Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa
File:                     326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa (raw, json)
Hash identifier:          8S8KaEMtwBSV+e9Y4su0imbiw2K8EuQoF1xiZf4VnyU=
Subject key identifier:   0F:44:C6:F3:0B:FF:E2:15:33:2A:58:E0:11:9D:11:C1:DB:81:43:2E
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       0A59F121C671BC45481C6B7C13295EDA6C0E5F61
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa
Signing time:             Sat 08 Jul 2023 11:51:03 +0000
ROA not before:           Sat 08 Jul 2023 11:46:03 +0000
ROA not after:            Sat 06 Jul 2024 11:51:03 +0000
asID:                     151464
IP address blocks:        2a13:1801:180::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:59:f1:21:c6:71:bc:45:48:1c:6b:7c:13:29:5e:da:6c:0e:5f:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Jul  8 11:46:03 2023 GMT
            Not After : Jul  6 11:51:03 2024 GMT
        Subject: CN=0F44C6F30BFFE215332A58E0119D11C1DB81432E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f0:c2:77:41:5d:47:c4:aa:47:4d:9c:a0:04:
                    cd:fa:ac:df:ab:77:84:f7:8f:f8:bc:05:4c:b3:69:
                    02:b8:03:b1:64:19:f4:30:aa:75:00:d0:e5:bb:e2:
                    2e:da:0f:d6:0b:dd:e0:88:29:67:1b:36:3f:99:c7:
                    c8:50:10:a2:70:a4:5c:4e:39:cd:87:3c:eb:b6:92:
                    18:95:33:77:63:23:4e:d5:10:b2:28:05:66:0f:4a:
                    35:9c:93:59:fa:ae:f2:76:ca:26:f8:8b:8c:88:ae:
                    6e:0a:4b:cd:6d:95:97:05:8b:68:1d:0b:f6:66:98:
                    68:bc:2d:b6:fb:4e:96:17:82:2d:93:89:a5:41:8f:
                    31:52:80:c3:bf:3b:5a:c5:36:b1:17:29:3b:ab:66:
                    dc:aa:cc:52:b4:a4:dc:7e:5f:2e:43:19:01:36:14:
                    c7:df:4c:88:f8:bc:6b:5f:21:6f:60:1b:27:38:27:
                    2f:39:f7:77:81:23:98:fa:15:cc:37:27:8d:85:e8:
                    5f:f7:b0:a3:72:76:bb:c9:14:fd:c2:8a:17:26:f3:
                    fe:ef:ab:0d:f7:6d:d3:4e:57:da:99:df:aa:b6:f9:
                    72:1a:2a:72:9b:3d:d3:44:b3:77:70:96:80:f1:af:
                    59:13:d1:b8:4a:4b:27:eb:16:2f:c4:ab:56:91:f9:
                    b1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:44:C6:F3:0B:FF:E2:15:33:2A:58:E0:11:9D:11:C1:DB:81:43:2E
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1801:180::/43

    Signature Algorithm: sha256WithRSAEncryption
         21:70:44:2c:c0:b6:7a:59:37:36:88:72:a5:b5:87:97:f8:6f:
         b7:1b:62:aa:fb:cd:15:dd:06:d3:3a:e1:cf:22:e6:e3:56:36:
         45:ef:29:4b:91:3b:e8:9e:fc:b1:4c:cd:59:b1:98:95:98:1d:
         c3:a5:bb:37:d7:af:f8:38:b6:d8:71:3d:04:dd:d5:52:0a:f6:
         f9:27:8e:31:04:c2:31:46:cd:f4:d8:bf:ac:bc:94:44:ea:32:
         4d:ea:0a:9b:b4:80:d9:4e:e6:58:28:47:05:bc:fc:14:00:18:
         ec:48:11:20:a0:f7:9a:7c:a5:fe:95:bb:73:a7:82:13:05:ea:
         51:ab:d4:5c:7f:45:5f:ad:40:5d:92:6e:ec:4b:03:ed:71:2a:
         2c:4f:92:1c:bb:99:d3:bd:f3:bf:76:9b:bc:0f:3a:d2:75:0b:
         25:23:b9:df:51:37:74:a2:87:aa:04:42:04:fd:8b:61:42:8a:
         35:13:2a:4d:ed:8b:ee:89:79:92:0c:39:e7:33:14:6f:78:e4:
         3b:b5:da:ae:1b:ac:7a:fd:29:37:c9:e2:fd:e2:1a:77:66:d8:
         c4:95:0b:1d:ae:e3:5e:70:3d:9a:5c:8f:1b:b3:2a:96:85:da:
         c9:0c:ae:cf:b5:dd:fe:ed:42:56:2b:2f:2d:c4:4a:30:af:7e:
         6a:69:55:67
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIUClnxIcZxvEVIHGt8Eyle2mwOX2EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yMzA3MDgxMTQ2MDNaFw0yNDA3MDYxMTUxMDNaMDMxMTAvBgNV
BAMTKDBGNDRDNkYzMEJGRkUyMTUzMzJBNThFMDExOUQxMUMxREI4MTQzMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG8MJ3QV1HxKpHTZygBM36rN+r
d4T3j/i8BUyzaQK4A7FkGfQwqnUA0OW74i7aD9YL3eCIKWcbNj+Zx8hQEKJwpFxO
Oc2HPOu2khiVM3djI07VELIoBWYPSjWck1n6rvJ2yib4i4yIrm4KS81tlZcFi2gd
C/ZmmGi8Lbb7TpYXgi2TiaVBjzFSgMO/O1rFNrEXKTurZtyqzFK0pNx+Xy5DGQE2
FMffTIj4vGtfIW9gGyc4Jy8593eBI5j6Fcw3J42F6F/3sKNydrvJFP3Cihcm8/7v
qw33bdNOV9qZ36q2+XIaKnKbPdNEs3dwloDxr1kT0bhKSyfrFi/Eq1aR+bGXAgMB
AAGjggIBMIIB/TAdBgNVHQ4EFgQUD0TG8wv/4hUzKljgEZ0RwduBQy4wHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGUBggrBgEFBQcBCwSBhzCBhDCBgQYIKwYBBQUH
MAuGdXJzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFuaGFp
UnBraS8wLzMyNjEzMTMzM2EzMTM4MzAzMTNhMzEzODMwM2EzYTJmMzQzMzJkMzQz
ODIwM2QzZTIwMzEzNTMxMzQzNjM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKhMYAQGAMA0GCSqGSIb3
DQEBCwUAA4IBAQAhcEQswLZ6WTc2iHKltYeX+G+3G2Kq+80V3QbTOuHPIubjVjZF
7ylLkTvonvyxTM1ZsZiVmB3Dpbs316/4OLbYcT0E3dVSCvb5J44xBMIxRs302L+s
vJRE6jJN6gqbtIDZTuZYKEcFvPwUABjsSBEgoPeafKX+lbtzp4ITBepRq9Rcf0Vf
rUBdkm7sSwPtcSosT5Icu5nTvfO/dpu8DzrSdQslI7nfUTd0ooeqBEIE/YthQoo1
EypN7YvuiXmSDDnnMxRveOQ7tdquG6x6/Sk3yeL94hp3ZtjElQsdruNecD2aXI8b
syqWhdrJDK7Ptd3+7UJWKy8txEowr35qaVVn
-----END CERTIFICATE-----