Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/uBNL_ss2Qb-o57v6RB1FMQTXLJ8.roa
File:                     uBNL_ss2Qb-o57v6RB1FMQTXLJ8.roa (raw, json)
Hash identifier:          gTgD0ioaHypn29NRYsE+FbQ+jS6wHnoN/Ie2L/7E1rc=
Subject key identifier:   B8:13:4B:FE:CB:36:41:BF:A8:E7:BB:FA:44:1D:45:31:04:D7:2C:9F
Certificate issuer:       /CN=59a9cb4e8066c4b7df04b4fd0d712016b5586051
Certificate serial:       019EAC982129AFE3C5D938E636BF87356B84
Authority key identifier: 59:A9:CB:4E:80:66:C4:B7:DF:04:B4:FD:0D:71:20:16:B5:58:60:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/uBNL_ss2Qb-o57v6RB1FMQTXLJ8.roa
Signing time:             Tue 09 Jun 2026 13:35:11 +0000
ROA not before:           Tue 09 Jun 2026 13:35:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3301
IP address blocks:        91.212.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:98:21:29:af:e3:c5:d9:38:e6:36:bf:87:35:6b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59a9cb4e8066c4b7df04b4fd0d712016b5586051
        Validity
            Not Before: Jun  9 13:35:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8134bfecb3641bfa8e7bbfa441d453104d72c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d6:b3:81:9b:98:dd:ab:80:6d:28:6f:f8:39:
                    5a:1d:4a:18:2e:71:5b:46:5e:94:6f:c2:27:6d:76:
                    9e:c9:f2:fb:ac:02:c0:54:87:46:c9:d4:01:d1:70:
                    3c:56:53:20:3b:6a:87:f7:3e:df:90:7b:4a:15:99:
                    20:97:8e:c7:3e:7d:c3:2d:62:7c:45:66:3d:f7:cd:
                    30:1b:45:0d:19:ea:61:3a:a5:6b:60:ad:0b:58:2e:
                    7f:e0:e6:39:d2:8f:0c:9b:7a:9b:ae:98:e4:33:ca:
                    34:52:44:c7:79:71:3f:e4:bf:9a:f2:81:02:f9:ac:
                    8d:0d:57:dc:51:f2:d1:c5:35:8d:3b:83:1f:81:39:
                    2c:b6:47:b4:75:95:41:3c:d2:15:25:82:19:8f:94:
                    ea:a4:b3:0c:60:c3:a3:07:47:00:23:83:93:f7:81:
                    1c:16:03:16:7a:58:8d:ac:82:40:1b:c5:43:f0:e7:
                    dd:95:42:8e:e8:44:48:9c:f8:3b:6b:c2:0c:15:03:
                    23:96:2a:9c:82:7a:cb:9a:25:ac:4f:23:2b:4e:9e:
                    60:0f:05:09:7d:5e:80:ea:41:e3:a6:d0:25:c4:02:
                    9e:0c:1c:74:c3:43:05:48:67:d1:34:31:e4:9d:d7:
                    d3:01:e0:01:b5:e1:92:0a:1e:9d:11:2b:22:af:51:
                    f8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:13:4B:FE:CB:36:41:BF:A8:E7:BB:FA:44:1D:45:31:04:D7:2C:9F
            X509v3 Authority Key Identifier:
                keyid:59:A9:CB:4E:80:66:C4:B7:DF:04:B4:FD:0D:71:20:16:B5:58:60:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/uBNL_ss2Qb-o57v6RB1FMQTXLJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:6d:88:ba:60:22:ab:72:0b:47:15:db:25:42:9d:19:2f:dc:
         0e:8d:af:49:fe:b7:eb:a2:ce:67:f5:bf:49:ab:34:36:d4:af:
         24:32:f7:c7:c7:ce:bf:14:35:b8:fc:d4:3f:9d:8e:52:bf:aa:
         ac:0b:5e:12:c9:37:76:99:4f:b9:b3:cd:97:6f:ff:52:bb:eb:
         18:7b:81:06:48:b3:19:29:90:1e:73:b2:97:0c:4c:91:9e:5c:
         0f:75:38:48:d0:54:fd:46:7c:a6:8f:ca:80:de:89:e3:a7:a4:
         2b:97:cc:a1:c6:ff:ff:cb:ca:fc:2d:13:57:30:b0:13:e6:87:
         d4:5b:53:5f:90:df:21:22:25:8c:cb:c8:e0:b8:84:46:a6:b8:
         fd:e7:d5:23:13:bd:02:8d:00:b3:d6:84:54:ec:4f:cf:2a:e7:
         6f:3c:e1:bc:76:de:79:20:00:f0:f1:a7:71:4e:ba:fc:93:1f:
         18:13:5d:0a:d4:74:46:fa:d0:4b:bd:07:3e:7c:f2:53:bd:ae:
         33:f7:6c:b0:9f:5a:da:45:f7:f8:e9:06:f3:41:e8:f5:0f:85:
         0b:90:35:51:32:3e:94:05:66:ab:91:c9:bf:db:32:5e:e2:db:
         95:29:8d:d2:55:43:cf:ec:b9:1d:4e:5d:42:7b:78:4a:2d:70:
         8f:21:af:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6smCEpr+PF2TjmNr+HNWuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YTljYjRlODA2NmM0YjdkZjA0YjRmZDBkNzEyMDE2YjU1
ODYwNTEwHhcNMjYwNjA5MTMzNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODEzNGJmZWNiMzY0MWJmYThlN2JiZmE0NDFkNDUzMTA0ZDcyYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9azgZuY3auAbShv+DlaHUoYLnFb
Rl6Ub8InbXaeyfL7rALAVIdGydQB0XA8VlMgO2qH9z7fkHtKFZkgl47HPn3DLWJ8
RWY9980wG0UNGephOqVrYK0LWC5/4OY50o8Mm3qbrpjkM8o0UkTHeXE/5L+a8oEC
+ayNDVfcUfLRxTWNO4MfgTkstke0dZVBPNIVJYIZj5TqpLMMYMOjB0cAI4OT94Ec
FgMWeliNrIJAG8VD8OfdlUKO6ERInPg7a8IMFQMjliqcgnrLmiWsTyMrTp5gDwUJ
fV6A6kHjptAlxAKeDBx0w0MFSGfRNDHkndfTAeABteGSCh6dESsir1H4TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgTS/7LNkG/qOe7+kQdRTEE1yyfMB8GA1UdIwQY
MBaAFFmpy06AZsS33wS0/Q1xIBa1WGBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2FuTFRvQm14TGZmQkxUOURYRWdGclZZWUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS84NTRlMzEtN2ZhZi00MGZjLWIyYWEt
N2U1MmMzNzA1MmJmLzEvdUJOTF9zczJRYi1vNTd2NlJCMUZNUVRYTEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS84NTRlMzEtN2ZhZi00MGZjLWIyYWEtN2U1MmMzNzA1MmJm
LzEvV2FuTFRvQm14TGZmQkxUOURYRWdGclZZWUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9S8MA0G
CSqGSIb3DQEBCwUAA4IBAQCQbYi6YCKrcgtHFdslQp0ZL9wOja9J/rfros5n9b9J
qzQ21K8kMvfHx86/FDW4/NQ/nY5Sv6qsC14SyTd2mU+5s82Xb/9Su+sYe4EGSLMZ
KZAec7KXDEyRnlwPdThI0FT9Rnymj8qA3onjp6Qrl8yhxv//y8r8LRNXMLAT5ofU
W1NfkN8hIiWMy8jguIRGprj959UjE70CjQCz1oRU7E/PKudvPOG8dt55IADw8adx
Trr8kx8YE10K1HRG+tBLvQc+fPJTva4z92ywn1raRff46QbzQej1D4ULkDVRMj6U
BWarkcm/2zJe4tuVKY3SVUPP7LkdTl1Ce3hKLXCPIa+L
-----END CERTIFICATE-----