Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/b89OtE1WAM5mSDz-HnqsCyirLw8.asa
File:                     b89OtE1WAM5mSDz-HnqsCyirLw8.asa (raw, json)
Hash identifier:          WwQIyDPTpparBL/aU3tgaOWtU26s+wxcO28wS+CM+5U=
Subject key identifier:   6F:CF:4E:B4:4D:56:00:CE:66:48:3C:FE:1E:7A:AC:0B:28:AB:2F:0F
Certificate issuer:       /CN=238d1f1fc4c3e8fb471b3b1dee36c5df315fb234
Certificate serial:       019DBE2CE66366B38A95083A6794CEB1D26C
Authority key identifier: 23:8D:1F:1F:C4:C3:E8:FB:47:1B:3B:1D:EE:36:C5:DF:31:5F:B2:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/b89OtE1WAM5mSDz-HnqsCyirLw8.asa
Signing time:             Fri 24 Apr 2026 06:28:26 +0000
ASPA not before:          Fri 24 Apr 2026 06:28:26 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            203958
Providers:                AS: 12324
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 May 2026 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:be:2c:e6:63:66:b3:8a:95:08:3a:67:94:ce:b1:d2:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=238d1f1fc4c3e8fb471b3b1dee36c5df315fb234
        Validity
            Not Before: Apr 24 06:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6fcf4eb44d5600ce66483cfe1e7aac0b28ab2f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:94:c1:a3:05:73:fd:39:ea:89:08:d3:71:a5:
                    ad:e3:fd:0a:be:03:39:c4:0b:16:ff:bf:93:b0:6e:
                    59:de:cd:d4:d2:98:41:6c:f2:3f:a7:02:c0:90:7d:
                    99:4a:4e:15:4e:28:33:d4:15:de:3f:0a:be:33:c8:
                    2f:de:9a:5c:86:54:79:2f:cc:46:48:a6:24:c1:b8:
                    b4:f5:92:25:d8:af:bc:ca:ca:cf:4c:9d:ed:b1:c6:
                    8f:4d:17:85:bf:92:51:7b:21:2d:82:75:32:c7:bc:
                    bb:31:07:de:95:c2:10:9b:1c:dc:42:63:c7:dd:ba:
                    97:af:6a:68:4c:e4:99:04:f4:7f:2f:06:2c:40:e5:
                    ac:a7:89:c5:cc:9e:e3:52:f8:c0:83:bf:17:05:83:
                    ac:4f:da:f9:7f:3e:91:3a:95:6e:be:e2:f1:0d:7d:
                    85:70:4c:fa:ec:5f:ea:48:6b:2d:87:3d:24:ac:e6:
                    c7:3c:88:67:63:4e:86:53:c2:94:8a:b2:b0:3f:6e:
                    19:57:b2:3f:19:22:04:72:f0:7f:e0:5b:36:0e:84:
                    22:14:21:15:3c:df:c7:51:2b:0c:2f:b5:31:c3:62:
                    69:f1:0b:96:2e:8e:75:3b:49:a8:a8:ee:17:c0:bb:
                    25:83:17:ac:9a:9c:eb:32:ae:54:78:81:55:35:20:
                    75:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:CF:4E:B4:4D:56:00:CE:66:48:3C:FE:1E:7A:AC:0B:28:AB:2F:0F
            X509v3 Authority Key Identifier:
                keyid:23:8D:1F:1F:C4:C3:E8:FB:47:1B:3B:1D:EE:36:C5:DF:31:5F:B2:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I40fH8TD6PtHGzsd7jbF3zFfsjQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/b89OtE1WAM5mSDz-HnqsCyirLw8.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9b7027-f324-4ecd-893a-d39cc317fdcd/1/I40fH8TD6PtHGzsd7jbF3zFfsjQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203958

    Signature Algorithm: sha256WithRSAEncryption
         ad:cd:1a:e7:df:57:cd:a6:39:4a:da:c2:41:3d:29:0a:24:de:
         50:8d:90:0b:81:60:5d:22:8f:cf:f7:f8:04:4f:fd:83:a3:6b:
         85:9d:e0:1d:65:21:f8:22:dc:da:f2:09:22:bf:98:01:1f:6d:
         23:95:58:89:5f:db:ee:da:25:61:f2:9c:4f:cf:b5:aa:f4:e6:
         44:fb:21:ac:1e:3b:a7:63:92:ff:39:df:ca:47:08:a3:c6:56:
         39:d6:19:45:dd:a3:02:97:ba:5d:8e:12:9b:c8:4b:b8:b9:00:
         d0:60:b1:b8:31:52:88:93:3c:76:ef:95:19:9f:0e:50:84:d5:
         8e:7c:d0:8f:5d:6f:e3:f6:a6:f0:e4:e1:35:db:e6:17:b7:31:
         3d:9e:ec:ba:85:fb:75:1d:52:01:78:55:a3:0a:27:7f:26:0d:
         74:f5:1c:7f:45:ae:10:be:11:a5:50:94:46:48:55:4f:b4:e1:
         01:00:f5:ee:96:0b:2e:fd:07:d9:9c:4a:89:8d:dc:9c:48:f6:
         97:04:eb:0d:dd:f6:c5:37:00:ae:f6:e9:5b:8c:a6:e5:54:e7:
         6b:b1:5e:ea:a8:90:ac:ef:e6:30:d6:b5:fc:76:aa:45:9f:d2:
         a9:33:d1:f6:de:28:1d:fa:fd:53:f9:e2:19:dc:df:98:bb:6a:
         4c:9a:64:63
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZ2+LOZjZrOKlQg6Z5TOsdJsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzOGQxZjFmYzRjM2U4ZmI0NzFiM2IxZGVlMzZjNWRmMzE1
ZmIyMzQwHhcNMjYwNDI0MDYyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmNmNGViNDRkNTYwMGNlNjY0ODNjZmUxZTdhYWMwYjI4YWIyZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZTBowVz/TnqiQjTcaWt4/0KvgM5
xAsW/7+TsG5Z3s3U0phBbPI/pwLAkH2ZSk4VTigz1BXePwq+M8gv3ppchlR5L8xG
SKYkwbi09ZIl2K+8ysrPTJ3tscaPTReFv5JReyEtgnUyx7y7MQfelcIQmxzcQmPH
3bqXr2poTOSZBPR/LwYsQOWsp4nFzJ7jUvjAg78XBYOsT9r5fz6ROpVuvuLxDX2F
cEz67F/qSGsthz0krObHPIhnY06GU8KUirKwP24ZV7I/GSIEcvB/4Fs2DoQiFCEV
PN/HUSsML7Uxw2Jp8QuWLo51O0moqO4XwLslgxesmpzrMq5UeIFVNSB1YQIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFG/PTrRNVgDOZkg8/h56rAsoqy8PMB8GA1UdIwQY
MBaAFCONHx/Ew+j7Rxs7He42xd8xX7I0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTQwZkg4VEQ2UHRIR3pzZDdqYkYzekZmc2pRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85YjcwMjctZjMyNC00ZWNkLTg5M2Et
ZDM5Y2MzMTdmZGNkLzEvYjg5T3RFMVdBTTVtU0R6LUhucXNDeWlyTHc4LmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85YjcwMjctZjMyNC00ZWNkLTg5M2EtZDM5Y2MzMTdmZGNk
LzEvSTQwZkg4VEQ2UHRIR3pzZDdqYkYzekZmc2pRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMctjANBgkqhkiG
9w0BAQsFAAOCAQEArc0a599XzaY5StrCQT0pCiTeUI2QC4FgXSKPz/f4BE/9g6Nr
hZ3gHWUh+CLc2vIJIr+YAR9tI5VYiV/b7tolYfKcT8+1qvTmRPshrB47p2OS/znf
ykcIo8ZWOdYZRd2jApe6XY4Sm8hLuLkA0GCxuDFSiJM8du+VGZ8OUITVjnzQj11v
4/am8OThNdvmF7cxPZ7suoX7dR1SAXhVowonfyYNdPUcf0WuEL4RpVCURkhVT7Th
AQD17pYLLv0H2ZxKiY3cnEj2lwTrDd32xTcArvbpW4ym5VTna7Fe6qiQrO/mMNa1
/HaqRZ/SqTPR9t4oHfr9U/niGdzfmLtqTJpkYw==
-----END CERTIFICATE-----