Autonomous System Provider Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/MhAe01ZmLmGIo1FB00FAZblkwBo.asa
File:                     MhAe01ZmLmGIo1FB00FAZblkwBo.asa (raw, json)
Hash identifier:          aUcLI++76yd3mnnAy6xNFCz8PJWqoY+FNcByDh9aH0o=
Subject key identifier:   32:10:1E:D3:56:66:2E:61:88:A3:51:41:D3:41:40:65:B9:64:C0:1A
Certificate issuer:       /CN=3f96240998fce4124c3cb4dfbacbb0ed1618405a
Certificate serial:       019C8A8FD343E923A32D0497018496872F3D
Authority key identifier: 3F:96:24:09:98:FC:E4:12:4C:3C:B4:DF:BA:CB:B0:ED:16:18:40:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P5YkCZj85BJMPLTfusuw7RYYQFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/MhAe01ZmLmGIo1FB00FAZblkwBo.asa
Signing time:             Mon 23 Feb 2026 12:53:27 +0000
ASPA not before:          Mon 23 Feb 2026 12:53:27 +0000
ASPA not after:           Thu 01 Jul 2027 00:00:00 +0000
Customer ASID:            201457
Providers:                AS: 198101
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/P5YkCZj85BJMPLTfusuw7RYYQFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/P5YkCZj85BJMPLTfusuw7RYYQFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P5YkCZj85BJMPLTfusuw7RYYQFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 03:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8a:8f:d3:43:e9:23:a3:2d:04:97:01:84:96:87:2f:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f96240998fce4124c3cb4dfbacbb0ed1618405a
        Validity
            Not Before: Feb 23 12:53:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32101ed356662e6188a35141d3414065b964c01a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:da:0b:81:f4:ed:b3:33:aa:2f:66:e2:96:1b:
                    00:9c:32:02:34:95:8e:5b:4b:2d:9e:86:53:1f:a6:
                    95:b8:c1:31:35:bf:ff:09:7b:2a:08:65:29:68:a9:
                    7c:b1:4f:df:49:1e:76:38:50:65:6e:31:91:26:cd:
                    30:8e:43:3c:c3:f8:14:c8:7e:bc:9d:bb:09:ac:3e:
                    86:2f:ef:3e:26:28:a7:f6:64:8e:b9:03:fd:b9:c8:
                    e5:d8:fc:99:dc:6d:53:e2:8d:f6:6f:1d:b8:56:7f:
                    be:c8:86:69:0b:31:95:a4:c4:8f:94:f9:f1:f8:e8:
                    eb:68:11:62:3f:90:cf:f0:c1:59:99:55:3d:71:72:
                    b8:7a:d5:67:14:29:0f:6b:7b:78:d9:1c:d4:28:2d:
                    ab:44:5a:a3:92:51:9e:1a:4c:ae:6f:8e:e0:e4:c2:
                    57:ac:ea:6d:1d:34:1d:fd:73:0d:f8:b9:ec:4c:e4:
                    af:40:22:ec:a2:11:0a:1c:c2:66:36:e0:2c:aa:70:
                    99:fe:79:e2:6d:12:41:70:3e:bb:a4:6e:20:fe:07:
                    5f:aa:01:a1:c0:04:65:ea:f3:23:ee:2e:55:16:4c:
                    fa:05:2d:ac:65:4a:dd:2f:f5:36:c3:b1:79:33:8f:
                    a0:e0:5b:d2:46:55:ed:7c:9f:a6:43:0d:6e:99:0d:
                    d3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:10:1E:D3:56:66:2E:61:88:A3:51:41:D3:41:40:65:B9:64:C0:1A
            X509v3 Authority Key Identifier:
                keyid:3F:96:24:09:98:FC:E4:12:4C:3C:B4:DF:BA:CB:B0:ED:16:18:40:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P5YkCZj85BJMPLTfusuw7RYYQFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/MhAe01ZmLmGIo1FB00FAZblkwBo.asa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/P5YkCZj85BJMPLTfusuw7RYYQFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201457

    Signature Algorithm: sha256WithRSAEncryption
         04:4c:33:8e:b3:ac:db:43:e9:c5:7c:53:45:a8:7e:bf:df:f9:
         94:29:cb:13:ef:42:eb:5c:f5:6d:2a:c4:10:6b:8d:6e:15:e5:
         92:e3:44:47:0d:fb:9e:12:41:2f:77:11:97:fd:7c:73:df:c1:
         93:fd:d8:9a:61:b8:52:5d:88:ce:d4:fe:cb:45:f2:70:09:ec:
         66:3a:15:4b:13:b7:30:43:31:4f:77:af:11:8d:0a:db:97:4b:
         ae:45:fb:b1:c5:da:5d:da:5f:45:0a:42:80:bb:dd:dc:f9:98:
         68:2d:b1:74:1a:92:15:36:33:51:88:99:c8:1a:5d:3d:43:64:
         1a:fd:d9:13:85:3c:2c:e8:ae:e7:a6:7c:e3:de:66:f5:e6:4d:
         23:37:e9:e3:99:69:37:88:12:44:76:df:04:4d:0b:67:78:d2:
         f7:34:28:e3:90:3c:0c:ce:22:cf:94:fe:f0:a9:66:71:c9:22:
         8e:40:f4:e9:3b:45:6d:6b:73:e5:f4:f7:71:6a:ed:cb:be:da:
         8f:54:ae:83:b5:64:24:df:e1:78:da:eb:bc:90:0a:18:31:44:
         44:84:a8:bc:32:25:b1:0d:29:89:b3:76:53:0b:2f:98:e0:72:
         91:a7:1b:2f:50:b4:29:a0:d8:c8:fb:8d:c9:4b:bd:5d:91:63:
         35:54:a6:1b
-----BEGIN CERTIFICATE-----
MIIE+DCCA+CgAwIBAgISAZyKj9ND6SOjLQSXAYSWhy89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmOTYyNDA5OThmY2U0MTI0YzNjYjRkZmJhY2JiMGVkMTYx
ODQwNWEwHhcNMjYwMjIzMTI1MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjEwMWVkMzU2NjYyZTYxODhhMzUxNDFkMzQxNDA2NWI5NjRjMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdoLgfTtszOqL2bilhsAnDICNJWO
W0stnoZTH6aVuMExNb//CXsqCGUpaKl8sU/fSR52OFBlbjGRJs0wjkM8w/gUyH68
nbsJrD6GL+8+Jiin9mSOuQP9ucjl2PyZ3G1T4o32bx24Vn++yIZpCzGVpMSPlPnx
+OjraBFiP5DP8MFZmVU9cXK4etVnFCkPa3t42RzUKC2rRFqjklGeGkyub47g5MJX
rOptHTQd/XMN+LnsTOSvQCLsohEKHMJmNuAsqnCZ/nnibRJBcD67pG4g/gdfqgGh
wARl6vMj7i5VFkz6BS2sZUrdL/U2w7F5M4+g4FvSRlXtfJ+mQw1umQ3TcQIDAQAB
o4ICBDCCAgAwHQYDVR0OBBYEFDIQHtNWZi5hiKNRQdNBQGW5ZMAaMB8GA1UdIwQY
MBaAFD+WJAmY/OQSTDy037rLsO0WGEBaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDVZa0Naajg1QkpNUExUZnVzdXc3UllZUUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi82MGZlYzctMGI1MS00NDQ2LTliNWQt
Yzc0MWMyN2I0ZTIyLzEvTWhBZTAxWm1MbUdJbzFGQjAwRkFaYmxrd0JvLmFzYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi82MGZlYzctMGI1MS00NDQ2LTliNWQtYzc0MWMyN2I0ZTIy
LzEvUDVZa0Naajg1QkpNUExUZnVzdXc3UllZUUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMS8TANBgkqhkiG
9w0BAQsFAAOCAQEABEwzjrOs20PpxXxTRah+v9/5lCnLE+9C61z1bSrEEGuNbhXl
kuNERw37nhJBL3cRl/18c9/Bk/3YmmG4Ul2IztT+y0XycAnsZjoVSxO3MEMxT3ev
EY0K25dLrkX7scXaXdpfRQpCgLvd3PmYaC2xdBqSFTYzUYiZyBpdPUNkGv3ZE4U8
LOiu56Z8495m9eZNIzfp45lpN4gSRHbfBE0LZ3jS9zQo45A8DM4iz5T+8Klmccki
jkD06TtFbWtz5fT3cWrty77aj1Sug7VkJN/heNrrvJAKGDFERISovDIlsQ0pibN2
UwsvmOBykacbL1C0KaDYyPuNyUu9XZFjNVSmGw==
-----END CERTIFICATE-----