Route Origin Authorization

$ rpki-client -vvf rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3132392e302f32342d3234203d3e20323038313632.roa
File:                     3135382e3232302e3132392e302f32342d3234203d3e20323038313632.roa (raw, json)
Hash identifier:          PpdQ9AbUckwwvcPwkBe4Lar7oRAZWFziM3TnkajWZDo=
Subject key identifier:   0E:EF:94:64:60:23:7D:06:7E:6F:4D:76:B3:A2:4B:03:2B:B1:7B:B5
Certificate issuer:       /CN=ee092d6ecb52bc99a39fa6677afbee9e41bae0d9
Certificate serial:       7CB76D63AF8883C8911294A70F5F51FC1C7B9C18
Authority key identifier: EE:09:2D:6E:CB:52:BC:99:A3:9F:A6:67:7A:FB:EE:9E:41:BA:E0:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer
Subject info access:      rsync://rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3132392e302f32342d3234203d3e20323038313632.roa
Signing time:             Mon 12 Aug 2024 08:41:16 +0000
ROA not before:           Mon 12 Aug 2024 08:36:16 +0000
ROA not after:            Mon 11 Aug 2025 08:41:16 +0000
asID:                     208162
IP address blocks:        158.220.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.crl
                          rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:b7:6d:63:af:88:83:c8:91:12:94:a7:0f:5f:51:fc:1c:7b:9c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee092d6ecb52bc99a39fa6677afbee9e41bae0d9
        Validity
            Not Before: Aug 12 08:36:16 2024 GMT
            Not After : Aug 11 08:41:16 2025 GMT
        Subject: CN=0EEF946460237D067E6F4D76B3A24B032BB17BB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:02:d2:89:a6:56:35:97:44:eb:0c:03:85:7e:
                    24:ca:7a:d4:fe:08:81:fc:05:ab:4d:39:b0:56:76:
                    3a:f4:38:5f:25:47:f6:a0:a1:18:1f:47:bd:1a:ab:
                    cd:94:82:75:59:ff:25:2c:84:6c:4f:ae:40:db:e6:
                    3f:a1:19:0a:24:52:86:8a:51:00:e7:4a:05:d6:bf:
                    dc:6a:96:6a:46:6c:05:7c:ba:19:b6:7d:48:21:b8:
                    1c:db:a2:f9:2a:57:66:d6:60:bd:a6:85:89:d8:40:
                    d7:19:f6:9d:04:0c:15:f1:fa:1d:34:29:37:e1:75:
                    0e:a6:9c:7f:5a:38:17:de:ca:e9:28:24:9c:42:8d:
                    f3:48:3b:16:6f:c3:cb:c2:d3:54:e4:87:6b:fb:25:
                    f0:f9:f9:e9:3e:4a:0c:11:c0:ff:60:e4:2e:be:9f:
                    3b:26:e6:75:de:73:06:1b:64:46:82:82:1c:38:7a:
                    ab:e5:0d:5d:51:89:02:cc:a7:84:21:71:6b:3e:95:
                    4b:7f:95:a0:08:97:15:3b:f6:59:01:0d:32:88:06:
                    28:b7:0a:69:87:fa:c4:4f:4e:c5:67:b5:ed:ce:15:
                    1b:59:b8:92:55:d2:04:9e:a9:e4:fc:e7:91:47:2a:
                    11:a6:55:36:e6:44:12:5f:ab:62:e4:87:b6:27:32:
                    97:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:EF:94:64:60:23:7D:06:7E:6F:4D:76:B3:A2:4B:03:2B:B1:7B:B5
            X509v3 Authority Key Identifier:
                keyid:EE:09:2D:6E:CB:52:BC:99:A3:9F:A6:67:7A:FB:EE:9E:41:BA:E0:D9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3132392e302f32342d3234203d3e20323038313632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.220.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:0e:09:db:8a:cc:2c:b9:56:59:2b:9c:40:7b:23:03:03:b6:
         12:49:9c:c7:cf:d1:3b:1d:56:44:7c:de:18:5b:3a:92:b3:f8:
         41:e1:ee:d3:2c:66:1a:92:62:f6:64:d3:6f:3b:25:3e:a7:33:
         68:b9:13:ea:1c:e8:b2:62:5c:95:5f:71:83:4f:42:50:ca:bf:
         fd:fe:ba:1c:a4:83:cb:13:b8:0f:60:cb:5d:93:7f:a7:33:87:
         98:f0:c4:88:f5:22:f3:eb:8d:14:53:e7:ad:8b:a1:f0:03:20:
         cc:5c:50:88:3d:bc:da:b1:cb:b9:84:65:3c:f1:d7:0c:97:1d:
         e7:e2:fa:ab:96:a5:4d:e3:3c:fb:1e:a9:2b:ec:a8:e2:d5:99:
         8c:d7:a8:91:ed:52:60:48:14:20:37:9e:4e:23:8b:5e:70:3b:
         6b:1f:77:75:b8:2f:d6:d8:06:16:1d:64:53:fa:4c:e2:2b:2d:
         d8:58:d6:7e:24:af:4f:21:76:1c:1d:06:db:8e:a4:7c:c3:42:
         1f:a1:9d:ca:ef:f5:30:ce:66:ad:9f:a2:5b:ab:85:ab:c0:b7:
         b5:18:ee:54:98:92:a3:0b:55:db:74:f9:3e:4a:24:e7:f2:5c:
         0e:70:e4:5e:5c:fa:85:4d:2b:3b:16:2d:cd:27:4a:8d:53:ec:
         3e:81:0f:d3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUfLdtY6+Ig8iREpSnD19R/Bx7nBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWUwOTJkNmVjYjUyYmM5OWEzOWZhNjY3N2FmYmVlOWU0
MWJhZTBkOTAeFw0yNDA4MTIwODM2MTZaFw0yNTA4MTEwODQxMTZaMDMxMTAvBgNV
BAMTKDBFRUY5NDY0NjAyMzdEMDY3RTZGNEQ3NkIzQTI0QjAzMkJCMTdCQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChAtKJplY1l0TrDAOFfiTKetT+
CIH8BatNObBWdjr0OF8lR/agoRgfR70aq82UgnVZ/yUshGxPrkDb5j+hGQokUoaK
UQDnSgXWv9xqlmpGbAV8uhm2fUghuBzbovkqV2bWYL2mhYnYQNcZ9p0EDBXx+h00
KTfhdQ6mnH9aOBfeyukoJJxCjfNIOxZvw8vC01Tkh2v7JfD5+ek+SgwRwP9g5C6+
nzsm5nXecwYbZEaCghw4eqvlDV1RiQLMp4QhcWs+lUt/laAIlxU79lkBDTKIBii3
CmmH+sRPTsVnte3OFRtZuJJV0gSeqeT855FHKhGmVTbmRBJfq2Lkh7YnMpdrAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUDu+UZGAjfQZ+b012s6JLAyuxe7UwHwYDVR0j
BBgwFoAU7gktbstSvJmjn6ZnevvunkG64NkwDgYDVR0PAQH/BAQDAgeAMHYGA1Ud
HwRvMG0wa6BpoGeGZXJzeW5jOi8vcnBraS5hdGhlbmUtY2VudGVyLm5ldC9yZXBv
L3Jwa2ktYXRoZW5lLWNlbnRlci8wL0VFMDkyRDZFQ0I1MkJDOTlBMzlGQTY2NzdB
RkJFRTlFNDFCQUUwRDkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZI
cnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Z2t0YnN0
U3ZKbWpuNlpuZXZ2dW5rRzY0TmsuY2VyMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYI
KwYBBQUHMAuGd3JzeW5jOi8vcnBraS5hdGhlbmUtY2VudGVyLm5ldC9yZXBvL3Jw
a2ktYXRoZW5lLWNlbnRlci8wLzMxMzUzODJlMzIzMjMwMmUzMTMyMzkyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMjMwMzgzMTM2MzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACe3IEwDQYJ
KoZIhvcNAQELBQADggEBAHIOCduKzCy5VlkrnEB7IwMDthJJnMfP0TsdVkR83hhb
OpKz+EHh7tMsZhqSYvZk0287JT6nM2i5E+oc6LJiXJVfcYNPQlDKv/3+uhykg8sT
uA9gy12Tf6czh5jwxIj1IvPrjRRT562LofADIMxcUIg9vNqxy7mEZTzx1wyXHefi
+quWpU3jPPseqSvsqOLVmYzXqJHtUmBIFCA3nk4ji15wO2sfd3W4L9bYBhYdZFP6
TOIrLdhY1n4kr08hdhwdBtuOpHzDQh+hncrv9TDOZq2folurhavAt7UY7lSYkqML
Vdt0+T5KJOfyXA5w5F5c+oVNKzsWLc0nSo1T7D6BD9M=
-----END CERTIFICATE-----