Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/a6711a-3729-491b-8dbc-98c2a3c57b88/1/bKh-dpkoM8M1Du_IILRYX251fgo.asa
File:                     bKh-dpkoM8M1Du_IILRYX251fgo.asa (raw, json)
Hash identifier:          oXXXPHkpG0X/cvCkTg371/ma/E5fJ7wCX5/lM1Q2pQk=
Subject key identifier:   6C:A8:7E:76:99:28:33:C3:35:0E:EF:C8:20:B4:58:5F:6E:75:7E:0A
Certificate issuer:       /CN=bf49df577f0ee443188c029323457bbc5a0ead3b
Certificate serial:       019EE63168917D403C07D2FE897BB117CDA4
Authority key identifier: BF:49:DF:57:7F:0E:E4:43:18:8C:02:93:23:45:7B:BC:5A:0E:AD:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0nfV38O5EMYjAKTI0V7vFoOrTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/a6711a-3729-491b-8dbc-98c2a3c57b88/1/bKh-dpkoM8M1Du_IILRYX251fgo.asa
Signing time:             Sat 20 Jun 2026 18:00:58 +0000
ASPA not before:          Sat 20 Jun 2026 18:00:58 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            208323
Providers:                AS: 1764
                          AS: 5405
                          AS: 47147
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/a6711a-3729-491b-8dbc-98c2a3c57b88/1/v0nfV38O5EMYjAKTI0V7vFoOrTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/a6711a-3729-491b-8dbc-98c2a3c57b88/1/v0nfV38O5EMYjAKTI0V7vFoOrTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0nfV38O5EMYjAKTI0V7vFoOrTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Jun 2026 06:03:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:e6:31:68:91:7d:40:3c:07:d2:fe:89:7b:b1:17:cd:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf49df577f0ee443188c029323457bbc5a0ead3b
        Validity
            Not Before: Jun 20 18:00:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ca87e76992833c3350eefc820b4585f6e757e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:19:6b:a7:c1:4b:d9:ec:c2:04:12:7f:ca:6e:
                    11:87:85:9c:38:f4:02:84:0a:26:1e:65:90:a3:38:
                    58:fa:66:d4:20:52:cb:51:26:c6:fa:58:92:e4:95:
                    a3:5d:fb:60:1b:d4:79:a4:b7:2b:79:30:e6:df:60:
                    ff:07:18:7c:48:cd:67:c4:cc:d5:19:bc:a5:03:b5:
                    82:ee:93:53:bb:aa:88:c1:f7:0d:2a:ab:59:ac:38:
                    47:cc:bb:12:c5:80:31:6c:0e:fd:d5:53:d7:3c:fe:
                    43:d5:f6:12:25:22:22:f6:6a:fe:3a:6f:d1:3c:fa:
                    9c:8a:51:67:dd:d9:2f:11:2a:a9:28:0a:aa:f0:86:
                    4a:8b:ce:30:5a:dc:5b:8f:4f:bc:8c:73:49:1c:72:
                    85:16:fa:a8:44:52:09:d1:38:f0:77:e4:27:b4:ee:
                    df:db:22:a8:5e:43:77:67:1e:80:b9:26:32:9b:84:
                    6c:93:80:83:f5:da:9e:7e:5a:42:ac:57:6a:a5:5c:
                    ba:8e:82:9c:59:2f:f9:06:fe:0d:4d:3e:a9:3e:62:
                    d5:3c:2a:58:c1:a4:9a:ca:38:24:3e:f2:b7:85:e0:
                    85:59:6d:aa:5a:84:60:b9:3a:80:05:4d:68:05:27:
                    f0:c9:30:19:39:31:be:12:9b:25:bf:6f:65:44:76:
                    2b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A8:7E:76:99:28:33:C3:35:0E:EF:C8:20:B4:58:5F:6E:75:7E:0A
            X509v3 Authority Key Identifier:
                keyid:BF:49:DF:57:7F:0E:E4:43:18:8C:02:93:23:45:7B:BC:5A:0E:AD:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0nfV38O5EMYjAKTI0V7vFoOrTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/a6711a-3729-491b-8dbc-98c2a3c57b88/1/bKh-dpkoM8M1Du_IILRYX251fgo.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/a6711a-3729-491b-8dbc-98c2a3c57b88/1/v0nfV38O5EMYjAKTI0V7vFoOrTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208323

    Signature Algorithm: sha256WithRSAEncryption
         17:d4:7a:7c:1d:8b:b5:6c:bb:4d:ff:67:9c:cc:11:15:ab:34:
         18:b2:db:d0:8d:46:05:50:23:8c:7b:e3:45:aa:87:7c:79:7c:
         b8:55:90:2e:d7:ba:bc:cb:df:16:08:bf:6f:6d:fc:e7:de:b0:
         cf:d4:de:37:77:69:d5:c2:28:b6:83:81:cf:ed:eb:8a:43:54:
         18:d6:21:6d:b6:3e:b2:ee:bd:33:12:43:79:75:6f:8a:e3:a2:
         bd:ee:0e:de:c2:88:b3:cb:a6:70:b9:3f:b7:5e:c0:c8:f5:07:
         4f:b7:24:21:89:1b:33:51:b0:d5:e8:ab:c9:a5:06:ef:2d:35:
         73:f9:d5:52:fd:d6:d4:c6:6a:2d:9c:e4:35:2d:16:b3:14:f5:
         10:40:fd:f7:8e:2b:06:50:d9:9e:7d:15:f5:ee:9c:f6:10:76:
         eb:aa:fc:82:b9:1c:14:33:ea:62:1f:00:e4:12:b4:ce:40:ba:
         59:d8:48:8b:18:1b:9c:cb:7b:5e:87:49:e2:ca:5a:18:12:7e:
         d8:5c:4e:9a:44:bb:93:3e:61:1c:5a:c2:80:97:3a:d7:62:55:
         25:29:85:2d:09:7a:65:fd:c9:2e:0b:63:fe:00:78:4e:65:71:
         a0:0a:0c:a8:fe:0f:57:26:a2:12:27:5d:c1:f8:f0:a5:05:c2:
         8e:39:65:07
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZ7mMWiRfUA8B9L+iXuxF82kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNDlkZjU3N2YwZWU0NDMxODhjMDI5MzIzNDU3YmJjNWEw
ZWFkM2IwHhcNMjYwNjIwMTgwMDU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2E4N2U3Njk5MjgzM2MzMzUwZWVmYzgyMGI0NTg1ZjZlNzU3ZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBlrp8FL2ezCBBJ/ym4Rh4WcOPQC
hAomHmWQozhY+mbUIFLLUSbG+liS5JWjXftgG9R5pLcreTDm32D/Bxh8SM1nxMzV
GbylA7WC7pNTu6qIwfcNKqtZrDhHzLsSxYAxbA791VPXPP5D1fYSJSIi9mr+Om/R
PPqcilFn3dkvESqpKAqq8IZKi84wWtxbj0+8jHNJHHKFFvqoRFIJ0Tjwd+QntO7f
2yKoXkN3Zx6AuSYym4Rsk4CD9dqeflpCrFdqpVy6joKcWS/5Bv4NTT6pPmLVPCpY
waSayjgkPvK3heCFWW2qWoRguTqABU1oBSfwyTAZOTG+Epslv29lRHYrQwIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFGyofnaZKDPDNQ7vyCC0WF9udX4KMB8GA1UdIwQY
MBaAFL9J31d/DuRDGIwCkyNFe7xaDq07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjBuZlYzOE81RU1ZakFLVEkwVjd2Rm9PclRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9hNjcxMWEtMzcyOS00OTFiLThkYmMt
OThjMmEzYzU3Yjg4LzEvYktoLWRwa29NOE0xRHVfSUlMUllYMjUxZmdvLmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9hNjcxMWEtMzcyOS00OTFiLThkYmMtOThjMmEzYzU3Yjg4
LzEvdjBuZlYzOE81RU1ZakFLVEkwVjd2Rm9PclRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMtwzANBgkqhkiG
9w0BAQsFAAOCAQEAF9R6fB2LtWy7Tf9nnMwRFas0GLLb0I1GBVAjjHvjRaqHfHl8
uFWQLte6vMvfFgi/b238596wz9TeN3dp1cIotoOBz+3rikNUGNYhbbY+su69MxJD
eXVviuOive4O3sKIs8umcLk/t17AyPUHT7ckIYkbM1Gw1eiryaUG7y01c/nVUv3W
1MZqLZzkNS0WsxT1EED9944rBlDZnn0V9e6c9hB266r8grkcFDPqYh8A5BK0zkC6
WdhIixgbnMt7XodJ4spaGBJ+2FxOmkS7kz5hHFrCgJc612JVJSmFLQl6Zf3JLgtj
/gB4TmVxoAoMqP4PVyaiEiddwfjwpQXCjjllBw==
-----END CERTIFICATE-----