Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/c27eec-7141-4575-9a6f-c45728c56f3b/1/tRFRkel64fON7_xKepvLPUo1-fI.asa
File:                     tRFRkel64fON7_xKepvLPUo1-fI.asa (raw, json)
Hash identifier:          ameUugDeJAnqZ6Zq6VkX4ZE573/4XY7yNwwbS3zZLqM=
Subject key identifier:   B5:11:51:91:E9:7A:E1:F3:8D:EF:FC:4A:7A:9B:CB:3D:4A:35:F9:F2
Certificate issuer:       /CN=4c4e90a46cd92f8ffcb1924b93b71d1bad313012
Certificate serial:       019D1A037DA8ECE48481345FB3C144BDE1B2
Authority key identifier: 4C:4E:90:A4:6C:D9:2F:8F:FC:B1:92:4B:93:B7:1D:1B:AD:31:30:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TE6QpGzZL4_8sZJLk7cdG60xMBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/c27eec-7141-4575-9a6f-c45728c56f3b/1/tRFRkel64fON7_xKepvLPUo1-fI.asa
Signing time:             Mon 23 Mar 2026 09:25:29 +0000
ASPA not before:          Mon 23 Mar 2026 09:25:29 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            43717
Providers:                AS: 5511
                          AS: 8220
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/c27eec-7141-4575-9a6f-c45728c56f3b/1/TE6QpGzZL4_8sZJLk7cdG60xMBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/c27eec-7141-4575-9a6f-c45728c56f3b/1/TE6QpGzZL4_8sZJLk7cdG60xMBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TE6QpGzZL4_8sZJLk7cdG60xMBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:03:7d:a8:ec:e4:84:81:34:5f:b3:c1:44:bd:e1:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c4e90a46cd92f8ffcb1924b93b71d1bad313012
        Validity
            Not Before: Mar 23 09:25:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5115191e97ae1f38deffc4a7a9bcb3d4a35f9f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:41:78:c0:72:10:31:25:87:29:37:90:a3:4d:
                    bc:fb:8a:29:32:aa:fe:c6:17:a7:51:ed:c5:37:cc:
                    8c:6b:fd:42:02:8b:09:c9:eb:3b:2b:dc:df:7b:70:
                    ff:15:24:3d:b5:c4:85:c8:ba:85:ea:0a:51:3c:6d:
                    73:ef:77:44:ec:9b:e1:93:16:d1:5f:2c:bc:cf:51:
                    d8:49:08:66:3d:0f:ff:64:8d:06:de:87:58:94:25:
                    34:4b:a3:83:2e:12:25:32:51:a7:af:9e:f7:20:95:
                    41:ed:37:15:bf:81:3e:c0:70:c9:b2:ec:9a:ef:89:
                    1b:71:b7:7b:dd:33:e2:f4:c7:4c:38:4e:9c:5b:0a:
                    8a:96:46:8b:67:83:fe:89:55:93:91:ae:a4:17:39:
                    6e:cf:55:88:57:e7:3c:8a:29:dd:4e:24:60:39:67:
                    06:21:ac:4d:44:27:fe:e5:76:b1:e6:54:34:5c:f7:
                    82:84:80:58:e5:f3:e8:5c:a7:32:e5:8c:d2:56:7b:
                    48:0a:48:2f:7f:c6:0b:c3:c1:92:5e:5d:e8:43:ed:
                    ff:57:24:6b:8c:ce:6e:79:c8:fc:fb:2a:f0:e9:80:
                    6c:60:4a:50:4a:5a:08:0f:f2:b4:4d:c3:bb:0f:20:
                    0f:65:4a:25:79:97:b7:f5:f2:b0:61:b4:5d:dd:38:
                    05:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:11:51:91:E9:7A:E1:F3:8D:EF:FC:4A:7A:9B:CB:3D:4A:35:F9:F2
            X509v3 Authority Key Identifier:
                keyid:4C:4E:90:A4:6C:D9:2F:8F:FC:B1:92:4B:93:B7:1D:1B:AD:31:30:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TE6QpGzZL4_8sZJLk7cdG60xMBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/c27eec-7141-4575-9a6f-c45728c56f3b/1/tRFRkel64fON7_xKepvLPUo1-fI.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/c27eec-7141-4575-9a6f-c45728c56f3b/1/TE6QpGzZL4_8sZJLk7cdG60xMBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43717

    Signature Algorithm: sha256WithRSAEncryption
         73:0a:ac:e5:a2:09:de:5a:c5:3b:06:76:34:ec:59:aa:d2:79:
         4c:6a:04:59:fe:e4:83:c9:10:4f:e3:6a:56:22:64:0c:b5:f0:
         2b:08:53:17:c4:00:c4:f8:24:37:87:64:1b:28:0e:80:13:6b:
         3b:4e:8c:7a:64:92:23:9f:07:3b:9a:98:1b:9f:e8:7f:87:4e:
         bb:33:17:1e:a0:4c:a6:dc:8b:88:b0:94:78:6f:35:cc:d6:30:
         ee:a7:da:07:43:06:af:f8:0b:43:b1:79:c2:2b:bf:b2:ed:74:
         1f:c4:fa:26:e9:47:14:c9:ef:5c:d3:9b:fb:36:c5:e5:2c:2f:
         6f:80:e8:76:fe:ea:fd:06:0a:93:5f:ce:d5:6b:d2:16:95:d9:
         02:53:cf:07:c4:bc:dc:31:12:5a:6f:ab:ed:3b:f6:4a:2d:a0:
         7a:13:0f:53:57:b2:b0:00:fb:cf:9d:bf:c5:1a:25:e6:b3:81:
         66:5a:d4:5b:4e:33:59:2f:45:7d:37:9c:af:07:36:fa:77:e8:
         ed:39:45:7e:8f:e0:28:ac:40:ca:86:9a:2e:43:72:8b:29:dd:
         91:70:8c:d9:9f:bb:b2:8d:85:e6:b7:a2:fc:07:1c:52:0f:aa:
         ca:84:9f:9c:f9:4b:d6:81:ba:54:de:98:2b:89:f5:50:bb:8c:
         da:bc:1c:4f
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZ0aA32o7OSEgTRfs8FEveGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNGU5MGE0NmNkOTJmOGZmY2IxOTI0YjkzYjcxZDFiYWQz
MTMwMTIwHhcNMjYwMzIzMDkyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTExNTE5MWU5N2FlMWYzOGRlZmZjNGE3YTliY2IzZDRhMzVmOWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUF4wHIQMSWHKTeQo028+4opMqr+
xhenUe3FN8yMa/1CAosJyes7K9zfe3D/FSQ9tcSFyLqF6gpRPG1z73dE7JvhkxbR
Xyy8z1HYSQhmPQ//ZI0G3odYlCU0S6ODLhIlMlGnr573IJVB7TcVv4E+wHDJsuya
74kbcbd73TPi9MdMOE6cWwqKlkaLZ4P+iVWTka6kFzluz1WIV+c8iindTiRgOWcG
IaxNRCf+5Xax5lQ0XPeChIBY5fPoXKcy5YzSVntICkgvf8YLw8GSXl3oQ+3/VyRr
jM5uecj8+yrw6YBsYEpQSloID/K0TcO7DyAPZUoleZe39fKwYbRd3TgFJwIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFLURUZHpeuHzje/8Snqbyz1KNfnyMB8GA1UdIwQY
MBaAFExOkKRs2S+P/LGSS5O3HRutMTASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEU2UXBHelpMNF84c1pKTGs3Y2RHNjB4TUJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9jMjdlZWMtNzE0MS00NTc1LTlhNmYt
YzQ1NzI4YzU2ZjNiLzEvdFJGUmtlbDY0Zk9ON194S2VwdkxQVW8xLWZJLmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9jMjdlZWMtNzE0MS00NTc1LTlhNmYtYzQ1NzI4YzU2ZjNi
LzEvVEU2UXBHelpMNF84c1pKTGs3Y2RHNjB4TUJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCqxTANBgkqhkiG
9w0BAQsFAAOCAQEAcwqs5aIJ3lrFOwZ2NOxZqtJ5TGoEWf7kg8kQT+NqViJkDLXw
KwhTF8QAxPgkN4dkGygOgBNrO06MemSSI58HO5qYG5/of4dOuzMXHqBMptyLiLCU
eG81zNYw7qfaB0MGr/gLQ7F5wiu/su10H8T6JulHFMnvXNOb+zbF5Swvb4Dodv7q
/QYKk1/O1WvSFpXZAlPPB8S83DESWm+r7Tv2Si2gehMPU1eysAD7z52/xRol5rOB
ZlrUW04zWS9FfTecrwc2+nfo7TlFfo/gKKxAyoaaLkNyiyndkXCM2Z+7so2F5rei
/AccUg+qyoSfnPlL1oG6VN6YK4n1ULuM2rwcTw==
-----END CERTIFICATE-----