Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/K21rZ8iSPzRD0y2-8XH6DYAR720.asa
File:                     K21rZ8iSPzRD0y2-8XH6DYAR720.asa (raw, json)
Hash identifier:          WdKRw8QVqYDS6afPeC1sTisyLqYHDRhDINFD62xXAtQ=
Subject key identifier:   2B:6D:6B:67:C8:92:3F:34:43:D3:2D:BE:F1:71:FA:0D:80:11:EF:6D
Certificate issuer:       /CN=36d3f59b5f8a8fd66f1d13a2d0f91dc22bf8a1ca
Certificate serial:       019E191B3F7BC0C3F646FCB552BA7A86812D
Authority key identifier: 36:D3:F5:9B:5F:8A:8F:D6:6F:1D:13:A2:D0:F9:1D:C2:2B:F8:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/K21rZ8iSPzRD0y2-8XH6DYAR720.asa
Signing time:             Mon 11 May 2026 22:14:36 +0000
ASPA not before:          Mon 11 May 2026 22:14:36 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            198276
Providers:                AS: 212396
                          AS: 212895
                          AS: 215638
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:19:1b:3f:7b:c0:c3:f6:46:fc:b5:52:ba:7a:86:81:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36d3f59b5f8a8fd66f1d13a2d0f91dc22bf8a1ca
        Validity
            Not Before: May 11 22:14:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b6d6b67c8923f3443d32dbef171fa0d8011ef6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:32:87:48:5c:cd:92:4d:10:21:71:2d:92:d2:
                    01:6f:a7:25:28:4e:88:7c:59:e6:ac:16:e6:1d:ab:
                    bb:8a:2a:44:05:5d:74:0b:cc:62:58:df:fb:79:86:
                    ae:4c:ac:73:82:29:bd:8e:d1:7d:93:77:c9:c0:ec:
                    5b:a2:40:d0:ce:dc:5e:35:06:5e:0c:d2:c6:01:af:
                    29:2e:09:4e:d1:da:9c:11:80:a7:ff:e7:c9:32:e4:
                    2e:07:4f:64:5d:8a:7d:8c:09:15:5c:2b:10:14:10:
                    dc:ac:82:dc:d2:c2:de:f0:8e:82:78:b4:b2:0d:1f:
                    58:19:f0:82:f6:0e:28:9a:b0:b6:5a:57:8c:93:d9:
                    c1:1b:97:4f:8e:75:ca:2d:20:78:b2:21:83:da:5f:
                    65:27:4a:2e:f9:4e:4e:a2:7d:b8:71:b2:03:f7:ca:
                    9d:ba:57:ae:0e:78:71:6e:ac:0c:12:3c:23:ef:fc:
                    e7:7b:de:0d:19:c6:af:2b:6f:86:ad:67:57:bd:69:
                    5e:c9:c3:4f:eb:da:01:cd:90:e2:8b:0d:22:fe:b5:
                    0f:70:a0:f3:72:33:55:0b:1b:81:47:42:3a:80:28:
                    c8:86:82:76:8f:b9:aa:08:b3:cb:7f:7c:fc:c9:0c:
                    ee:3e:c4:eb:b9:fd:e0:56:1b:0c:10:5a:1b:b0:d4:
                    3b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6D:6B:67:C8:92:3F:34:43:D3:2D:BE:F1:71:FA:0D:80:11:EF:6D
            X509v3 Authority Key Identifier:
                keyid:36:D3:F5:9B:5F:8A:8F:D6:6F:1D:13:A2:D0:F9:1D:C2:2B:F8:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/K21rZ8iSPzRD0y2-8XH6DYAR720.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/e7c8f3-c0ba-423e-9661-c85efd561e25/1/NtP1m1-Kj9ZvHROi0Pkdwiv4oco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198276

    Signature Algorithm: sha256WithRSAEncryption
         54:b1:eb:30:ad:78:c8:62:49:9b:cd:73:7d:c8:5f:46:6d:cd:
         61:9a:bd:b7:44:04:90:31:c5:89:65:c8:d1:aa:95:24:8c:3a:
         ec:1f:8e:f4:e5:ee:26:67:ff:30:47:cc:8e:b7:a1:db:91:3e:
         2f:d3:12:b1:77:15:06:c6:7d:90:d8:cc:ef:60:95:1c:e3:18:
         a3:8b:09:84:da:22:a8:09:e8:3f:b7:35:30:94:b8:ba:23:c9:
         bb:76:8e:f9:26:16:65:59:69:2d:6f:f8:44:e5:65:b1:70:1e:
         e8:cf:19:e4:05:03:e6:7a:d9:01:92:7c:83:3d:27:9d:f1:d8:
         69:be:b3:39:e7:56:f3:34:44:55:7e:e4:e8:0f:de:16:b5:73:
         a8:06:65:ab:ae:66:4a:a5:6d:8b:d5:27:39:c6:17:c1:fb:96:
         52:64:06:9f:5d:5a:b6:0f:fc:e2:3f:de:4c:a7:67:8e:6a:15:
         d4:0b:55:59:2d:2b:bb:e9:ea:78:c2:3c:d1:d3:38:41:d4:4b:
         37:97:fc:aa:a6:a6:8d:ee:93:4d:bb:ba:51:b2:91:f9:5a:09:
         45:2a:cb:95:5c:95:10:7d:11:05:2a:16:98:e2:88:58:1b:eb:
         72:a2:f5:70:4e:52:e2:92:8d:47:3b:69:07:24:a4:34:c7:37:
         31:81:b1:f5
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZ4ZGz97wMP2Rvy1Urp6hoEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZDNmNTliNWY4YThmZDY2ZjFkMTNhMmQwZjkxZGMyMmJm
OGExY2EwHhcNMjYwNTExMjIxNDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjZkNmI2N2M4OTIzZjM0NDNkMzJkYmVmMTcxZmEwZDgwMTFlZjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDKHSFzNkk0QIXEtktIBb6clKE6I
fFnmrBbmHau7iipEBV10C8xiWN/7eYauTKxzgim9jtF9k3fJwOxbokDQztxeNQZe
DNLGAa8pLglO0dqcEYCn/+fJMuQuB09kXYp9jAkVXCsQFBDcrILc0sLe8I6CeLSy
DR9YGfCC9g4omrC2WleMk9nBG5dPjnXKLSB4siGD2l9lJ0ou+U5Oon24cbID98qd
uleuDnhxbqwMEjwj7/zne94NGcavK2+GrWdXvWleycNP69oBzZDiiw0i/rUPcKDz
cjNVCxuBR0I6gCjIhoJ2j7mqCLPLf3z8yQzuPsTruf3gVhsMEFobsNQ7ZwIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFCtta2fIkj80Q9MtvvFx+g2AEe9tMB8GA1UdIwQY
MBaAFDbT9Ztfio/Wbx0TotD5HcIr+KHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnRQMW0xLUtqOVp2SFJPaTBQa2R3aXY0b2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9lN2M4ZjMtYzBiYS00MjNlLTk2NjEt
Yzg1ZWZkNTYxZTI1LzEvSzIxclo4aVNQelJEMHkyLThYSDZEWUFSNzIwLmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9lN2M4ZjMtYzBiYS00MjNlLTk2NjEtYzg1ZWZkNTYxZTI1
LzEvTnRQMW0xLUtqOVp2SFJPaTBQa2R3aXY0b2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMGhDANBgkqhkiG
9w0BAQsFAAOCAQEAVLHrMK14yGJJm81zfchfRm3NYZq9t0QEkDHFiWXI0aqVJIw6
7B+O9OXuJmf/MEfMjreh25E+L9MSsXcVBsZ9kNjM72CVHOMYo4sJhNoiqAnoP7c1
MJS4uiPJu3aO+SYWZVlpLW/4ROVlsXAe6M8Z5AUD5nrZAZJ8gz0nnfHYab6zOedW
8zREVX7k6A/eFrVzqAZlq65mSqVti9UnOcYXwfuWUmQGn11atg/84j/eTKdnjmoV
1AtVWS0ru+nqeMI80dM4QdRLN5f8qqamje6TTbu6UbKR+VoJRSrLlVyVEH0RBSoW
mOKIWBvrcqL1cE5S4pKNRztpBySkNMc3MYGx9Q==
-----END CERTIFICATE-----