Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/430f08-6332-4dc6-9f2c-20d42e49313e/1/lpqlGRFXfBrwzMCV2i6J485j0f4.asa
File:                     lpqlGRFXfBrwzMCV2i6J485j0f4.asa (raw, json)
Hash identifier:          Fbe8bPedsE7NpHwyHD04dX7lQgH8irN49u1YRKAiP8Q=
Subject key identifier:   96:9A:A5:19:11:57:7C:1A:F0:CC:C0:95:DA:2E:89:E3:CE:63:D1:FE
Certificate issuer:       /CN=0c85eba5e1d5d047f3da57de6275fdebc02dfb98
Certificate serial:       019E53E2DB0D61CCCC82F7535743885B7009
Authority key identifier: 0C:85:EB:A5:E1:D5:D0:47:F3:DA:57:DE:62:75:FD:EB:C0:2D:FB:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DIXrpeHV0Efz2lfeYnX968At-5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/430f08-6332-4dc6-9f2c-20d42e49313e/1/lpqlGRFXfBrwzMCV2i6J485j0f4.asa
Signing time:             Sat 23 May 2026 08:10:36 +0000
ASPA not before:          Sat 23 May 2026 08:10:36 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            212720
Providers:                AS: 20473
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/430f08-6332-4dc6-9f2c-20d42e49313e/1/DIXrpeHV0Efz2lfeYnX968At-5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/430f08-6332-4dc6-9f2c-20d42e49313e/1/DIXrpeHV0Efz2lfeYnX968At-5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DIXrpeHV0Efz2lfeYnX968At-5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:53:e2:db:0d:61:cc:cc:82:f7:53:57:43:88:5b:70:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c85eba5e1d5d047f3da57de6275fdebc02dfb98
        Validity
            Not Before: May 23 08:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=969aa51911577c1af0ccc095da2e89e3ce63d1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:81:0c:cf:c3:b1:0a:84:a3:91:16:a6:b9:8b:
                    31:18:b4:1c:93:45:36:04:19:03:f1:8f:6e:d2:24:
                    40:c8:9d:e5:fe:f7:56:d3:f1:35:c8:5d:e9:48:2a:
                    46:db:b6:f3:74:69:be:24:80:43:1f:b0:0d:9e:8a:
                    2f:1c:03:b1:03:5e:5f:cf:b4:d1:d7:b0:4c:06:88:
                    88:99:32:a0:07:9c:4e:42:e1:ed:fd:9a:bd:23:b6:
                    dc:f9:1d:26:01:76:67:7f:63:95:84:2e:67:14:e5:
                    b5:0c:50:6a:c2:3c:67:e4:3a:ee:3b:9b:21:7a:a4:
                    b4:4a:43:dd:71:97:23:4a:e2:0b:c4:b2:ee:6f:78:
                    07:03:ff:c7:90:dc:a1:ce:6b:5b:4e:d2:db:c1:cc:
                    65:54:56:b2:49:fa:93:44:71:ed:dd:e7:14:1a:35:
                    a5:b1:39:2d:1e:f8:f7:80:b2:b6:97:2e:07:8f:0a:
                    3b:a7:53:d2:16:d2:3d:56:20:29:c3:83:05:bc:2b:
                    f3:31:e0:ea:92:25:d8:4b:6d:bc:10:e0:09:48:6c:
                    2d:c2:bf:34:e4:32:34:35:da:e4:e3:18:f8:56:05:
                    3d:27:41:8d:02:8c:9b:17:58:8c:0e:1d:46:fd:83:
                    06:02:de:d4:04:5c:4c:96:c7:30:cb:ae:1c:b8:38:
                    a8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:9A:A5:19:11:57:7C:1A:F0:CC:C0:95:DA:2E:89:E3:CE:63:D1:FE
            X509v3 Authority Key Identifier:
                keyid:0C:85:EB:A5:E1:D5:D0:47:F3:DA:57:DE:62:75:FD:EB:C0:2D:FB:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DIXrpeHV0Efz2lfeYnX968At-5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/430f08-6332-4dc6-9f2c-20d42e49313e/1/lpqlGRFXfBrwzMCV2i6J485j0f4.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/430f08-6332-4dc6-9f2c-20d42e49313e/1/DIXrpeHV0Efz2lfeYnX968At-5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212720

    Signature Algorithm: sha256WithRSAEncryption
         3f:ca:94:6e:cd:4d:8e:2c:d3:6c:b1:43:80:71:c2:7b:0e:3c:
         7a:77:00:d6:47:92:e6:9b:9e:19:5b:2f:a3:1a:09:49:1a:a1:
         12:fb:e5:3c:4b:be:87:56:9a:a8:3b:19:3e:d1:58:b3:0d:a8:
         6e:dd:69:71:a7:81:5d:54:58:d8:9b:68:36:36:c9:d7:aa:07:
         79:eb:18:e7:eb:0d:b3:d9:48:6e:2c:23:4a:06:34:fe:de:e9:
         96:e2:2c:9d:63:ad:aa:5f:d0:06:84:e9:97:05:9d:93:21:4b:
         64:94:15:90:99:fb:da:ce:5f:2b:3d:90:e4:b6:22:b6:66:5a:
         49:ac:70:b5:5c:d6:c5:11:40:ec:5a:86:44:8e:97:03:a2:20:
         99:76:93:bb:71:d9:e3:57:ab:ea:e7:60:d9:ca:dc:4d:a1:72:
         4d:cc:ee:7e:b4:c9:4e:fd:c8:78:27:dc:02:78:ad:70:83:8c:
         f2:40:fa:2e:0c:54:c4:49:e3:79:6b:ca:97:fa:79:83:25:12:
         2b:88:65:63:62:01:2c:90:06:1d:9f:4d:26:6c:76:35:3c:52:
         b8:6e:17:b7:be:a3:d8:53:08:dd:3c:15:94:a6:62:ae:fe:44:
         58:24:d1:0a:0b:00:97:35:63:33:9a:c9:8d:89:3b:16:fd:e1:
         40:55:25:66
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZ5T4tsNYczMgvdTV0OIW3AJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjODVlYmE1ZTFkNWQwNDdmM2RhNTdkZTYyNzVmZGViYzAy
ZGZiOTgwHhcNMjYwNTIzMDgxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjlhYTUxOTExNTc3YzFhZjBjY2MwOTVkYTJlODllM2NlNjNkMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oEMz8OxCoSjkRamuYsxGLQck0U2
BBkD8Y9u0iRAyJ3l/vdW0/E1yF3pSCpG27bzdGm+JIBDH7ANnoovHAOxA15fz7TR
17BMBoiImTKgB5xOQuHt/Zq9I7bc+R0mAXZnf2OVhC5nFOW1DFBqwjxn5DruO5sh
eqS0SkPdcZcjSuILxLLub3gHA//HkNyhzmtbTtLbwcxlVFaySfqTRHHt3ecUGjWl
sTktHvj3gLK2ly4Hjwo7p1PSFtI9ViApw4MFvCvzMeDqkiXYS228EOAJSGwtwr80
5DI0Ndrk4xj4VgU9J0GNAoybF1iMDh1G/YMGAt7UBFxMlscwy64cuDiooQIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFJaapRkRV3wa8MzAldouiePOY9H+MB8GA1UdIwQY
MBaAFAyF66Xh1dBH89pX3mJ1/evALfuYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRElYcnBlSFYwRWZ6MmxmZVluWDk2OEF0LTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80MzBmMDgtNjMzMi00ZGM2LTlmMmMt
MjBkNDJlNDkzMTNlLzEvbHBxbEdSRlhmQnJ3ek1DVjJpNko0ODVqMGY0LmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80MzBmMDgtNjMzMi00ZGM2LTlmMmMtMjBkNDJlNDkzMTNl
LzEvRElYcnBlSFYwRWZ6MmxmZVluWDk2OEF0LTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwM+8DANBgkqhkiG
9w0BAQsFAAOCAQEAP8qUbs1NjizTbLFDgHHCew48encA1keS5pueGVsvoxoJSRqh
EvvlPEu+h1aaqDsZPtFYsw2obt1pcaeBXVRY2JtoNjbJ16oHeesY5+sNs9lIbiwj
SgY0/t7pluIsnWOtql/QBoTplwWdkyFLZJQVkJn72s5fKz2Q5LYitmZaSaxwtVzW
xRFA7FqGRI6XA6IgmXaTu3HZ41er6udg2crcTaFyTczufrTJTv3IeCfcAnitcIOM
8kD6LgxUxEnjeWvKl/p5gyUSK4hlY2IBLJAGHZ9NJmx2NTxSuG4Xt76j2FMI3TwV
lKZirv5EWCTRCgsAlzVjM5rJjYk7Fv3hQFUlZg==
-----END CERTIFICATE-----