Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830323a3a2f33362d3434203d3e20323039333036.roa
File:                     326131333a313830323a3a2f33362d3434203d3e20323039333036.roa (raw, json)
Hash identifier:          rjSuK2x5LJ9JpoRZOm9Ea1uvdttRpcujWNO9Yf0KkJE=
Subject key identifier:   18:F3:F9:10:F1:79:DA:7B:2C:66:C7:97:2B:BD:B2:71:B4:DF:09:21
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       7D4BE6A89EA90C6B6FF45E1189B45950525F72A9
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830323a3a2f33362d3434203d3e20323039333036.roa
Signing time:             Wed 20 Mar 2024 09:29:14 +0000
ROA not before:           Wed 20 Mar 2024 09:24:14 +0000
ROA not after:            Wed 19 Mar 2025 09:29:14 +0000
asID:                     209306
IP address blocks:        2a13:1802::/36 maxlen: 44

Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:4b:e6:a8:9e:a9:0c:6b:6f:f4:5e:11:89:b4:59:50:52:5f:72:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Mar 20 09:24:14 2024 GMT
            Not After : Mar 19 09:29:14 2025 GMT
        Subject: CN=18F3F910F179DA7B2C66C7972BBDB271B4DF0921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:0f:32:43:26:bd:6b:a8:e4:5b:6b:d3:06:ff:
                    f4:89:0e:47:4b:58:2f:57:86:70:bf:18:35:09:87:
                    1b:32:84:c6:2e:ee:7f:52:48:16:52:c1:c2:b1:75:
                    83:0d:70:57:f0:33:10:87:06:53:63:ed:b7:55:14:
                    ff:e9:06:05:7a:7d:cc:dc:b9:a7:2c:37:4d:ec:f8:
                    ba:78:e9:af:e0:87:82:51:70:a8:9d:a1:be:38:c0:
                    a1:ff:3c:ca:12:a6:ae:ca:eb:5f:c2:af:73:f6:7c:
                    e8:9e:3e:88:b0:45:c2:5c:6e:d9:74:f7:5e:71:48:
                    be:b9:fc:57:23:80:5a:3c:eb:ee:c3:2c:e6:6d:07:
                    f8:a0:9e:ad:1b:69:c8:b6:fe:33:b2:be:89:6d:57:
                    89:ec:4d:75:55:e3:07:89:ae:55:27:e4:6c:77:b7:
                    2c:08:a5:18:0a:db:78:38:d0:87:e8:fe:a7:3e:70:
                    36:a8:bf:98:f8:c8:30:0d:97:2c:2d:69:bb:b0:c2:
                    cf:12:95:51:9b:10:2f:58:fb:b7:7d:9d:82:55:97:
                    b7:e0:2e:b3:c9:94:99:76:81:c6:54:9a:ba:57:15:
                    a5:e0:61:a4:8b:63:a3:da:64:4b:6e:83:10:83:8e:
                    d2:d4:ae:97:06:bc:84:11:5d:f3:ce:3f:10:13:a2:
                    81:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F3:F9:10:F1:79:DA:7B:2C:66:C7:97:2B:BD:B2:71:B4:DF:09:21
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830323a3a2f33362d3434203d3e20323039333036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1802::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:47:54:bc:da:37:e6:a5:13:a1:46:01:f5:04:0b:db:81:92:
         b1:86:cd:4e:6f:f2:46:d9:13:f6:65:34:2a:49:0a:08:ee:94:
         42:a7:36:b6:00:bb:c3:22:18:dc:78:7e:c0:ab:70:21:f5:a5:
         1a:d0:f7:8a:3f:98:7a:f3:5c:13:36:77:91:fa:90:18:31:28:
         65:28:b6:1e:3d:0c:c7:00:36:c1:9a:ea:ff:5a:da:1d:7f:56:
         40:0c:ca:71:59:ee:fa:01:b3:e1:4d:b1:36:08:d5:63:a4:81:
         4a:9e:5d:c7:6f:a9:0c:50:62:82:6c:ea:a0:49:04:c5:d5:43:
         72:ea:c7:5a:d4:e1:26:1c:a0:d0:59:be:3c:90:5a:90:d7:0e:
         21:f2:86:67:ed:f9:a6:12:a2:ec:33:2b:79:0f:6a:39:99:35:
         b9:6f:bd:6f:e0:cd:33:8d:d3:d1:45:db:17:d6:df:e5:33:86:
         06:42:5f:b2:09:6b:60:12:2d:a9:ee:85:1e:b4:84:07:46:5e:
         f8:c3:43:00:7f:5a:99:62:29:60:c4:c8:ad:c4:12:74:2a:22:
         d5:cc:82:83:98:e2:e1:ab:6c:c8:f3:a3:19:d6:ad:c7:fb:c3:
         e1:03:91:b9:b2:19:54:15:5d:3d:07:83:cb:cd:0e:da:f7:54:
         bc:c9:89:80
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUfUvmqJ6pDGtv9F4RibRZUFJfcqkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yNDAzMjAwOTI0MTRaFw0yNTAzMTkwOTI5MTRaMDMxMTAvBgNV
BAMTKDE4RjNGOTEwRjE3OURBN0IyQzY2Qzc5NzJCQkRCMjcxQjRERjA5MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDzJDJr1rqORba9MG//SJDkdL
WC9XhnC/GDUJhxsyhMYu7n9SSBZSwcKxdYMNcFfwMxCHBlNj7bdVFP/pBgV6fczc
uacsN03s+Lp46a/gh4JRcKidob44wKH/PMoSpq7K61/Cr3P2fOiePoiwRcJcbtl0
915xSL65/FcjgFo86+7DLOZtB/ignq0baci2/jOyvoltV4nsTXVV4weJrlUn5Gx3
tywIpRgK23g40Ifo/qc+cDaov5j4yDANlywtabuwws8SlVGbEC9Y+7d9nYJVl7fg
LrPJlJl2gcZUmrpXFaXgYaSLY6PaZEtugxCDjtLUrpcGvIQRXfPOPxATooFlAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUGPP5EPF52nssZseXK72ycbTfCSEwHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGJBggrBgEFBQcBCwR9MHsweQYIKwYBBQUHMAuG
bXJzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFuaGFpUnBr
aS8wLzMyNjEzMTMzM2EzMTM4MzAzMjNhM2EyZjMzMzYyZDM0MzQyMDNkM2UyMDMy
MzAzOTMzMzAzNi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEF
BQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoTGAIAMA0GCSqGSIb3DQEBCwUAA4IBAQAg
R1S82jfmpROhRgH1BAvbgZKxhs1Ob/JG2RP2ZTQqSQoI7pRCpza2ALvDIhjceH7A
q3Ah9aUa0PeKP5h681wTNneR+pAYMShlKLYePQzHADbBmur/Wtodf1ZADMpxWe76
AbPhTbE2CNVjpIFKnl3Hb6kMUGKCbOqgSQTF1UNy6sda1OEmHKDQWb48kFqQ1w4h
8oZn7fmmEqLsMyt5D2o5mTW5b71v4M0zjdPRRdsX1t/lM4YGQl+yCWtgEi2p7oUe
tIQHRl74w0MAf1qZYilgxMitxBJ0KiLVzIKDmOLhq2zI86MZ1q3H+8PhA5G5shlU
FV09B4PLzQ7a91S8yYmA
-----END CERTIFICATE-----