2:61:1f:e0:96:cd:3c:69:
                    8a:12:fc:2a:1b:e5:94:0c:55:8e:62:e5:ce:d8:c0:
                    b3:16:6e:9e:c1:98:e4:c8:9e:24:81:e5:f4:ca:91:
                    07:dd:58:de:98:df:25:5b:35:f6:e0:23:5a:6d:7e:
                    ce:d2:14:13:4f:c2:7d:c2:14:01:03:b6:19:47:11:
                    7a:09:f7:a5:4e:89:df:00:4a:37:ff:30:91:2b:a9:
                    79:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:8E:5A:2F:F8:65:7D:7A:A7:74:1A:05:7A:26:77:07:93:34:3C:40
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a3a2f33322d3434203d3e2034383432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1800::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:77:0d:fd:7b:8b:04:42:e5:7e:05:07:ce:e9:7e:68:f4:f4:
         b7:0d:40:4b:a7:c5:11:25:ea:22:24:39:71:1b:c2:73:9a:53:
         1e:c3:98:80:bf:84:a4:1b:61:05:5d:65:a8:38:9f:49:41:5f:
         d0:21:34:6b:1a:d8:2c:d2:07:3d:71:11:ec:52:25:59:d7:71:
         d8:25:be:2d:e1:82:20:17:9c:49:8c:ae:e9:3b:c9:de:ed:b7:
         d6:1b:c5:a9:7e:3c:6c:17:da:55:c8:7f:00:06:f0:b0:6a:28:
         f8:5b:53:d8:dc:1c:40:7c:6e:ba:7d:e2:09:3c:51:0e:41:39:
         9f:d2:81:37:35:51:af:18:e3:63:93:49:e4:97:73:d6:b2:fd:
         d3:9d:42:94:87:23:04:56:8e:db:f9:fd:8b:10:e4:3c:8e:56:
         1e:46:cd:7a:50:ae:19:32:f7:2f:c1:bb:9e:e5:5d:f6:e9:81:
         73:fb:2b:4f:f9:94:34:0d:aa:f1:d4:01:0a:54:f0:21:35:b8:
         2a:fb:7d:0a:3b:8b:ef:6c:85:7d:06:31:7a:70:9f:5c:3b:3b:
         86:e3:8e:39:f4:f2:1d:8a:38:25:c6:04:c0:b9:1d:3b:2b:60:
         a4:d8:de:40:6e:ad:89:72:18:47:19:7d:eb:3a:ef:fb:50:33:
         a3:93:24:88
-----BEGIN CERTIFICATE-----
MIIE5jCCA86gAwIBAgIUHQu178odfwwqPBYpr4NS2GDT6UUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yMzA3MDQxODQ5MDdaFw0yNDA3MDIxODU0MDdaMDMxMTAvBgNV
BAMTKDkwOEU1QTJGRjg2NTdEN0FBNzc0MUEwNTdBMjY3NzA3OTMzNDNDNDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3RTTiuIomFTl9mvgAk7MCybeo
BOQ8BUF5ojI8yDsLjFh+JNnYkFQA81FGdaK3VITRhTNbmTz6qUyuf71zOzXXCi+g
vfRPA/xwxja/7vcK1JB1N3teFts594x+pcNF5eWMDONB/h+QI7xc4SkcvfNu6djE
rV8I9RGntf1zb9ZUUG+HXztncUAu7P6hrXhlPkXMC4jfejF8tQtnP8Y8iOw9v/r9
AqQKrWOhHd/iYR/gls08aYoS/Cob5ZQMVY5i5c7YwLMWbp7BmOTIniSB5fTKkQfd
WN6Y3yVbNfbgI1ptfs7SFBNPwn3CFAEDthlHEXoJ96VOid8ASjf/MJErqXlHAgMB
AAGjggHwMIIB7DAdBgNVHQ4EFgQUkI5aL/hlfXqndBoFeiZ3B5M0PEAwHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGFBggrBgEFBQcBCwR5MHcwdQYIKwYBBQUHMAuG
aXJzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFuaGFpUnBr
aS8wLzMyNjEzMTMzM2EzMTM4MzAzMDNhM2EyZjMzMzIyZDM0MzQyMDNkM2UyMDM0
MzgzNDMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEH
AQH/BBEwDzANBAIAAjAHAwUAKhMYADANBgkqhkiG9w0BAQsFAAOCAQEAfXcN/XuL
BELlfgUHzul+aPT0tw1AS6fFESXqIiQ5cRvCc5pTHsOYgL+EpBthBV1lqDifSUFf
0CE0axrYLNIHPXER7FIlWddx2CW+LeGCIBecSYyu6TvJ3u231hvFqX48bBfaVch/
AAbwsGoo+FtT2NwcQHxuun3iCTxRDkE5n9KBNzVRrxjjY5NJ5Jdz1rL9051ClIcj
BFaO2/n9ixDkPI5WHkbNelCuGTL3L8G7nuVd9umBc/srT/mUNA2q8dQBClTwITW4
Kvt9CjuL72yFfQYxenCfXDs7huOOOfTyHYo4JcYEwLkdOytgpNjeQG6tiXIYRxl9
6zrv+1Azo5MkiA==
-----END CERTIFICATE-----