Route Origin Authorization

$ rpki-client -vvf rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa
File:                     326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa (raw, json)
Hash identifier:          KcSiMoX0U3Ni7SCBK6yO0cPqVDIaJsQvJrGXhRD/MYw=
Subject key identifier:   F2:77:54:53:2D:1D:F8:7E:A2:99:50:DF:5D:F0:6D:A5:18:48:46:1E
Certificate issuer:       /CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
Certificate serial:       33BAA314C80820FC5EE79E0B055B2383B92F6653
Authority key identifier: 3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
Subject info access:      rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa
Signing time:             Wed 25 Feb 2026 13:28:49 +0000
ROA not before:           Wed 25 Feb 2026 13:23:49 +0000
ROA not after:            Wed 24 Feb 2027 13:28:49 +0000
asID:                     151464
IP address blocks:        2a13:1801:180::/43 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl
                          rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:09:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:ba:a3:14:c8:08:20:fc:5e:e7:9e:0b:05:5b:23:83:b9:2f:66:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cdec27384aade5ca0809fd6f16d2bca18beb659
        Validity
            Not Before: Feb 25 13:23:49 2026 GMT
            Not After : Feb 24 13:28:49 2027 GMT
        Subject: CN=F27754532D1DF87EA29950DF5DF06DA51848461E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:43:58:93:27:0a:1e:98:35:49:c2:3f:fe:40:
                    80:28:14:09:58:ad:98:20:f6:99:e2:51:38:1e:4f:
                    96:a4:58:df:e0:b7:36:ca:cd:95:2c:d2:a8:78:6d:
                    b8:a6:70:48:95:a8:99:36:2b:cd:1f:c5:ea:7e:de:
                    3a:8a:13:09:61:68:8d:84:4e:3e:ca:60:ad:a7:9f:
                    4d:6b:0e:78:a2:ed:03:06:d8:bb:8b:d7:a9:c7:20:
                    96:44:65:fb:a4:85:ca:3c:8b:66:42:ae:4f:65:e0:
                    64:21:70:1b:5c:e1:28:f4:28:38:bd:ac:16:89:4c:
                    46:b6:51:47:bd:47:c0:8e:19:a0:5c:c5:cf:51:23:
                    63:37:35:a8:a4:05:22:10:be:2f:7d:ed:5d:8d:d2:
                    2b:33:97:1d:d3:ba:fd:ed:2b:28:82:34:a1:80:e6:
                    9f:59:cc:95:48:0a:db:07:4e:60:0f:60:a7:84:9e:
                    64:52:f6:5e:a6:5b:b4:67:df:d7:23:10:b3:4e:6e:
                    33:7b:38:28:e4:ec:bc:2b:17:c4:1e:2b:54:63:73:
                    b6:b5:eb:89:2d:11:f0:a6:e0:3d:cd:eb:84:a2:7f:
                    d8:39:73:2a:6d:26:05:55:54:d7:9e:70:a0:95:3d:
                    39:99:5c:a2:59:a2:52:05:9e:7d:dd:6d:b8:19:1a:
                    68:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:77:54:53:2D:1D:F8:7E:A2:99:50:DF:5D:F0:6D:A5:18:48:46:1E
            X509v3 Authority Key Identifier:
                keyid:3C:DE:C2:73:84:AA:DE:5C:A0:80:9F:D6:F1:6D:2B:CA:18:BE:B6:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/3CDEC27384AADE5CA0809FD6F16D2BCA18BEB659.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PN7Cc4Sq3lyggJ_W8W0ryhi-tlk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.rpki.tianhai.link/repo/TianhaiRpki/0/326131333a313830313a3138303a3a2f34332d3438203d3e20313531343634.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1801:180::/43

    Signature Algorithm: sha256WithRSAEncryption
         2c:bb:ca:18:32:20:4e:76:a6:7e:e5:ae:7e:0f:eb:89:31:5b:
         74:d9:bf:25:d3:89:da:26:4b:0e:dd:bb:26:3f:e4:6c:ef:b5:
         a0:5b:41:96:f8:66:83:63:b8:e9:67:2b:7b:e6:25:3c:7f:59:
         07:43:68:f2:73:5d:35:f0:d3:84:0a:ec:02:49:7e:db:05:76:
         b1:47:c9:2d:a7:08:4a:aa:cc:c6:28:42:5c:6c:1d:e3:62:55:
         7e:cf:34:ff:88:c9:b3:17:8c:0f:16:41:78:96:03:e9:44:3a:
         e9:9b:c9:01:25:f9:b7:2c:76:a5:c1:32:ec:6d:65:17:1b:01:
         16:0f:e8:94:98:ca:2c:0d:43:6d:69:24:ba:14:22:06:b6:22:
         c0:ae:a3:84:ee:38:8d:bb:3e:3e:ae:16:f4:91:35:5d:e5:6e:
         7e:bb:09:f4:7b:75:17:a4:c4:60:69:03:0f:57:77:36:91:54:
         0a:19:12:55:9f:0b:22:84:04:1a:87:21:5a:00:9d:c8:df:bc:
         69:f2:bf:ac:a7:e2:26:5e:09:3f:91:e0:15:5d:54:71:0e:74:
         89:43:33:b1:53:9d:2c:92:73:c0:f4:89:c4:87:80:d1:ba:6f:
         ed:04:e3:1c:4a:a1:b8:f7:d1:cc:e9:ff:39:0d:88:c5:08:41:
         24:6a:32:60
-----BEGIN CERTIFICATE-----
MIIE9zCCA9+gAwIBAgIUM7qjFMgIIPxe554LBVsjg7kvZlMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2NkZWMyNzM4NGFhZGU1Y2EwODA5ZmQ2ZjE2ZDJiY2Ex
OGJlYjY1OTAeFw0yNjAyMjUxMzIzNDlaFw0yNzAyMjQxMzI4NDlaMDMxMTAvBgNV
BAMTKEYyNzc1NDUzMkQxREY4N0VBMjk5NTBERjVERjA2REE1MTg0ODQ2MUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUQ1iTJwoemDVJwj/+QIAoFAlY
rZgg9pniUTgeT5akWN/gtzbKzZUs0qh4bbimcEiVqJk2K80fxep+3jqKEwlhaI2E
Tj7KYK2nn01rDnii7QMG2LuL16nHIJZEZfukhco8i2ZCrk9l4GQhcBtc4Sj0KDi9
rBaJTEa2UUe9R8COGaBcxc9RI2M3NaikBSIQvi997V2N0iszlx3Tuv3tKyiCNKGA
5p9ZzJVICtsHTmAPYKeEnmRS9l6mW7Rn39cjELNObjN7OCjk7LwrF8QeK1Rjc7a1
64ktEfCm4D3N64Sif9g5cyptJgVVVNeecKCVPTmZXKJZolIFnn3dbbgZGmj3AgMB
AAGjggIBMIIB/TAdBgNVHQ4EFgQU8ndUUy0d+H6imVDfXfBtpRhIRh4wHwYDVR0j
BBgwFoAUPN7Cc4Sq3lyggJ/W8W0ryhi+tlkwDgYDVR0PAQH/BAQDAgeAMHAGA1Ud
HwRpMGcwZaBjoGGGX3JzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVw
by9UaWFuaGFpUnBraS8wLzNDREVDMjczODRBQURFNUNBMDgwOUZENkYxNkQyQkNB
MThCRUI2NTkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6
Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9QTjdDYzRTcTNseWdn
Sl9XOFcwcnloaS10bGsuY2VyMIGUBggrBgEFBQcBCwSBhzCBhDCBgQYIKwYBBQUH
MAuGdXJzeW5jOi8vcnN5bmMucnBraS50aWFuaGFpLmxpbmsvcmVwby9UaWFuaGFp
UnBraS8wLzMyNjEzMTMzM2EzMTM4MzAzMTNhMzEzODMwM2EzYTJmMzQzMzJkMzQz
ODIwM2QzZTIwMzEzNTMxMzQzNjM0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUF
Bw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKhMYAQGAMA0GCSqGSIb3
DQEBCwUAA4IBAQAsu8oYMiBOdqZ+5a5+D+uJMVt02b8l04naJksO3bsmP+Rs77Wg
W0GW+GaDY7jpZyt75iU8f1kHQ2jyc1018NOECuwCSX7bBXaxR8ktpwhKqszGKEJc
bB3jYlV+zzT/iMmzF4wPFkF4lgPpRDrpm8kBJfm3LHalwTLsbWUXGwEWD+iUmMos
DUNtaSS6FCIGtiLArqOE7jiNuz4+rhb0kTVd5W5+uwn0e3UXpMRgaQMPV3c2kVQK
GRJVnwsihAQahyFaAJ3I37xp8r+sp+ImXgk/keAVXVRxDnSJQzOxU50sknPA9InE
h4DRum/tBOMcSqG499HM6f85DYjFCEEkajJg
-----END CERTIFICATE-----