Manifest

$ rpki-client -vvf rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
File:                     B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft (raw, json)
Hash identifier:          rFHlDoxQbORfYz/nQkKdtfoLEtvsIpjK+vrVnYEoHWg=
Subject key identifier:   94:B7:3A:A8:53:66:8D:F1:5C:E8:D2:2D:08:A1:CD:A4:7D:1A:52:E0
Authority key identifier: B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4
Certificate issuer:       /CN=b60561dffbfde255fec14d4d9f0e13f4375352e4
Certificate serial:       56D9CE6EAEC5A964B334E181F4C3504142924BC9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer
Subject info access:      rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
Manifest number:          0277
Signing time:             Sun 29 Mar 2026 12:19:55 +0000
Manifest this update:     Sun 29 Mar 2026 12:14:55 +0000
Manifest next update:     Mon 30 Mar 2026 13:55:55 +0000
Files and hashes:         1: 323030313a3637633a6438303a3a2f34382d3438203d3e20343031353531.roa (hash: 7s5kSYH1DbSfowuVOrG3wfjclNvq71vCWTMKX5SA1NA=)
                          2: B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl (hash: 3xdKHmjwsBimD1/nbQCU63nR5WRm0yAZDtVBhmV8CW0=)
Validation:               OK
Signature path:           rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl
                          rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d9:ce:6e:ae:c5:a9:64:b3:34:e1:81:f4:c3:50:41:42:92:4b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b60561dffbfde255fec14d4d9f0e13f4375352e4
        Validity
            Not Before: Mar 29 12:14:55 2026 GMT
            Not After : Mar 30 13:55:55 2026 GMT
        Subject: CN=94B73AA853668DF15CE8D22D08A1CDA47D1A52E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9c:ff:15:4a:43:d5:46:31:14:89:5c:e5:dd:
                    32:7b:5f:c6:77:8f:14:09:95:81:d1:9e:4c:f5:1d:
                    88:b3:90:08:7a:56:aa:e6:d8:b5:02:10:b7:b4:19:
                    a5:a7:64:03:bb:85:b0:16:2a:9f:af:9c:5d:3e:72:
                    45:5c:38:c8:1c:1a:33:bc:55:d4:5e:ec:d7:7c:3d:
                    ad:97:0b:84:fa:20:0f:0c:f4:d8:8b:6c:e3:fb:c3:
                    de:12:ca:6c:15:6e:1f:44:8b:5b:86:6b:93:32:93:
                    a9:71:b5:3f:39:ac:c3:73:97:90:db:a1:d1:fa:1d:
                    25:73:af:a4:f9:09:27:7a:4c:29:83:57:16:34:46:
                    a2:6e:52:76:9e:0c:17:21:d6:3f:cb:3a:3a:5b:b7:
                    36:9a:33:57:92:6a:36:c6:c1:55:23:ce:1a:c6:12:
                    b4:ee:2f:c5:20:2d:43:0d:9e:ef:ea:5a:22:d9:05:
                    e6:9d:05:c0:38:ae:e0:8a:d9:95:4a:c4:06:2d:7f:
                    ec:96:3b:7b:0d:e2:ae:9d:92:fd:5c:90:17:64:07:
                    96:d3:4f:84:66:11:cd:64:56:f4:d9:68:b4:f8:c8:
                    09:32:8e:1f:88:35:91:ba:3e:d4:49:0a:6f:5d:ed:
                    6a:85:81:81:af:6f:7d:35:f9:26:d6:91:91:43:e8:
                    51:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B7:3A:A8:53:66:8D:F1:5C:E8:D2:2D:08:A1:CD:A4:7D:1A:52:E0
            X509v3 Authority Key Identifier:
                keyid:B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         38:92:b3:d9:66:20:06:25:86:1c:ff:d4:db:3c:de:d5:cd:5e:
         f4:a1:62:68:6e:49:58:e5:68:a6:ac:d0:cc:7a:8b:78:43:d6:
         37:75:83:38:d0:71:32:b2:7f:6c:d1:bc:f4:5a:2a:e7:df:35:
         a7:d2:86:0c:27:88:26:7f:06:a9:5e:06:ed:94:60:dc:ea:07:
         12:b4:dd:45:5d:8c:6b:e4:b3:1b:56:0a:c1:bb:e9:eb:23:44:
         62:7d:ff:16:70:ca:00:15:73:58:f6:5b:d4:99:7b:67:66:22:
         2f:44:bc:d7:23:10:da:c1:16:fb:f9:59:66:a2:6d:d0:b0:6e:
         8c:b7:fc:03:45:94:8b:42:1d:f5:d6:ea:cc:f0:70:45:35:8f:
         bb:44:38:8a:49:f2:25:b0:91:ff:d0:b4:64:71:01:98:68:00:
         1b:16:03:59:0e:3b:99:ce:6e:b6:11:d2:1c:c4:21:ba:f2:7c:
         f0:8f:3e:7f:0a:7e:7d:e4:d4:03:73:28:de:48:b1:9c:50:5a:
         3c:c2:5a:86:20:1d:5e:b6:b4:0c:f5:d2:d6:5b:bd:cc:49:48:
         07:f8:ab:f9:b2:2f:f0:51:bc:b3:44:46:11:e2:f1:e7:89:ab:
         a3:e1:50:a5:cd:67:50:e3:73:f5:de:75:35:5e:4f:7b:60:0b:
         16:62:4e:9b
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUVtnObq7FqWSzNOGB9MNQQUKSS8kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjYwNTYxZGZmYmZkZTI1NWZlYzE0ZDRkOWYwZTEzZjQz
NzUzNTJlNDAeFw0yNjAzMjkxMjE0NTVaFw0yNjAzMzAxMzU1NTVaMDMxMTAvBgNV
BAMTKDk0QjczQUE4NTM2NjhERjE1Q0U4RDIyRDA4QTFDREE0N0QxQTUyRTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3nP8VSkPVRjEUiVzl3TJ7X8Z3
jxQJlYHRnkz1HYizkAh6Vqrm2LUCELe0GaWnZAO7hbAWKp+vnF0+ckVcOMgcGjO8
VdRe7Nd8Pa2XC4T6IA8M9NiLbOP7w94SymwVbh9Ei1uGa5Myk6lxtT85rMNzl5Db
odH6HSVzr6T5CSd6TCmDVxY0RqJuUnaeDBch1j/LOjpbtzaaM1eSajbGwVUjzhrG
ErTuL8UgLUMNnu/qWiLZBeadBcA4ruCK2ZVKxAYtf+yWO3sN4q6dkv1ckBdkB5bT
T4RmEc1kVvTZaLT4yAkyjh+INZG6PtRJCm9d7WqFgYGvb301+SbWkZFD6FE3AgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUlLc6qFNmjfFc6NItCKHNpH0aUuAwHwYDVR0j
BBgwFoAUtgVh3/v94lX+wU1Nnw4T9DdTUuQwDgYDVR0PAQH/BAQDAgeAMGcGA1Ud
HwRgMF4wXKBaoFiGVnJzeW5jOi8vcnBraS5uZWxsaWN1cy5uZXQvcmVwby9uZWxs
aWN1cy8wL0I2MDU2MURGRkJGREUyNTVGRUMxNEQ0RDlGMEUxM0Y0Mzc1MzUyRTQu
Y3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC90Z1ZoM192OTRsWC13VTFObnc0VDlE
ZFRVdVEuY2VyMHIGCCsGAQUFBwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly9y
cGtpLm5lbGxpY3VzLm5ldC9yZXBvL25lbGxpY3VzLzAvQjYwNTYxREZGQkZERTI1
NUZFQzE0RDREOUYwRTEzRjQzNzUzNTJFNC5tZnQwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMBUGCCsG
AQUFBwEIAQH/BAYwBKACBQAwDQYJKoZIhvcNAQELBQADggEBADiSs9lmIAYlhhz/
1Ns83tXNXvShYmhuSVjlaKas0Mx6i3hD1jd1gzjQcTKyf2zRvPRaKuffNafShgwn
iCZ/BqleBu2UYNzqBxK03UVdjGvksxtWCsG76esjRGJ9/xZwygAVc1j2W9SZe2dm
Ii9EvNcjENrBFvv5WWaibdCwboy3/ANFlItCHfXW6szwcEU1j7tEOIpJ8iWwkf/Q
tGRxAZhoABsWA1kOO5nObrYR0hzEIbryfPCPPn8Kfn3k1ANzKN5IsZxQWjzCWoYg
HV62tAz10tZbvcxJSAf4q/myL/BRvLNERhHi8eeJq6PhUKXNZ1Djc/XedTVeT3tg
CxZiTps=
-----END CERTIFICATE-----