Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/f56fa9-f9fe-40f5-a853-832ab844172b/1/YPqShABfeYxe85XZwgPP-D5hAs0.asa
File:                     YPqShABfeYxe85XZwgPP-D5hAs0.asa (raw, json)
Hash identifier:          lSybZ49LJX9Yd/+rtoHHH2KWxEldGY3pzCrhf0jSSpU=
Subject key identifier:   60:FA:92:84:00:5F:79:8C:5E:F3:95:D9:C2:03:CF:F8:3E:61:02:CD
Certificate issuer:       /CN=4dc0230cd415d86e86fd8893134287ce54a687d7
Certificate serial:       019D504E0D685ACC97B215152707FB8B58C3
Authority key identifier: 4D:C0:23:0C:D4:15:D8:6E:86:FD:88:93:13:42:87:CE:54:A6:87:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TcAjDNQV2G6G_YiTE0KHzlSmh9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/f56fa9-f9fe-40f5-a853-832ab844172b/1/YPqShABfeYxe85XZwgPP-D5hAs0.asa
Signing time:             Thu 02 Apr 2026 22:26:25 +0000
ASPA not before:          Thu 02 Apr 2026 22:26:25 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            208690
Providers:                AS: 56655
                          AS: 199829
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/f56fa9-f9fe-40f5-a853-832ab844172b/1/TcAjDNQV2G6G_YiTE0KHzlSmh9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/f56fa9-f9fe-40f5-a853-832ab844172b/1/TcAjDNQV2G6G_YiTE0KHzlSmh9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TcAjDNQV2G6G_YiTE0KHzlSmh9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:50:4e:0d:68:5a:cc:97:b2:15:15:27:07:fb:8b:58:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dc0230cd415d86e86fd8893134287ce54a687d7
        Validity
            Not Before: Apr  2 22:26:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60fa9284005f798c5ef395d9c203cff83e6102cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:bc:5b:f8:95:79:fb:63:54:89:da:04:53:d6:
                    20:f8:d4:40:04:8a:95:c1:70:88:4f:ed:f4:26:11:
                    4c:fc:73:67:23:fb:33:f2:95:40:38:4f:a2:af:70:
                    f6:b2:3d:bd:6a:bd:6a:e7:cc:52:65:52:35:23:27:
                    40:e2:c2:7f:1a:83:02:b7:9b:15:d6:72:e4:81:1d:
                    40:80:90:64:31:db:36:a3:05:c8:f7:82:ed:27:c0:
                    2b:38:4b:31:ec:55:8e:50:c1:53:2f:3d:f9:e7:6b:
                    e0:c0:e0:e9:65:19:ec:4a:b4:75:07:9f:48:54:3e:
                    a4:ba:45:f5:61:0f:0e:c4:ab:bf:f4:3f:fa:51:12:
                    f7:01:aa:94:11:c4:0f:cf:c0:bc:5e:06:75:98:82:
                    68:c5:26:d2:43:d3:05:e7:6a:e5:04:ad:68:c3:6e:
                    6c:17:e4:c9:89:e6:78:7c:7a:4e:2c:30:92:f0:21:
                    ed:85:48:60:3c:a7:cd:66:5e:65:eb:df:85:d2:61:
                    c2:29:66:38:a4:ed:9e:67:e4:04:e2:8b:fb:49:3b:
                    2c:f9:ba:84:5e:c5:ed:97:74:88:c7:61:94:36:d1:
                    93:ca:49:ad:2f:14:a4:07:5f:a2:0b:e8:d4:a5:b2:
                    fa:ba:49:c4:4f:b2:65:2f:e5:94:56:a8:00:21:8b:
                    dd:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:FA:92:84:00:5F:79:8C:5E:F3:95:D9:C2:03:CF:F8:3E:61:02:CD
            X509v3 Authority Key Identifier:
                keyid:4D:C0:23:0C:D4:15:D8:6E:86:FD:88:93:13:42:87:CE:54:A6:87:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TcAjDNQV2G6G_YiTE0KHzlSmh9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/f56fa9-f9fe-40f5-a853-832ab844172b/1/YPqShABfeYxe85XZwgPP-D5hAs0.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/f56fa9-f9fe-40f5-a853-832ab844172b/1/TcAjDNQV2G6G_YiTE0KHzlSmh9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208690

    Signature Algorithm: sha256WithRSAEncryption
         39:90:9d:2b:31:ba:be:d9:05:31:21:71:d2:8a:2e:08:fc:a1:
         32:68:6e:28:f4:b9:ce:51:d9:1c:56:1b:c0:63:2d:a9:6e:a8:
         b2:e2:01:59:d5:19:ae:b8:df:63:3b:bc:9f:bb:0b:0c:6c:31:
         18:7a:34:eb:7d:8d:7e:a7:30:8c:ab:a2:65:cc:6f:da:a8:55:
         25:f2:a5:36:c3:71:4e:20:67:8d:95:75:1e:ab:42:a5:b1:d2:
         13:93:f4:9e:69:07:5d:ef:59:d7:b9:fa:2c:86:a8:bd:57:86:
         46:83:26:ca:60:52:9d:ad:07:71:0c:e5:05:47:d0:b1:dc:b1:
         15:ae:1b:19:7a:d0:50:6d:8d:17:9a:9e:70:6c:a4:96:a5:1c:
         25:30:90:a0:04:f3:a5:21:8b:54:fc:e8:ba:05:7a:7b:91:3f:
         26:26:98:13:a5:7d:55:a2:a8:d3:a6:26:46:4c:a0:73:08:b2:
         49:6c:e8:7f:e4:a4:19:04:47:a4:22:24:e1:56:b3:69:a0:1c:
         4b:52:6e:0b:39:4d:55:dc:23:fe:5e:3c:5e:18:63:f2:b5:f8:
         38:f2:74:b4:dd:9e:6c:35:82:7b:eb:2e:ec:fe:a9:ff:7c:67:
         97:45:4f:0e:ec:11:fa:f4:1e:ea:dc:8e:b1:66:db:0b:f8:a7:
         14:8c:95:11
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZ1QTg1oWsyXshUVJwf7i1jDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYzAyMzBjZDQxNWQ4NmU4NmZkODg5MzEzNDI4N2NlNTRh
Njg3ZDcwHhcNMjYwNDAyMjIyNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGZhOTI4NDAwNWY3OThjNWVmMzk1ZDljMjAzY2ZmODNlNjEwMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bxb+JV5+2NUidoEU9Yg+NRABIqV
wXCIT+30JhFM/HNnI/sz8pVAOE+ir3D2sj29ar1q58xSZVI1IydA4sJ/GoMCt5sV
1nLkgR1AgJBkMds2owXI94LtJ8ArOEsx7FWOUMFTLz3552vgwODpZRnsSrR1B59I
VD6kukX1YQ8OxKu/9D/6URL3AaqUEcQPz8C8XgZ1mIJoxSbSQ9MF52rlBK1ow25s
F+TJieZ4fHpOLDCS8CHthUhgPKfNZl5l69+F0mHCKWY4pO2eZ+QE4ov7STss+bqE
XsXtl3SIx2GUNtGTykmtLxSkB1+iC+jUpbL6uknET7JlL+WUVqgAIYvdAwIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFGD6koQAX3mMXvOV2cIDz/g+YQLNMB8GA1UdIwQY
MBaAFE3AIwzUFdhuhv2IkxNCh85UpofXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGNBakROUVYyRzZHX1lpVEUwS0h6bFNtaDljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9mNTZmYTktZjlmZS00MGY1LWE4NTMt
ODMyYWI4NDQxNzJiLzEvWVBxU2hBQmZlWXhlODVYWndnUFAtRDVoQXMwLmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9mNTZmYTktZjlmZS00MGY1LWE4NTMtODMyYWI4NDQxNzJi
LzEvVGNBakROUVYyRzZHX1lpVEUwS0h6bFNtaDljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMvMjANBgkqhkiG
9w0BAQsFAAOCAQEAOZCdKzG6vtkFMSFx0oouCPyhMmhuKPS5zlHZHFYbwGMtqW6o
suIBWdUZrrjfYzu8n7sLDGwxGHo0632NfqcwjKuiZcxv2qhVJfKlNsNxTiBnjZV1
HqtCpbHSE5P0nmkHXe9Z17n6LIaovVeGRoMmymBSna0HcQzlBUfQsdyxFa4bGXrQ
UG2NF5qecGyklqUcJTCQoATzpSGLVPzougV6e5E/JiaYE6V9VaKo06YmRkygcwiy
SWzof+SkGQRHpCIk4VazaaAcS1JuCzlNVdwj/l48Xhhj8rX4OPJ0tN2ebDWCe+su
7P6p/3xnl0VPDuwR+vQe6tyOsWbbC/inFIyVEQ==
-----END CERTIFICATE-----