Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/_Okbnr80Rq7ww8R4v3_ggcisub4.roa
File:                     _Okbnr80Rq7ww8R4v3_ggcisub4.roa (raw, json)
Hash identifier:          /xX2WGNlLNgbJPvCfzjtPTr4JvfPghmXqeSRioLiEAY=
Subject key identifier:   FC:E9:1B:9E:BF:34:46:AE:F0:C3:C4:78:BF:7F:E0:81:C8:AC:B9:BE
Certificate issuer:       /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial:       019C9D39F4C8B17BE1472798BD78F3D17FF0
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/_Okbnr80Rq7ww8R4v3_ggcisub4.roa
Signing time:             Fri 27 Feb 2026 03:52:26 +0000
ROA not before:           Fri 27 Feb 2026 03:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4593
IP address blocks:        138.226.218.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9d:39:f4:c8:b1:7b:e1:47:27:98:bd:78:f3:d1:7f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
        Validity
            Not Before: Feb 27 03:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fce91b9ebf3446aef0c3c478bf7fe081c8acb9be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:a3:0f:ac:05:56:6c:be:e2:51:74:33:df:92:
                    01:9d:fc:4a:ac:19:fd:66:74:fe:99:f0:7a:30:c2:
                    5d:38:13:4b:1d:0c:f2:21:a3:d3:f4:15:a4:3e:a3:
                    4b:0f:88:a3:78:fe:de:59:d7:c0:e6:08:15:a8:30:
                    b3:0a:61:13:e8:77:60:1b:59:10:f0:58:ee:f9:aa:
                    1b:2d:85:92:1d:78:90:27:9a:41:65:d9:6b:90:76:
                    59:72:88:ea:14:96:19:6c:9a:6a:89:45:61:45:76:
                    06:65:26:e6:f2:7f:d3:1f:5f:cf:87:09:87:f7:12:
                    82:43:1f:a0:d1:92:bd:48:42:f5:7e:1a:59:73:00:
                    f4:e3:a1:63:b8:1f:17:cc:26:8e:8d:a2:e8:fd:30:
                    f4:15:c6:8d:00:cd:e0:a1:f1:2f:0f:e4:72:71:fc:
                    39:69:58:19:d4:9a:32:72:28:61:23:21:79:12:0c:
                    22:d8:58:7d:55:2a:bf:c4:01:bf:b7:df:51:56:56:
                    5f:0f:f3:ea:3e:21:35:64:ab:7f:4a:f3:05:06:45:
                    7c:d8:4b:7a:9a:8c:21:ed:3f:73:db:9f:ca:51:c6:
                    6a:7a:db:b5:53:e0:c3:6b:e2:04:59:d2:be:4f:77:
                    2e:15:a2:42:1d:0b:c5:8e:14:ec:24:a2:8e:0e:c9:
                    a6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:E9:1B:9E:BF:34:46:AE:F0:C3:C4:78:BF:7F:E0:81:C8:AC:B9:BE
            X509v3 Authority Key Identifier:
                keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/_Okbnr80Rq7ww8R4v3_ggcisub4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.226.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:ec:68:bc:91:63:6c:ed:75:0a:70:ea:03:03:38:0d:25:2b:
         d9:e1:9a:15:09:96:51:60:74:25:c3:b4:f0:c0:53:4a:f6:9d:
         38:aa:45:61:02:b8:13:5e:e0:99:1d:37:9b:94:f0:60:07:c7:
         33:18:11:32:75:18:e4:48:a5:f2:e8:93:dc:b8:10:77:78:8b:
         90:97:a5:0a:8d:7a:8a:c0:2c:6c:59:04:a0:b0:2e:78:92:52:
         00:90:72:08:98:a3:46:36:ea:6c:f8:69:9f:bd:93:bc:f4:c2:
         2f:85:e4:99:d2:63:bc:77:8c:86:8c:45:9e:96:c9:9b:bd:b3:
         f7:29:31:98:28:c3:e7:f4:21:44:9e:89:10:b8:40:9a:eb:cd:
         47:92:aa:ab:4e:25:f1:3e:35:17:b3:32:08:19:0b:c6:d9:b8:
         3e:d6:cf:ff:e7:d6:49:b7:94:0d:de:80:d7:a6:59:ed:ae:d8:
         be:7e:d0:b6:8b:d6:a6:6a:cd:8d:ef:66:16:1d:c7:cc:58:8b:
         6e:23:18:ce:07:53:13:c3:5a:38:8d:5d:bc:95:d9:27:cf:b3:
         a6:69:84:62:fd:4c:ba:1f:d2:32:7a:9f:74:2e:e1:4d:95:2c:
         d1:25:d9:29:ae:95:7e:2d:83:6e:14:14:48:8e:5f:0e:5b:40:
         c5:60:f0:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZydOfTIsXvhRyeYvXjz0X/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjYwMjI3MDM1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2U5MWI5ZWJmMzQ0NmFlZjBjM2M0NzhiZjdmZTA4MWM4YWNiOWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46MPrAVWbL7iUXQz35IBnfxKrBn9
ZnT+mfB6MMJdOBNLHQzyIaPT9BWkPqNLD4ijeP7eWdfA5ggVqDCzCmET6HdgG1kQ
8Fju+aobLYWSHXiQJ5pBZdlrkHZZcojqFJYZbJpqiUVhRXYGZSbm8n/TH1/PhwmH
9xKCQx+g0ZK9SEL1fhpZcwD046FjuB8XzCaOjaLo/TD0FcaNAM3gofEvD+Rycfw5
aVgZ1JoycihhIyF5Egwi2Fh9VSq/xAG/t99RVlZfD/PqPiE1ZKt/SvMFBkV82Et6
mowh7T9z25/KUcZqetu1U+DDa+IEWdK+T3cuFaJCHQvFjhTsJKKODsmmNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzpG56/NEau8MPEeL9/4IHIrLm+MB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvX09rYm5yODBScTd3dzhSNHYzX2dnY2lzdWI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBiuLaMA0G
CSqGSIb3DQEBCwUAA4IBAQBM7Gi8kWNs7XUKcOoDAzgNJSvZ4ZoVCZZRYHQlw7Tw
wFNK9p04qkVhArgTXuCZHTeblPBgB8czGBEydRjkSKXy6JPcuBB3eIuQl6UKjXqK
wCxsWQSgsC54klIAkHIImKNGNups+GmfvZO89MIvheSZ0mO8d4yGjEWelsmbvbP3
KTGYKMPn9CFEnokQuECa681HkqqrTiXxPjUXszIIGQvG2bg+1s//59ZJt5QN3oDX
plntrti+ftC2i9amas2N72YWHcfMWItuIxjOB1MTw1o4jV28ldknz7OmaYRi/Uy6
H9Iyep90LuFNlSzRJdkprpV+LYNuFBRIjl8OW0DFYPCW
-----END CERTIFICATE-----