Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3433203d3e2034383432.roa
File:                     326131333a313830313a3138303a3a2f34332d3433203d3e2034383432.roa (raw, json)
Hash identifier:          bHLrFfRXbu3mJPZtiprVji4gY+vSOYcHSULAQ5qBO+8=
Subject key identifier:   00:FA:62:91:1B:C1:9B:A7:47:08:50:90:B2:3D:A5:6B:30:E7:7E:7B
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       56D1DDCFE5BB2099A820E1C5DF1670CAF3488D53
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3433203d3e2034383432.roa
Signing time:             Sat 08 Jul 2023 13:52:23 +0000
ROA not before:           Sat 08 Jul 2023 13:47:23 +0000
ROA not after:            Sat 06 Jul 2024 13:52:23 +0000
asID:                     4842
IP address blocks:        2a13:1801:180::/43 maxlen: 43

Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d1:dd:cf:e5:bb:20:99:a8:20:e1:c5:df:16:70:ca:f3:48:8d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Jul  8 13:47:23 2023 GMT
            Not After : Jul  6 13:52:23 2024 GMT
        Subject: CN=00FA62911BC19BA747085090B23DA56B30E77E7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:16:25:37:93:ff:53:65:b8:6c:c9:c7:e4:0b:
                    0b:c2:d8:29:e5:07:f4:81:3d:d6:2f:ac:ee:8d:7d:
                    55:39:b5:19:1d:e0:ce:9b:4f:db:f0:a5:17:da:5d:
                    ba:fa:11:41:3f:ca:96:99:e6:f0:6d:6b:8a:88:80:
                    76:31:53:f4:4b:aa:14:6e:3c:9c:9d:b6:bf:70:e4:
                    53:81:65:70:a7:90:02:50:90:14:5f:71:9e:3e:df:
                    29:c4:b2:f2:f4:8f:af:a2:98:fb:bc:5e:99:ef:49:
                    f6:4e:8c:c4:8d:a9:19:60:a2:fb:20:b8:f4:b8:04:
                    a3:fe:f9:87:36:df:97:96:cf:fe:02:5c:4a:c2:b6:
                    80:68:ed:c3:0a:e7:89:12:7d:0c:6e:07:81:ac:4a:
                    5a:43:8d:25:8a:d4:88:2d:2d:5f:06:a4:f8:4a:f4:
                    57:83:42:c3:8d:3f:ee:9b:d6:7a:5c:4b:2a:0c:75:
                    fe:f7:25:4b:04:9a:95:94:c9:35:3a:cd:12:e8:4c:
                    95:43:6b:83:a9:52:05:b8:76:b9:4d:51:12:79:fb:
                    22:47:30:cb:72:e3:63:8a:a0:56:74:2f:e9:1c:1d:
                    79:07:10:e2:fe:59:5e:8c:4f:33:50:43:76:6e:c6:
                    d6:e9:e4:2f:f3:76:05:b8:60:18:9b:4d:db:96:cd:
                    f3:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:FA:62:91:1B:C1:9B:A7:47:08:50:90:B2:3D:A5:6B:30:E7:7E:7B
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3433203d3e2034383432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1801:180::/43

    Signature Algorithm: sha256WithRSAEncryption
         a9:24:5d:e0:f8:31:cc:ef:7c:f4:54:97:55:a8:6b:53:0e:79:
         d6:95:ae:12:34:b6:44:9f:9f:ea:81:55:f7:e5:6a:be:31:89:
         10:90:76:af:a7:f8:5e:8e:21:c7:b1:42:44:99:85:2a:a1:be:
         cd:5a:c5:9a:74:a1:f6:e1:00:ca:bc:43:48:26:49:55:e2:8d:
         69:84:02:ce:57:d7:6f:19:57:52:0d:df:9d:1d:cd:8b:37:3e:
         60:13:6d:d4:71:3e:59:9c:68:17:c8:f7:3d:f9:fc:8c:3c:25:
         6b:a6:38:40:95:a1:e2:88:39:f1:ea:fd:d3:36:73:4b:e9:43:
         5c:59:75:52:65:2e:0d:a1:2c:4e:c7:3f:16:a9:6c:56:79:da:
         c6:26:5a:7b:28:d0:97:bf:c3:8c:13:49:93:5e:73:dd:00:6a:
         cb:19:61:d6:90:76:ea:c7:c8:67:85:fb:a6:d2:33:15:77:90:
         e5:1c:88:28:e0:e1:ab:0d:60:ec:ba:75:47:0a:99:79:ea:70:
         20:cb:ef:5d:91:8f:39:46:bd:84:5c:20:20:13:60:59:b3:83:
         40:78:79:2e:e0:55:2b:df:4e:5e:13:1a:36:64:da:7c:e7:ec:
         7a:83:c2:e6:6e:ad:3d:37:37:21:01:4f:ec:cf:6f:b8:e9:c9:
         d9:2c:bf:82
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUVtHdz+W7IJmoIOHF3xZwyvNIjVMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yMzA3MDgxMzQ3MjNaFw0yNDA3MDYxMzUyMjNaMDMxMTAvBgNV
BAMTKDAwRkE2MjkxMUJDMTlCQTc0NzA4NTA5MEIyM0RBNTZCMzBFNzdFN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlFiU3k/9TZbhsycfkCwvC2Cnl
B/SBPdYvrO6NfVU5tRkd4M6bT9vwpRfaXbr6EUE/ypaZ5vBta4qIgHYxU/RLqhRu
PJydtr9w5FOBZXCnkAJQkBRfcZ4+3ynEsvL0j6+imPu8XpnvSfZOjMSNqRlgovsg
uPS4BKP++Yc235eWz/4CXErCtoBo7cMK54kSfQxuB4GsSlpDjSWK1IgtLV8GpPhK
9FeDQsONP+6b1npcSyoMdf73JUsEmpWUyTU6zRLoTJVDa4OpUgW4drlNURJ5+yJH
MMty42OKoFZ0L+kcHXkHEOL+WV6MTzNQQ3Zuxtbp5C/zdgW4YBibTduWzfOFAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUAPpikRvBm6dHCFCQsj2lazDnfnswHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGOBggrBgEFBQcBCwSBgTB/MH0GCCsGAQUFBzAL
hnFyc3luYzovL3JzeW5jLnJwa2kudGlhbmhhaS5saW5rL3JlcG8vVGlhbmhhaVJw
a2kvMC8zMjYxMzEzMzNhMzEzODMwMzEzYTMxMzgzMDNhM2EyZjM0MzMyZDM0MzMy
MDNkM2UyMDM0MzgzNDMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIG
CCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKhMYAQGAMA0GCSqGSIb3DQEBCwUA
A4IBAQCpJF3g+DHM73z0VJdVqGtTDnnWla4SNLZEn5/qgVX35Wq+MYkQkHavp/he
jiHHsUJEmYUqob7NWsWadKH24QDKvENIJklV4o1phALOV9dvGVdSDd+dHc2LNz5g
E23UcT5ZnGgXyPc9+fyMPCVrpjhAlaHiiDnx6v3TNnNL6UNcWXVSZS4NoSxOxz8W
qWxWedrGJlp7KNCXv8OME0mTXnPdAGrLGWHWkHbqx8hnhfum0jMVd5DlHIgo4OGr
DWDsunVHCpl56nAgy+9dkY85Rr2EXCAgE2BZs4NAeHku4FUr305eExo2ZNp85+x6
g8Lmbq09NzchAU/sz2+46cnZLL+C
-----END CERTIFICATE-----