Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft
File:                     KmU0qslEKjlNE5oagwPcBJWcHaA.mft (raw, json)
Hash identifier:          zPfA5/VOveQ8EJ8cVwAKglbes1DCnwBngAIaRhnVncs=
Subject key identifier:   BB:9C:E0:5F:D8:34:F7:89:1E:BF:95:2E:53:1F:93:E1:4F:02:37:21
Authority key identifier: 2A:65:34:AA:C9:44:2A:39:4D:13:9A:1A:83:03:DC:04:95:9C:1D:A0
Certificate issuer:       /CN=2a6534aac9442a394d139a1a8303dc04959c1da0
Certificate serial:       019D3865DF92269D2A81768C19E8108A23FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KmU0qslEKjlNE5oagwPcBJWcHaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft
Manifest number:          11A3
Signing time:             Sun 29 Mar 2026 07:01:33 +0000
Manifest this update:     Sun 29 Mar 2026 07:01:33 +0000
Manifest next update:     Mon 30 Mar 2026 07:01:33 +0000
Files and hashes:         1: KmU0qslEKjlNE5oagwPcBJWcHaA.crl (hash: wXVyxtozFkvydgM2Amsj6Fd3SJTgWxIAShypNVeEHxY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KmU0qslEKjlNE5oagwPcBJWcHaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:65:df:92:26:9d:2a:81:76:8c:19:e8:10:8a:23:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a6534aac9442a394d139a1a8303dc04959c1da0
        Validity
            Not Before: Mar 29 07:01:33 2026 GMT
            Not After : Mar 30 07:01:33 2026 GMT
        Subject: CN=bb9ce05fd834f7891ebf952e531f93e14f023721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b8:0c:5d:2d:b1:51:13:89:23:6d:2b:1b:ef:
                    1b:75:e0:77:c4:4b:65:be:67:b7:db:da:fd:d7:2e:
                    f3:c6:57:58:80:11:2c:9d:d0:61:bd:ae:e8:eb:4e:
                    36:08:ef:2e:03:00:0a:77:2c:ef:12:61:2c:7b:c8:
                    98:dd:cf:7c:bb:f9:94:98:2d:99:02:9d:ed:cf:20:
                    41:4b:c2:b9:5f:00:d2:3c:c5:52:3d:d8:f2:df:af:
                    38:d4:0a:e1:cd:6e:5f:9a:7e:b9:dc:4a:ab:05:03:
                    01:83:3c:ff:6b:3f:61:df:7b:b2:58:e3:35:23:91:
                    88:09:a2:cd:f9:08:0a:71:9e:a9:1d:36:2b:5e:d0:
                    35:0d:82:9b:60:1c:17:d8:4d:fa:0d:c9:2e:e1:79:
                    1a:ef:b6:13:dd:00:96:13:19:0d:3a:a4:af:4b:ba:
                    f5:b0:6b:74:5e:57:a6:a4:f0:a6:6b:31:38:09:03:
                    1b:3f:60:85:f0:33:be:18:ea:42:28:92:b4:f9:da:
                    ef:ed:e4:03:68:ee:6f:20:aa:25:5b:b1:92:6a:ba:
                    5f:f7:6f:16:2a:e9:d4:5e:8f:fd:64:b4:f1:89:a3:
                    75:eb:31:2b:f0:28:60:19:71:02:21:da:6c:fa:c7:
                    1b:1d:42:ff:bd:8f:da:34:23:ad:1b:d7:fc:e4:bc:
                    d8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:9C:E0:5F:D8:34:F7:89:1E:BF:95:2E:53:1F:93:E1:4F:02:37:21
            X509v3 Authority Key Identifier:
                keyid:2A:65:34:AA:C9:44:2A:39:4D:13:9A:1A:83:03:DC:04:95:9C:1D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KmU0qslEKjlNE5oagwPcBJWcHaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         7b:c1:85:64:9d:d8:0a:f2:55:32:58:e6:02:27:35:47:29:fd:
         d5:90:b3:8b:1b:e0:cb:99:30:1d:ce:ac:9b:ab:1b:a5:01:9b:
         75:d3:ea:b1:7f:83:8c:02:a0:82:55:aa:46:f0:6a:69:dd:7f:
         ef:db:d0:ae:d8:44:7f:e7:ad:36:c8:50:d7:46:01:db:15:e2:
         13:6b:b3:ad:9e:7c:6f:b8:d1:62:3b:48:6b:f0:5f:ff:71:35:
         1b:df:ed:ba:64:52:58:88:c8:f9:87:36:2e:8a:b9:ab:e5:79:
         53:13:7f:75:3c:58:57:38:9d:77:60:4f:74:71:6f:91:81:8c:
         42:09:bf:9f:5f:9c:a8:09:ae:8e:14:de:3e:05:2c:1e:4f:e9:
         b3:c8:fc:3c:63:ae:bc:64:cf:a8:ae:85:f9:77:b1:2f:eb:68:
         bd:8d:e7:2d:b4:bf:84:6f:7f:6e:b2:5f:34:a7:1e:3e:08:97:
         8c:37:91:41:74:4c:d8:d3:66:db:f6:8a:5e:19:2a:11:e3:a2:
         37:dc:6f:63:1a:75:b4:f8:18:d3:c1:b3:e9:16:00:e3:60:81:
         69:4e:fb:7a:50:50:10:2b:8a:1e:28:62:d3:26:2a:89:f3:4e:
         e0:5c:e9:66:39:a1:58:4e:d6:35:85:b5:5b:09:69:7a:c0:ad:
         64:57:b9:86
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04Zd+SJp0qgXaMGegQiiP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNjUzNGFhYzk0NDJhMzk0ZDEzOWExYTgzMDNkYzA0OTU5
YzFkYTAwHhcNMjYwMzI5MDcwMTMzWhcNMjYwMzMwMDcwMTMzWjAzMTEwLwYDVQQD
EyhiYjljZTA1ZmQ4MzRmNzg5MWViZjk1MmU1MzFmOTNlMTRmMDIzNzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbgMXS2xUROJI20rG+8bdeB3xEtl
vme329r91y7zxldYgBEsndBhva7o6042CO8uAwAKdyzvEmEse8iY3c98u/mUmC2Z
Ap3tzyBBS8K5XwDSPMVSPdjy36841ArhzW5fmn653EqrBQMBgzz/az9h33uyWOM1
I5GICaLN+QgKcZ6pHTYrXtA1DYKbYBwX2E36Dcku4Xka77YT3QCWExkNOqSvS7r1
sGt0XlempPCmazE4CQMbP2CF8DO+GOpCKJK0+drv7eQDaO5vIKolW7GSarpf928W
KunUXo/9ZLTxiaN16zEr8ChgGXECIdps+scbHUL/vY/aNCOtG9f85LzYMwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFLuc4F/YNPeJHr+VLlMfk+FPAjchMB8GA1UdIwQY
MBaAFCplNKrJRCo5TROaGoMD3ASVnB2gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS21VMHFzbEVLamxORTVvYWd3UGNCSldjSGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kMjM4OGYtZjhhOS00NDg1LTkzN2Yt
ODQwZmQ1MzUyZGMwLzEvS21VMHFzbEVLamxORTVvYWd3UGNCSldjSGFBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kMjM4OGYtZjhhOS00NDg1LTkzN2YtODQwZmQ1MzUyZGMw
LzEvS21VMHFzbEVLamxORTVvYWd3UGNCSldjSGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAe8GFZJ3Y
CvJVMljmAic1Ryn91ZCzixvgy5kwHc6sm6sbpQGbddPqsX+DjAKgglWqRvBqad1/
79vQrthEf+etNshQ10YB2xXiE2uzrZ58b7jRYjtIa/Bf/3E1G9/tumRSWIjI+Yc2
Loq5q+V5UxN/dTxYVzidd2BPdHFvkYGMQgm/n1+cqAmujhTePgUsHk/ps8j8PGOu
vGTPqK6F+XexL+tovY3nLbS/hG9/brJfNKcePgiXjDeRQXRM2NNm2/aKXhkqEeOi
N9xvYxp1tPgY08Gz6RYA42CBaU77elBQECuKHihi0yYqifNO4FzpZjmhWE7WNYW1
WwlpesCtZFe5hg==
-----END CERTIFICATE-----