Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/nuv_xO2fUI7ouRwn8qjlIQlwGBE.roa
File:                     nuv_xO2fUI7ouRwn8qjlIQlwGBE.roa (raw, json)
Hash identifier:          GUUp8iER93VvBlFzsyfENqC6foR+BmpnDG9bPgxvJu4=
Subject key identifier:   9E:EB:FF:C4:ED:9F:50:8E:E8:B9:1C:27:F2:A8:E5:21:09:70:18:11
Certificate issuer:       /CN=12c889964b35b51ba8e5e679a15b19a31f133578
Certificate serial:       018CC726DDF5DC6924150F3A4FA53CB9E7F6
Authority key identifier: 12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/nuv_xO2fUI7ouRwn8qjlIQlwGBE.roa
Signing time:             Mon 01 Jan 2024 22:31:02 +0000
ROA not before:           Mon 01 Jan 2024 22:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210318
IP address blocks:        82.146.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:dd:f5:dc:69:24:15:0f:3a:4f:a5:3c:b9:e7:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c889964b35b51ba8e5e679a15b19a31f133578
        Validity
            Not Before: Jan  1 22:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eebffc4ed9f508ee8b91c27f2a8e52109701811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d7:0e:6b:70:a6:53:41:93:51:26:de:07:fe:
                    41:79:98:63:af:a6:e5:16:52:20:63:84:ff:6c:6b:
                    57:30:ed:0f:47:bf:e5:59:47:8f:75:2c:1c:bb:6b:
                    f2:25:24:28:42:48:ff:81:46:9b:39:c1:a1:8f:65:
                    e7:22:9b:f9:8a:08:87:06:88:30:2e:67:91:5a:a4:
                    74:52:f8:64:95:12:ae:5b:25:e5:73:c6:3d:c2:8e:
                    66:6b:f9:fb:e1:f0:7c:68:04:0e:1f:86:dd:51:6b:
                    50:db:42:a5:4d:18:0a:8d:f9:1d:8b:8a:11:94:96:
                    bb:16:c9:59:d0:04:c1:13:49:19:b5:96:5b:bd:8d:
                    39:9f:35:7d:c1:a5:1a:2c:3f:12:61:f0:18:98:60:
                    ce:98:94:b2:e5:a4:92:eb:b9:d1:8e:fd:ef:cb:c0:
                    88:b5:18:06:d4:81:4e:c5:21:ce:bc:ae:06:59:bf:
                    e4:12:0f:ca:23:f9:8a:3f:84:6c:7e:df:11:10:a7:
                    ac:dd:d4:ea:0d:3c:c7:9b:a6:1c:b4:e3:55:70:e8:
                    49:5b:38:1b:cb:87:85:47:11:9a:45:3b:c6:be:3b:
                    80:d6:7d:89:57:56:08:b1:5a:1a:c6:d3:41:77:77:
                    51:7b:80:9a:8a:f4:b1:55:ae:0c:d8:56:8c:4b:a7:
                    c4:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EB:FF:C4:ED:9F:50:8E:E8:B9:1C:27:F2:A8:E5:21:09:70:18:11
            X509v3 Authority Key Identifier:
                keyid:12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/nuv_xO2fUI7ouRwn8qjlIQlwGBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.146.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ef:1e:f9:2b:77:9d:5f:56:6f:81:81:76:06:2f:f0:9b:15:
         5c:a6:40:91:5a:ef:ac:28:58:ba:a4:cf:d5:78:4e:7e:87:fd:
         05:3f:7a:e9:db:e3:7e:a9:0f:4f:f6:77:a7:f8:c2:5a:79:2e:
         49:4a:04:bc:a1:56:47:10:bb:74:70:a2:54:58:f3:e9:12:2d:
         a8:2d:33:c4:bb:f5:1b:29:04:29:ee:46:20:43:54:62:ba:1f:
         b8:66:7f:43:bd:04:73:af:bf:57:8c:3d:83:f1:d5:60:fb:6c:
         af:4e:89:13:7a:04:26:f6:97:0e:31:ba:c8:5e:f6:6a:1d:51:
         02:29:a3:84:68:99:75:d5:1f:43:4f:ec:89:18:fe:ac:0f:67:
         a5:3d:70:86:7a:c4:c8:84:88:6c:d4:71:c2:7a:5d:e3:8a:6e:
         f7:a9:d9:90:5c:0b:9c:61:c9:15:7f:7a:7b:64:ef:89:2a:65:
         4e:1e:4f:04:15:a9:0d:01:7c:34:e6:32:fc:ef:86:81:e4:ba:
         5c:a3:33:72:c9:ab:8f:fb:03:6f:c0:e3:b1:76:94:98:7d:1d:
         83:4d:d9:a5:50:ac:99:70:0c:a4:29:8e:69:f0:4d:a4:e0:ad:
         00:05:d4:1f:16:fe:79:a8:7f:4f:9b:18:31:68:d5:e7:cd:50:
         c7:c2:3f:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJt313GkkFQ86T6U8uef2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzg4OTk2NGIzNWI1MWJhOGU1ZTY3OWExNWIxOWEzMWYx
MzM1NzgwHhcNMjQwMTAxMjIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWViZmZjNGVkOWY1MDhlZThiOTFjMjdmMmE4ZTUyMTA5NzAxODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtcOa3CmU0GTUSbeB/5BeZhjr6bl
FlIgY4T/bGtXMO0PR7/lWUePdSwcu2vyJSQoQkj/gUabOcGhj2XnIpv5igiHBogw
LmeRWqR0UvhklRKuWyXlc8Y9wo5ma/n74fB8aAQOH4bdUWtQ20KlTRgKjfkdi4oR
lJa7FslZ0ATBE0kZtZZbvY05nzV9waUaLD8SYfAYmGDOmJSy5aSS67nRjv3vy8CI
tRgG1IFOxSHOvK4GWb/kEg/KI/mKP4Rsft8REKes3dTqDTzHm6YctONVcOhJWzgb
y4eFRxGaRTvGvjuA1n2JV1YIsVoaxtNBd3dRe4CaivSxVa4M2FaMS6fEbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7r/8Ttn1CO6LkcJ/Ko5SEJcBgRMB8GA1UdIwQY
MBaAFBLIiZZLNbUbqOXmeaFbGaMfEzV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYt
YWQ2ZjBiZjg4NDM4LzEvbnV2X3hPMmZVSTdvdVJ3bjhxamxJUWx3R0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYtYWQ2ZjBiZjg4NDM4
LzEvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUpK6MA0G
CSqGSIb3DQEBCwUAA4IBAQAC7x75K3edX1ZvgYF2Bi/wmxVcpkCRWu+sKFi6pM/V
eE5+h/0FP3rp2+N+qQ9P9nen+MJaeS5JSgS8oVZHELt0cKJUWPPpEi2oLTPEu/Ub
KQQp7kYgQ1Riuh+4Zn9DvQRzr79XjD2D8dVg+2yvTokTegQm9pcOMbrIXvZqHVEC
KaOEaJl11R9DT+yJGP6sD2elPXCGesTIhIhs1HHCel3jim73qdmQXAucYckVf3p7
ZO+JKmVOHk8EFakNAXw05jL874aB5LpcozNyyauP+wNvwOOxdpSYfR2DTdmlUKyZ
cAykKY5p8E2k4K0ABdQfFv55qH9PmxgxaNXnzVDHwj9I
-----END CERTIFICATE-----