Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a3a2f34342d3438203d3e2034383432.roa
File:                     326131333a313830303a3a2f34342d3438203d3e2034383432.roa (raw, json)
Hash identifier:          7Jtvvaz5+svDZJUV4HOtzZo79hJmyHivTOZafczoidE=
Subject key identifier:   A6:25:04:AE:80:68:46:50:AE:9E:16:3F:60:90:7B:1D:C2:03:0F:47
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       29A56600E496FA7FC5434F66E3343737FBADE875
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a3a2f34342d3438203d3e2034383432.roa
Signing time:             Wed 25 Feb 2026 13:28:49 +0000
ROA not before:           Wed 25 Feb 2026 13:23:49 +0000
ROA not after:            Wed 24 Feb 2027 13:28:49 +0000
asID:                     4842
IP address blocks:        2a13:1800::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 19:10:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a5:66:00:e4:96:fa:7f:c5:43:4f:66:e3:34:37:37:fb:ad:e8:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Feb 25 13:23:49 2026 GMT
            Not After : Feb 24 13:28:49 2027 GMT
        Subject: CN=A62504AE80684650AE9E163F60907B1DC2030F47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:99:ba:b0:c1:41:2c:e0:bf:b1:4a:f8:9b:4c:
                    c9:64:12:8f:7d:40:f4:48:0d:ba:35:4c:48:0a:ff:
                    78:5a:7a:90:fb:19:77:3f:7e:51:49:54:80:f7:af:
                    c4:57:16:bb:eb:89:62:29:b4:4a:84:b1:41:be:e2:
                    57:42:8c:26:f1:69:01:1f:da:17:d2:f0:13:68:14:
                    01:bc:7f:6a:56:69:81:5f:13:e6:4d:b9:7e:f3:e6:
                    25:5a:ad:13:cb:7b:f1:86:7f:8b:3c:10:01:63:8e:
                    6d:48:f4:b6:43:f9:50:f7:a5:81:c6:2f:39:72:10:
                    c1:db:65:78:81:16:2e:63:09:53:12:e4:16:d0:f0:
                    68:6c:66:07:f8:eb:8c:04:94:fb:c6:39:23:62:51:
                    6d:62:0b:08:58:9b:6b:0f:73:50:bf:0c:be:91:5f:
                    d5:7a:7c:27:fd:b1:06:1b:c4:eb:7b:86:c7:60:5a:
                    89:29:34:b7:06:7e:a6:7d:c7:6b:f1:8b:70:82:ab:
                    a1:99:81:8c:73:75:19:19:bc:47:9c:b1:de:4b:3d:
                    5d:9f:3e:bb:9f:86:b0:fb:7b:3b:8a:ab:10:bf:be:
                    65:17:ac:7c:4d:8d:2f:dd:5b:c7:40:37:72:51:30:
                    2f:86:ed:f5:df:cc:dd:32:ac:74:f2:c4:eb:16:67:
                    1a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:25:04:AE:80:68:46:50:AE:9E:16:3F:60:90:7B:1D:C2:03:0F:47
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830303a3a2f34342d3438203d3e2034383432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1800::/44

    Signature Algorithm: sha256WithRSAEncryption
         81:0c:c8:f9:2d:3b:5e:d0:70:51:7d:7c:9f:bb:5c:2b:cb:a0:
         f6:c1:a2:50:93:73:92:39:4c:f2:c0:56:1c:1f:d8:04:25:17:
         06:d5:28:04:29:67:b5:fb:d9:69:23:98:9a:c1:7d:3a:62:fd:
         ab:9c:79:d7:16:12:6e:74:48:40:67:12:ec:e8:30:b1:ec:fe:
         fc:30:d3:39:4f:3b:6e:ad:70:81:08:53:b8:1d:ee:70:19:ce:
         a8:eb:a1:ac:73:a9:38:b5:86:d7:98:26:5b:f6:ac:4e:c5:4c:
         72:6d:92:99:d9:cb:f3:28:73:ed:48:d0:89:19:d3:2e:9a:23:
         da:b7:eb:39:d9:05:cf:56:9a:9c:ea:1a:c7:e2:de:c6:ac:9e:
         b5:af:62:42:68:f9:52:f4:56:22:f0:a9:e6:6b:9b:48:26:91:
         2e:8c:59:7f:eb:63:98:c5:45:43:37:4e:7d:01:70:cf:88:f7:
         f4:ba:b2:83:cb:67:07:17:cc:ce:ae:52:13:ad:da:0e:06:2f:
         7e:1d:b1:ea:9e:e3:95:05:ca:16:0c:6c:23:2b:21:d6:7a:38:
         a1:2b:97:b1:43:04:a8:90:fa:9c:5d:0a:39:93:1a:07:94:66:
         00:c1:99:32:80:83:4e:7b:06:e1:46:c4:39:24:11:a2:56:8d:
         43:87:25:02
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIUKaVmAOSW+n/FQ09m4zQ3N/ut6HUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yNjAyMjUxMzIzNDlaFw0yNzAyMjQxMzI4NDlaMDMxMTAvBgNV
BAMTKEE2MjUwNEFFODA2ODQ2NTBBRTlFMTYzRjYwOTA3QjFEQzIwMzBGNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCombqwwUEs4L+xSvibTMlkEo99
QPRIDbo1TEgK/3haepD7GXc/flFJVID3r8RXFrvriWIptEqEsUG+4ldCjCbxaQEf
2hfS8BNoFAG8f2pWaYFfE+ZNuX7z5iVarRPLe/GGf4s8EAFjjm1I9LZD+VD3pYHG
LzlyEMHbZXiBFi5jCVMS5BbQ8GhsZgf464wElPvGOSNiUW1iCwhYm2sPc1C/DL6R
X9V6fCf9sQYbxOt7hsdgWokpNLcGfqZ9x2vxi3CCq6GZgYxzdRkZvEecsd5LPV2f
PrufhrD7ezuKqxC/vmUXrHxNjS/dW8dAN3JRMC+G7fXfzN0yrHTyxOsWZxqDAgMB
AAGjggHyMIIB7jAdBgNVHQ4EFgQUpiUEroBoRlCunhY/YJB7HcIDD0cwHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGFBggrBgEFBQcBCwR5MHcwdQYIKwYBBQUHMAuG
aXJzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFuaGFpUnBr
aS8wLzMyNjEzMTMzM2EzMTM4MzAzMDNhM2EyZjM0MzQyZDM0MzgyMDNkM2UyMDM0
MzgzNDMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEH
AQH/BBMwETAPBAIAAjAJAwcEKhMYAAAAMA0GCSqGSIb3DQEBCwUAA4IBAQCBDMj5
LTte0HBRfXyfu1wry6D2waJQk3OSOUzywFYcH9gEJRcG1SgEKWe1+9lpI5iawX06
Yv2rnHnXFhJudEhAZxLs6DCx7P78MNM5TzturXCBCFO4He5wGc6o66Gsc6k4tYbX
mCZb9qxOxUxybZKZ2cvzKHPtSNCJGdMumiPat+s52QXPVpqc6hrH4t7GrJ61r2JC
aPlS9FYi8Knma5tIJpEujFl/62OYxUVDN059AXDPiPf0urKDy2cHF8zOrlITrdoO
Bi9+HbHqnuOVBcoWDGwjKyHWejihK5exQwSokPqcXQo5kxoHlGYAwZkygINOewbh
RsQ5JBGiVo1DhyUC
-----END CERTIFICATE-----