Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/3b2fb1-1178-4872-b8b0-2ef22564a400/1/oItuACLpKbdC_mRgmNlHZf4Izzc.asa
File:                     oItuACLpKbdC_mRgmNlHZf4Izzc.asa (raw, json)
Hash identifier:          OZeWH70QG5hehrS+dFmMwPZHbnFgCNtsrek4wAGfcVE=
Subject key identifier:   A0:8B:6E:00:22:E9:29:B7:42:FE:64:60:98:D9:47:65:FE:08:CF:37
Certificate issuer:       /CN=4c137ece735f94b3167121113d8fda4d6bf3b888
Certificate serial:       019D4864E9890863307DD9226535C4A23E6D
Authority key identifier: 4C:13:7E:CE:73:5F:94:B3:16:71:21:11:3D:8F:DA:4D:6B:F3:B8:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBN-znNflLMWcSERPY_aTWvzuIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/3b2fb1-1178-4872-b8b0-2ef22564a400/1/oItuACLpKbdC_mRgmNlHZf4Izzc.asa
Signing time:             Wed 01 Apr 2026 09:34:26 +0000
ASPA not before:          Wed 01 Apr 2026 09:34:26 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            201345
Providers:                AS: 31898
                          AS: 212895
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/3b2fb1-1178-4872-b8b0-2ef22564a400/1/TBN-znNflLMWcSERPY_aTWvzuIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/3b2fb1-1178-4872-b8b0-2ef22564a400/1/TBN-znNflLMWcSERPY_aTWvzuIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBN-znNflLMWcSERPY_aTWvzuIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:64:e9:89:08:63:30:7d:d9:22:65:35:c4:a2:3e:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c137ece735f94b3167121113d8fda4d6bf3b888
        Validity
            Not Before: Apr  1 09:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a08b6e0022e929b742fe646098d94765fe08cf37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e2:51:fe:ec:d3:00:48:9b:02:0c:69:00:f1:
                    7e:d1:57:2e:40:28:f0:c1:84:fd:67:b7:d0:9f:02:
                    ac:18:e6:40:68:46:da:60:b0:3f:b7:a9:c6:35:fb:
                    f9:53:bc:dc:1f:b2:f3:24:f2:a7:b5:2e:9c:fc:91:
                    09:cc:f9:3d:20:b3:6f:c1:e7:46:ca:2e:c4:e4:f6:
                    6a:ba:11:2a:4a:dd:3f:39:f5:81:3c:3f:09:e9:cb:
                    f5:df:de:12:d3:89:a2:43:31:0b:6d:a6:76:3d:0b:
                    3c:4d:14:d4:53:e0:1f:69:8f:05:5f:9f:0f:29:c3:
                    40:32:d1:ea:5c:7b:52:83:54:f3:98:8e:f8:47:c4:
                    84:b2:58:54:50:51:cf:89:e6:c6:41:8f:a9:bb:8c:
                    17:12:5f:cf:91:91:eb:22:cd:20:67:46:77:86:a7:
                    fb:7b:75:08:b9:eb:93:f8:71:ae:e5:b4:44:58:f5:
                    ff:3a:4b:43:22:6b:e5:c5:58:3a:ae:99:d7:7d:22:
                    f3:08:13:91:54:48:28:84:ce:37:c2:d2:56:eb:40:
                    d5:de:42:0e:a0:52:58:83:ae:ee:1e:e3:b7:3e:24:
                    23:1d:ae:c3:04:70:0e:45:19:32:b3:7c:8a:82:b0:
                    ac:9f:86:95:6f:ed:26:e6:25:3e:ba:19:64:ed:c4:
                    c3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:8B:6E:00:22:E9:29:B7:42:FE:64:60:98:D9:47:65:FE:08:CF:37
            X509v3 Authority Key Identifier:
                keyid:4C:13:7E:CE:73:5F:94:B3:16:71:21:11:3D:8F:DA:4D:6B:F3:B8:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBN-znNflLMWcSERPY_aTWvzuIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3b2fb1-1178-4872-b8b0-2ef22564a400/1/oItuACLpKbdC_mRgmNlHZf4Izzc.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3b2fb1-1178-4872-b8b0-2ef22564a400/1/TBN-znNflLMWcSERPY_aTWvzuIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201345

    Signature Algorithm: sha256WithRSAEncryption
         42:85:0b:4e:3d:a2:c1:17:58:16:0d:e0:d7:77:e4:13:40:f6:
         84:1b:1f:76:c1:49:1d:41:dd:2e:b2:2d:37:3d:e1:78:f7:03:
         a1:77:3a:ff:91:55:8d:3f:04:33:46:df:97:d7:88:a2:aa:41:
         ae:b2:b2:e6:4c:fe:77:05:34:ba:fa:d0:9d:1b:b7:ef:43:e5:
         25:ea:61:b9:2f:d9:0a:a4:d1:92:9c:d7:28:09:1a:0e:df:f0:
         e6:e9:67:f4:84:e7:4d:b1:20:87:b0:cf:07:22:7f:29:ab:fb:
         8f:5c:06:36:3b:cb:8e:8d:60:d0:80:54:e6:ad:9a:23:55:03:
         c7:71:ab:15:9b:42:e5:d9:5a:56:d2:56:5d:ed:7a:2a:d2:5a:
         ed:f0:e0:33:83:60:39:3b:10:70:2f:e8:96:18:c7:96:17:27:
         c5:e6:6a:1d:bf:2d:76:81:15:c3:e1:31:26:72:e3:52:47:9b:
         41:94:44:dd:e5:68:75:3c:f0:6d:a7:75:df:a3:29:70:bf:13:
         09:d3:77:b7:76:5c:21:0e:5d:ac:2b:cc:49:cb:c9:37:e5:20:
         e0:e5:e4:e1:cc:27:c5:a5:78:a4:e6:0d:29:1b:ba:8b:8d:55:
         b4:ed:21:a0:c0:9d:20:52:da:3e:b9:d0:de:21:c1:f5:01:16:
         60:47:30:57
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZ1IZOmJCGMwfdkiZTXEoj5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMTM3ZWNlNzM1Zjk0YjMxNjcxMjExMTNkOGZkYTRkNmJm
M2I4ODgwHhcNMjYwNDAxMDkzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDhiNmUwMDIyZTkyOWI3NDJmZTY0NjA5OGQ5NDc2NWZlMDhjZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+JR/uzTAEibAgxpAPF+0VcuQCjw
wYT9Z7fQnwKsGOZAaEbaYLA/t6nGNfv5U7zcH7LzJPKntS6c/JEJzPk9ILNvwedG
yi7E5PZquhEqSt0/OfWBPD8J6cv1394S04miQzELbaZ2PQs8TRTUU+AfaY8FX58P
KcNAMtHqXHtSg1TzmI74R8SEslhUUFHPiebGQY+pu4wXEl/PkZHrIs0gZ0Z3hqf7
e3UIueuT+HGu5bREWPX/OktDImvlxVg6rpnXfSLzCBORVEgohM43wtJW60DV3kIO
oFJYg67uHuO3PiQjHa7DBHAORRkys3yKgrCsn4aVb+0m5iU+uhlk7cTDhwIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFKCLbgAi6Sm3Qv5kYJjZR2X+CM83MB8GA1UdIwQY
MBaAFEwTfs5zX5SzFnEhET2P2k1r87iIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJOLXpuTmZsTE1XY1NFUlBZX2FUV3Z6dUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8zYjJmYjEtMTE3OC00ODcyLWI4YjAt
MmVmMjI1NjRhNDAwLzEvb0l0dUFDTHBLYmRDX21SZ21ObEhaZjRJenpjLmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8zYjJmYjEtMTE3OC00ODcyLWI4YjAtMmVmMjI1NjRhNDAw
LzEvVEJOLXpuTmZsTE1XY1NFUlBZX2FUV3Z6dUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMSgTANBgkqhkiG
9w0BAQsFAAOCAQEAQoULTj2iwRdYFg3g13fkE0D2hBsfdsFJHUHdLrItNz3hePcD
oXc6/5FVjT8EM0bfl9eIoqpBrrKy5kz+dwU0uvrQnRu370PlJephuS/ZCqTRkpzX
KAkaDt/w5uln9ITnTbEgh7DPByJ/Kav7j1wGNjvLjo1g0IBU5q2aI1UDx3GrFZtC
5dlaVtJWXe16KtJa7fDgM4NgOTsQcC/olhjHlhcnxeZqHb8tdoEVw+ExJnLjUkeb
QZRE3eVodTzwbad136MpcL8TCdN3t3ZcIQ5drCvMScvJN+Ug4OXk4cwnxaV4pOYN
KRu6i41VtO0hoMCdIFLaPrnQ3iHB9QEWYEcwVw==
-----END CERTIFICATE-----