Route Origin Authorization

$ rpki-client -vvf rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3132382e302f32342d3234203d3e20323038313632.roa
File:                     3135382e3232302e3132382e302f32342d3234203d3e20323038313632.roa (raw, json)
Hash identifier:          DClRIgSRdVZkOL7feXzgrwDdt4IJN+OQI8p1yhymP4Y=
Subject key identifier:   25:C6:D0:1E:7F:14:85:EF:92:A3:3C:12:3A:CE:77:C8:27:87:3E:B2
Certificate issuer:       /CN=ee092d6ecb52bc99a39fa6677afbee9e41bae0d9
Certificate serial:       3E7DC48A64D37496C3E932466CBA8FFA8B476EAF
Authority key identifier: EE:09:2D:6E:CB:52:BC:99:A3:9F:A6:67:7A:FB:EE:9E:41:BA:E0:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer
Subject info access:      rsync://rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3132382e302f32342d3234203d3e20323038313632.roa
Signing time:             Wed 10 Jul 2024 12:11:36 +0000
ROA not before:           Wed 10 Jul 2024 12:06:36 +0000
ROA not after:            Wed 09 Jul 2025 12:11:36 +0000
asID:                     208162
IP address blocks:        158.220.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.crl
                          rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jul 2024 14:52:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:7d:c4:8a:64:d3:74:96:c3:e9:32:46:6c:ba:8f:fa:8b:47:6e:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee092d6ecb52bc99a39fa6677afbee9e41bae0d9
        Validity
            Not Before: Jul 10 12:06:36 2024 GMT
            Not After : Jul  9 12:11:36 2025 GMT
        Subject: CN=25C6D01E7F1485EF92A33C123ACE77C827873EB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:d2:7c:2c:6b:51:26:7e:81:3f:06:d5:32:93:
                    4a:d5:f3:db:10:d3:fb:14:32:d8:80:1b:b0:99:bc:
                    58:4e:f3:4a:9b:63:85:47:0c:86:09:b3:89:9b:35:
                    37:72:ba:bf:83:49:de:3c:8a:47:d7:1d:ab:e2:93:
                    af:b7:d8:fa:ef:13:13:fa:fe:71:74:55:1f:d2:9c:
                    ac:af:51:19:d3:c4:8c:9f:53:b6:12:64:f7:c4:2b:
                    e5:ea:2f:75:4c:83:36:9a:b5:88:32:aa:3e:be:2b:
                    d5:47:49:e9:98:9b:a6:60:5b:01:94:48:87:6c:1a:
                    76:38:73:f4:06:67:6f:bf:a3:60:ad:70:b8:09:ad:
                    ad:73:2f:a3:09:f5:22:f9:40:e2:60:a4:13:40:c1:
                    aa:51:58:0e:f6:ed:6e:03:5b:a8:de:59:5d:78:55:
                    a2:ad:18:23:fc:d8:8d:95:50:f6:b6:92:f4:cd:fd:
                    61:cf:62:02:52:72:7a:ab:46:eb:ea:df:bd:d2:be:
                    a9:88:6a:0d:09:33:0e:d4:6b:55:2e:3a:1c:77:65:
                    b3:cb:e8:58:51:56:7a:cc:b3:6c:92:8a:79:d6:c2:
                    e1:4e:05:65:90:d4:d3:03:a6:09:d8:1e:43:07:f3:
                    76:d4:df:c2:61:f8:9c:b9:b9:fc:ab:32:13:d4:f5:
                    3b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:C6:D0:1E:7F:14:85:EF:92:A3:3C:12:3A:CE:77:C8:27:87:3E:B2
            X509v3 Authority Key Identifier:
                keyid:EE:09:2D:6E:CB:52:BC:99:A3:9F:A6:67:7A:FB:EE:9E:41:BA:E0:D9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3132382e302f32342d3234203d3e20323038313632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.220.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:d8:b4:16:f0:81:02:db:0b:89:01:32:08:35:41:dd:a0:40:
         7a:11:91:6e:31:1c:00:54:80:a6:68:f1:20:49:e9:9e:ef:d0:
         c7:bf:97:59:77:9d:fd:dc:67:0a:e0:d0:fe:c2:dd:78:c3:bc:
         00:36:44:b7:35:8c:21:98:ba:b2:d7:ea:5f:37:9c:d5:08:98:
         91:c0:b4:d5:16:13:89:5a:b5:69:7a:45:fc:c9:e8:6e:56:0f:
         c1:4c:66:64:a2:9d:0d:72:75:0c:f3:66:e1:66:15:ac:04:35:
         10:72:b1:bb:02:77:56:c1:ba:d7:00:6b:dc:03:cc:a8:8e:d7:
         93:67:41:63:28:87:3e:5e:ba:60:a5:73:cc:84:74:67:f1:75:
         92:fd:72:a0:66:e1:bd:5c:8a:b3:03:b9:1d:2c:f4:8d:5d:67:
         b6:c2:b2:0c:a8:9d:0e:82:2d:85:5e:4e:f0:da:74:fb:32:93:
         bb:31:58:46:eb:89:44:7f:17:42:b5:7a:91:e0:61:16:ae:38:
         db:e0:75:b5:75:14:7d:43:cf:a7:9e:69:65:d0:3e:59:9b:e0:
         3e:43:e9:be:f5:e1:b4:14:66:a3:21:88:af:0f:12:90:05:a1:
         f0:25:59:27:8a:ed:8e:0a:a7:51:56:22:c3:82:a4:9d:6c:b1:
         05:d3:04:82
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUPn3EimTTdJbD6TJGbLqP+otHbq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWUwOTJkNmVjYjUyYmM5OWEzOWZhNjY3N2FmYmVlOWU0
MWJhZTBkOTAeFw0yNDA3MTAxMjA2MzZaFw0yNTA3MDkxMjExMzZaMDMxMTAvBgNV
BAMTKDI1QzZEMDFFN0YxNDg1RUY5MkEzM0MxMjNBQ0U3N0M4Mjc4NzNFQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDs0nwsa1EmfoE/BtUyk0rV89sQ
0/sUMtiAG7CZvFhO80qbY4VHDIYJs4mbNTdyur+DSd48ikfXHavik6+32PrvExP6
/nF0VR/SnKyvURnTxIyfU7YSZPfEK+XqL3VMgzaatYgyqj6+K9VHSemYm6ZgWwGU
SIdsGnY4c/QGZ2+/o2CtcLgJra1zL6MJ9SL5QOJgpBNAwapRWA727W4DW6jeWV14
VaKtGCP82I2VUPa2kvTN/WHPYgJScnqrRuvq373SvqmIag0JMw7Ua1UuOhx3ZbPL
6FhRVnrMs2ySinnWwuFOBWWQ1NMDpgnYHkMH83bU38Jh+Jy5ufyrMhPU9TtBAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUJcbQHn8Uhe+SozwSOs53yCeHPrIwHwYDVR0j
BBgwFoAU7gktbstSvJmjn6ZnevvunkG64NkwDgYDVR0PAQH/BAQDAgeAMHYGA1Ud
HwRvMG0wa6BpoGeGZXJzeW5jOi8vcnBraS5hdGhlbmUtY2VudGVyLm5ldC9yZXBv
L3Jwa2ktYXRoZW5lLWNlbnRlci8wL0VFMDkyRDZFQ0I1MkJDOTlBMzlGQTY2NzdB
RkJFRTlFNDFCQUUwRDkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZI
cnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Z2t0YnN0
U3ZKbWpuNlpuZXZ2dW5rRzY0TmsuY2VyMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYI
KwYBBQUHMAuGd3JzeW5jOi8vcnBraS5hdGhlbmUtY2VudGVyLm5ldC9yZXBvL3Jw
a2ktYXRoZW5lLWNlbnRlci8wLzMxMzUzODJlMzIzMjMwMmUzMTMyMzgyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMjMwMzgzMTM2MzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACe3IAwDQYJ
KoZIhvcNAQELBQADggEBALPYtBbwgQLbC4kBMgg1Qd2gQHoRkW4xHABUgKZo8SBJ
6Z7v0Me/l1l3nf3cZwrg0P7C3XjDvAA2RLc1jCGYurLX6l83nNUImJHAtNUWE4la
tWl6RfzJ6G5WD8FMZmSinQ1ydQzzZuFmFawENRBysbsCd1bButcAa9wDzKiO15Nn
QWMohz5eumClc8yEdGfxdZL9cqBm4b1cirMDuR0s9I1dZ7bCsgyonQ6CLYVeTvDa
dPsyk7sxWEbriUR/F0K1epHgYRauONvgdbV1FH1Dz6eeaWXQPlmb4D5D6b714bQU
ZqMhiK8PEpAFofAlWSeK7Y4Kp1FWIsOCpJ1ssQXTBII=
-----END CERTIFICATE-----