Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          gIDCWSw3p/bUOQ2C0hdPU7bxUJ+kK77UnFcbwQb6pd0=
Subject key identifier:   79:D5:13:9B:40:D8:8B:92:96:82:65:C9:A0:44:7C:9B:A6:7F:F4:DA
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       019D3A53DB4A8EFCC35D33D6749108387B3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          188C
Signing time:             Sun 29 Mar 2026 16:01:07 +0000
Manifest this update:     Sun 29 Mar 2026 16:01:07 +0000
Manifest next update:     Mon 30 Mar 2026 16:01:07 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: WCO8yULABLU0znweGT8DAhnwScilwQufgoxf2urNaBQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 08:48:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3a:53:db:4a:8e:fc:c3:5d:33:d6:74:91:08:38:7b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Mar 29 16:01:07 2026 GMT
            Not After : Mar 30 16:01:07 2026 GMT
        Subject: CN=79d5139b40d88b92968265c9a0447c9ba67ff4da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b0:58:fb:b1:ae:89:d2:5a:5f:cb:6c:dc:2f:
                    76:bf:fd:f6:96:91:2c:81:ba:1c:f8:f1:d9:24:5b:
                    f8:9b:94:1a:ae:fb:f1:e4:7f:ad:c3:fb:4c:1e:6f:
                    ba:ff:19:70:e8:ad:fc:cf:8d:aa:d9:20:60:21:ec:
                    78:a1:b2:27:f1:e8:bd:d9:39:2e:a0:e0:e7:e3:4a:
                    c8:d1:71:12:95:b0:d2:d5:97:6b:9e:88:b2:9e:c4:
                    ef:85:a4:4d:ed:30:15:d1:8f:f3:7c:f2:7d:00:1d:
                    34:b4:df:f9:21:a5:3d:4a:9d:53:55:d7:bf:02:10:
                    5a:c0:1a:5d:e9:a8:c6:fb:3d:a2:3e:08:b2:b3:c8:
                    0a:d4:f4:9e:ef:db:dd:82:61:d9:86:a0:8b:66:9b:
                    4d:c0:19:83:87:48:74:3d:ba:dc:33:cd:a9:98:e1:
                    5f:27:dd:ac:71:d6:02:ff:8d:f0:9e:2e:5d:e0:1e:
                    4c:96:8f:b2:93:93:9c:d0:9a:18:84:75:93:be:66:
                    18:f8:9b:07:38:fa:3e:de:a3:66:56:93:84:8d:e7:
                    f4:2e:4f:c4:d5:11:a6:32:e1:03:bb:30:a0:b4:26:
                    85:7c:11:93:2e:de:73:f4:e8:d3:66:80:18:11:88:
                    c9:91:e3:23:9a:83:0c:c1:f3:8e:0d:e0:65:1c:29:
                    d6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:D5:13:9B:40:D8:8B:92:96:82:65:C9:A0:44:7C:9B:A6:7F:F4:DA
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a3:d6:39:95:0a:9d:d7:f8:b2:81:2a:0d:d8:af:d4:d2:1a:0c:
         90:72:71:35:aa:2a:5f:94:40:d8:0a:47:15:42:a2:de:da:7d:
         82:77:d3:34:00:7e:01:e2:ae:6e:7e:01:e0:af:5a:7b:c1:89:
         d4:18:92:28:5e:4e:80:61:bf:58:79:22:61:95:a6:93:1e:92:
         4b:0c:4b:0b:58:50:71:a5:0f:49:09:2d:b9:52:e7:5d:c8:62:
         0c:3e:27:b0:cf:91:72:0e:cf:8f:36:e9:71:3d:58:9a:38:00:
         ad:44:6d:c3:ef:02:ba:3b:11:b4:2e:d7:dc:49:df:cc:40:a6:
         52:db:19:80:ad:a6:99:0f:b9:5d:8e:81:01:05:0b:b6:ac:63:
         2e:95:36:8a:9f:c4:6f:be:0b:07:7f:40:ec:4f:f1:f1:0a:80:
         14:40:d9:55:3f:97:76:74:90:ae:39:9b:79:5f:f5:f3:c7:9a:
         c5:24:d4:17:20:c6:de:7c:9b:c8:66:70:e5:f0:d7:68:c6:c6:
         20:aa:56:a5:5b:ed:78:e0:a6:96:99:85:de:e2:5c:21:9a:72:
         fe:31:fb:15:62:1c:a2:a5:1b:e5:5e:46:87:81:4e:7e:ce:71:
         a0:75:44:4a:33:be:b8:73:ee:74:66:3f:08:c8:23:2c:bd:c1:
         87:e1:0e:69
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ06U9tKjvzDXTPWdJEIOHs6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjYwMzI5MTYwMTA3WhcNMjYwMzMwMTYwMTA3WjAzMTEwLwYDVQQD
Eyg3OWQ1MTM5YjQwZDg4YjkyOTY4MjY1YzlhMDQ0N2M5YmE2N2ZmNGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbBY+7GuidJaX8ts3C92v/32lpEs
gboc+PHZJFv4m5Qarvvx5H+tw/tMHm+6/xlw6K38z42q2SBgIex4obIn8ei92Tku
oODn40rI0XESlbDS1ZdrnoiynsTvhaRN7TAV0Y/zfPJ9AB00tN/5IaU9Sp1TVde/
AhBawBpd6ajG+z2iPgiys8gK1PSe79vdgmHZhqCLZptNwBmDh0h0PbrcM82pmOFf
J92scdYC/43wni5d4B5Mlo+yk5Oc0JoYhHWTvmYY+JsHOPo+3qNmVpOEjef0Lk/E
1RGmMuEDuzCgtCaFfBGTLt5z9OjTZoAYEYjJkeMjmoMMwfOODeBlHCnWQQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHnVE5tA2IuSloJlyaBEfJumf/TaMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAo9Y5lQqd
1/iygSoN2K/U0hoMkHJxNaoqX5RA2ApHFUKi3tp9gnfTNAB+AeKubn4B4K9ae8GJ
1BiSKF5OgGG/WHkiYZWmkx6SSwxLC1hQcaUPSQktuVLnXchiDD4nsM+Rcg7Pjzbp
cT1YmjgArURtw+8CujsRtC7X3EnfzECmUtsZgK2mmQ+5XY6BAQULtqxjLpU2ip/E
b74LB39A7E/x8QqAFEDZVT+XdnSQrjmbeV/188eaxSTUFyDG3nybyGZw5fDXaMbG
IKpWpVvteOCmlpmF3uJcIZpy/jH7FWIcoqUb5V5Gh4FOfs5xoHVESjO+uHPudGY/
CMgjLL3Bh+EOaQ==
-----END CERTIFICATE-----