Route Origin Authorization

$ rpki-client -vvf rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3133302e302f32342d3234203d3e20323038313632.roa
File:                     3135382e3232302e3133302e302f32342d3234203d3e20323038313632.roa (raw, json)
Hash identifier:          MKRsuKIv0eEmxhQYxEIMkWcrJBQCwaKDIO1cRYoqRII=
Subject key identifier:   62:17:16:60:C1:5B:B1:72:41:97:17:C0:F9:9A:47:1A:28:A8:63:8D
Certificate issuer:       /CN=ee092d6ecb52bc99a39fa6677afbee9e41bae0d9
Certificate serial:       771A4701F157D3A4C416667BA5A4CAD8978BDA02
Authority key identifier: EE:09:2D:6E:CB:52:BC:99:A3:9F:A6:67:7A:FB:EE:9E:41:BA:E0:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer
Subject info access:      rsync://rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3133302e302f32342d3234203d3e20323038313632.roa
Signing time:             Mon 10 Nov 2025 15:40:14 +0000
ROA not before:           Mon 10 Nov 2025 15:35:14 +0000
ROA not after:            Mon 09 Nov 2026 15:40:14 +0000
asID:                     208162
IP address blocks:        158.220.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.crl
                          rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:57:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:1a:47:01:f1:57:d3:a4:c4:16:66:7b:a5:a4:ca:d8:97:8b:da:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee092d6ecb52bc99a39fa6677afbee9e41bae0d9
        Validity
            Not Before: Nov 10 15:35:14 2025 GMT
            Not After : Nov  9 15:40:14 2026 GMT
        Subject: CN=62171660C15BB172419717C0F99A471A28A8638D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3b:83:44:93:b4:f7:1f:71:0d:81:3e:08:43:
                    95:89:3b:92:37:c8:ea:f1:4d:8b:9e:4e:c1:ed:e4:
                    ff:72:64:be:11:bb:86:54:3d:e8:ee:4f:55:33:71:
                    02:c5:ec:76:9f:bf:cd:34:f6:7c:81:70:61:c0:73:
                    55:a7:c0:6c:a4:fb:20:9a:0d:97:5b:ee:b8:af:a1:
                    7c:3c:7d:d4:f4:93:89:30:eb:23:80:2d:e0:67:14:
                    0d:9d:f7:f5:5c:ed:d5:f7:b3:ef:d9:dd:d0:4a:62:
                    92:c1:1a:ca:e3:e7:91:a6:7d:bd:44:cf:f8:d0:7d:
                    11:8e:46:f5:f2:ac:0a:29:82:39:29:5d:f6:a5:2f:
                    93:58:66:07:15:83:ca:c0:8b:13:85:83:a0:6b:b5:
                    9d:37:40:53:c5:52:d5:fb:df:b8:df:e2:8c:b2:d2:
                    77:2b:e8:87:97:89:75:b1:47:a5:64:a3:09:b3:a8:
                    be:d8:44:94:ec:aa:63:b7:8f:c4:2e:2e:56:30:83:
                    c9:f5:b0:a7:30:5f:87:ea:f2:3c:1d:e9:bf:38:7d:
                    78:36:6a:1d:f7:08:46:fb:c1:50:df:ab:f1:77:48:
                    c8:f0:9e:8f:81:87:46:89:c9:8d:ef:b0:46:a0:06:
                    76:26:33:45:8d:5f:d4:7e:a0:73:e7:9c:b5:eb:84:
                    a9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:17:16:60:C1:5B:B1:72:41:97:17:C0:F9:9A:47:1A:28:A8:63:8D
            X509v3 Authority Key Identifier:
                keyid:EE:09:2D:6E:CB:52:BC:99:A3:9F:A6:67:7A:FB:EE:9E:41:BA:E0:D9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.athene-center.net/repo/rpki-athene-center/0/EE092D6ECB52BC99A39FA6677AFBEE9E41BAE0D9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7gktbstSvJmjn6ZnevvunkG64Nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.athene-center.net/repo/rpki-athene-center/0/3135382e3232302e3133302e302f32342d3234203d3e20323038313632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.220.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:ca:ce:f2:09:37:8f:d9:96:05:cb:98:98:5b:1c:65:e1:fb:
         12:da:91:ef:73:a7:bc:15:b0:f9:2c:fc:db:d2:89:00:e6:b0:
         39:6e:58:0d:ca:fd:61:b6:ae:43:70:e1:83:0c:a4:7a:0b:24:
         73:10:8e:aa:cb:1c:c1:82:da:4a:79:00:f0:7d:a7:9e:4d:74:
         2b:da:5f:1e:0c:6a:9b:a6:f4:09:4d:02:20:52:ab:c3:db:12:
         bc:15:e3:9f:2c:f5:eb:fe:3d:a8:a4:ed:6d:9c:60:04:68:e5:
         c5:2d:1a:3b:fa:09:84:fe:07:4f:53:0b:b5:1b:31:9a:b5:aa:
         22:c0:1c:31:da:6e:ee:f0:09:10:f5:3f:f0:ad:7d:e1:06:21:
         4b:c1:f7:8b:e9:37:36:f0:76:ea:3d:d5:02:82:f4:da:e9:71:
         14:e1:68:96:7e:4c:fa:d0:e7:3a:e2:d9:86:34:45:ae:2f:fa:
         50:16:32:7c:8f:9f:a6:91:6f:d1:ff:fb:ba:8b:90:e8:7e:e7:
         6b:4c:cb:fb:c8:dc:db:6b:d1:f6:17:24:5b:5e:5f:21:68:53:
         5a:cf:21:ad:b5:70:98:ef:13:b7:5d:53:8f:c2:bc:82:db:a0:
         94:e8:30:54:e4:fb:67:76:23:fd:03:3c:bc:56:08:c3:ac:1d:
         5d:b7:2e:6b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIUdxpHAfFX06TEFmZ7paTK2JeL2gIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZWUwOTJkNmVjYjUyYmM5OWEzOWZhNjY3N2FmYmVlOWU0
MWJhZTBkOTAeFw0yNTExMTAxNTM1MTRaFw0yNjExMDkxNTQwMTRaMDMxMTAvBgNV
BAMTKDYyMTcxNjYwQzE1QkIxNzI0MTk3MTdDMEY5OUE0NzFBMjhBODYzOEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjO4NEk7T3H3ENgT4IQ5WJO5I3
yOrxTYueTsHt5P9yZL4Ru4ZUPejuT1UzcQLF7Hafv8009nyBcGHAc1WnwGyk+yCa
DZdb7rivoXw8fdT0k4kw6yOALeBnFA2d9/Vc7dX3s+/Z3dBKYpLBGsrj55Gmfb1E
z/jQfRGORvXyrAopgjkpXfalL5NYZgcVg8rAixOFg6BrtZ03QFPFUtX737jf4oyy
0ncr6IeXiXWxR6VkowmzqL7YRJTsqmO3j8QuLlYwg8n1sKcwX4fq8jwd6b84fXg2
ah33CEb7wVDfq/F3SMjwno+Bh0aJyY3vsEagBnYmM0WNX9R+oHPnnLXrhKlzAgMB
AAGjggIGMIICAjAdBgNVHQ4EFgQUYhcWYMFbsXJBlxfA+ZpHGiioY40wHwYDVR0j
BBgwFoAU7gktbstSvJmjn6ZnevvunkG64NkwDgYDVR0PAQH/BAQDAgeAMHYGA1Ud
HwRvMG0wa6BpoGeGZXJzeW5jOi8vcnBraS5hdGhlbmUtY2VudGVyLm5ldC9yZXBv
L3Jwa2ktYXRoZW5lLWNlbnRlci8wL0VFMDkyRDZFQ0I1MkJDOTlBMzlGQTY2NzdB
RkJFRTlFNDFCQUUwRDkuY3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZI
cnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Z2t0YnN0
U3ZKbWpuNlpuZXZ2dW5rRzY0TmsuY2VyMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYI
KwYBBQUHMAuGd3JzeW5jOi8vcnBraS5hdGhlbmUtY2VudGVyLm5ldC9yZXBvL3Jw
a2ktYXRoZW5lLWNlbnRlci8wLzMxMzUzODJlMzIzMjMwMmUzMTMzMzAyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMjMwMzgzMTM2MzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACe3IIwDQYJ
KoZIhvcNAQELBQADggEBAFPKzvIJN4/ZlgXLmJhbHGXh+xLake9zp7wVsPks/NvS
iQDmsDluWA3K/WG2rkNw4YMMpHoLJHMQjqrLHMGC2kp5APB9p55NdCvaXx4Mapum
9AlNAiBSq8PbErwV458s9ev+Paik7W2cYARo5cUtGjv6CYT+B09TC7UbMZq1qiLA
HDHabu7wCRD1P/CtfeEGIUvB94vpNzbwduo91QKC9NrpcRThaJZ+TPrQ5zri2YY0
Ra4v+lAWMnyPn6aRb9H/+7qLkOh+52tMy/vI3Ntr0fYXJFteXyFoU1rPIa21cJjv
E7ddU4/CvILboJToMFTk+2d2I/0DPLxWCMOsHV23Lms=
-----END CERTIFICATE-----