Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
File:                     520NqzR6OOK4e1oiovfJ4hwYybw.mft (raw, json)
Hash identifier:          RTr2Z7TWcoh34tV5z/sx3R66e37ZLC3OFVyloEOecSM=
Subject key identifier:   28:86:A4:AB:7C:EE:22:3D:55:00:45:28:9F:05:D6:56:00:30:E0:65
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       019CC750A695A03AE8EE8CA8903D26E0AFCB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
Manifest number:          1342
Signing time:             Sat 07 Mar 2026 08:01:17 +0000
Manifest this update:     Sat 07 Mar 2026 08:01:17 +0000
Manifest next update:     Sun 08 Mar 2026 08:01:17 +0000
Files and hashes:         1: 1dfOhFGT4Rz19mHWVabW0kWxTss.roa (hash: Rjg1gNguWYpEwGKvfk1H+hd0eMsqKT2A4N+C2/8Q+uQ=)
                          2: 520NqzR6OOK4e1oiovfJ4hwYybw.crl (hash: qp8H7+99fJEmo6DnsJd9PdYq0Hcm2vqTfYm9ZIZGbgQ=)
                          3: 7EPxlfzuNdNfziGNw3Hj7EoZj1Q.roa (hash: fYUfx118C/cw672kHDWSH3DD1Ik9WuMEeaQ/qAV9tYE=)
                          4: 9EzrkfCb3685-QENXXhTIl2uZz4.roa (hash: 4o0MB77YQKRQiZHQrZxR1nkb/HsRFN1Kq0iR4K53WZA=)
                          5: DVIKLwP8b0UVJE_X0Zz4hLCMFmU.roa (hash: 2ROrixfhF0UtgJihhtThPaEztRX+VVHt8WTM1ZfZQ1o=)
                          6: Fn3txwFOnsHfJqp3dmOvAMcvgHc.roa (hash: 0tFPd6mFP89u9IcgrQmVyEuYoDxe9S4zwwRr4qndNks=)
                          7: RqZv9lI-beWajs98dICrEK2DwUM.roa (hash: z0DWSEDfb+oWc/lkT9R9ehjWWb2y0A0CPcHglnAYRf8=)
                          8: Ud0XI3ub85_CL2l55YZW3cXrctA.roa (hash: 2gMJyy7om8/uY1IqvCz0ubvDeUV63nAu6cUom48+3U0=)
                          9: ao5k8aMHz2Rr-UFohnKN0Vsy0ts.roa (hash: qeXz8tDdKItxGK8qtWsvUAbM0Ooz+MmMiDN8cvBIyTQ=)
                          10: bbXWGNkALy-ajnXnVwsq6VcslC8.roa (hash: lOmBCerqz+GglurufDI5e+15DQVwzjxcTvAfkACkLYE=)
                          11: jTMEUhkl6sKPDlW6gGgXZsH4VwQ.roa (hash: bLe2Zk8IquF+7aI/fXPQxZklmLIeFhH3W5DkdYCydQA=)
                          12: r-NoE_XHTABnwPRM9GdFHoEeHJo.roa (hash: qsD5Rt9CKRxXFQG5JSeN7cqv7sQvsG2HbFGsWmdhdi8=)
                          13: rIIpXZCn7E3HgJjpCaYYUR4k6ZI.roa (hash: Vvylnj2QqF4AFfq4GCTBxANmDk4TfXB5W5GNlTLI/Qw=)
                          14: rp3l1DRMo7bxNlcekPEumkx_Cu4.roa (hash: cvH000yVT30CU4NGwC5k2pFAaWGJcYLG4wfqKOyLWIU=)
                          15: s9E0mrs6RE5G3diI6qJ2dNaQlCY.roa (hash: ALHEFczsxrK3P9zm6czuHQOWsz9Vxib3j6fIwRLXdsA=)
                          16: smuPovOHBHHaIAv32qcc0ZyhNkQ.roa (hash: HcQ/8p3eoCWjnnKfMtVzm8focRBIq46dCnVV7vdjMxQ=)
                          17: v94LL-qGGgahldRNvzQc-ZVS3KI.roa (hash: a3YAXYAGQiNiI/eRCe9RKvTaP1hHvgR2d27wk4bq6Cw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 04:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c7:50:a6:95:a0:3a:e8:ee:8c:a8:90:3d:26:e0:af:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Mar  7 08:01:17 2026 GMT
            Not After : Mar  8 08:01:17 2026 GMT
        Subject: CN=2886a4ab7cee223d550045289f05d6560030e065
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e5:a3:8b:79:c1:b0:81:b5:89:66:4b:6e:95:
                    50:da:fd:68:32:82:da:dd:ce:93:cc:20:52:db:37:
                    ad:fc:ab:dc:5c:d5:05:f7:c5:ce:08:56:27:0e:a8:
                    64:bd:9b:f9:75:f3:54:45:25:8f:a8:13:26:86:d7:
                    07:53:29:b3:a6:ca:7c:ff:2a:fc:78:3b:5b:bf:4e:
                    2c:0a:e8:cb:53:b1:6d:ae:58:66:a7:d9:b6:bc:a8:
                    a2:e0:e4:b7:c7:2e:5b:86:1e:90:bd:75:f2:0d:5d:
                    17:ea:6d:d7:88:be:71:cf:58:d6:e2:a5:d8:6e:18:
                    57:30:08:63:a1:3f:cf:f5:2c:3c:4d:8b:e3:2c:01:
                    f8:26:6e:8d:4f:d6:df:45:0b:3a:5d:8c:cf:82:f7:
                    5f:5c:a9:dd:91:e4:9b:52:5b:e8:cf:71:b9:8a:78:
                    b6:44:df:ef:eb:77:43:c8:74:75:a8:35:66:6b:30:
                    67:72:77:55:b1:97:41:a7:fd:7d:65:69:52:c2:0e:
                    2a:a9:bb:ac:90:f2:f5:c0:34:dc:fb:8d:9d:ca:0d:
                    65:ee:99:ab:74:5b:e9:3f:b7:4a:4e:2e:45:e1:17:
                    d0:1b:43:3c:05:93:a7:56:8a:b2:17:2d:60:42:81:
                    ac:3a:e6:3e:34:a9:2b:c0:d0:ee:13:15:b8:b5:86:
                    e9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:86:A4:AB:7C:EE:22:3D:55:00:45:28:9F:05:D6:56:00:30:E0:65
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         40:38:70:1f:b3:26:5b:a8:e9:23:ce:e1:5d:1b:17:b2:5b:61:
         77:10:7d:64:ea:08:a9:15:2b:b5:6e:3c:8a:e5:28:13:6d:53:
         4f:55:b9:87:1c:d3:55:e1:3f:fd:2b:54:80:ff:f9:c6:97:1b:
         78:55:eb:10:69:c7:4f:5f:b2:c0:fd:ee:d6:8e:c6:62:2b:af:
         fb:3f:20:02:1c:d3:c3:d7:a5:7e:0e:d9:8e:f7:4a:31:63:d2:
         a0:2b:2e:79:22:58:43:ff:65:26:6b:5a:d9:ac:86:db:4e:ab:
         46:6a:88:ab:00:6e:9a:b8:c7:d2:66:78:76:f9:2e:b0:31:58:
         18:d3:48:38:c5:6c:b4:2b:fe:10:4c:21:5b:62:d8:f9:8d:4b:
         9d:98:b8:e8:2d:d8:dd:b6:b0:3f:19:d9:f9:d1:39:f0:17:c3:
         47:ae:b5:35:bd:e9:72:2a:c9:f3:39:c6:37:0b:6a:8f:8d:9a:
         57:a2:ba:64:45:2a:36:05:fe:22:a1:88:b6:44:9f:84:4f:c9:
         98:a6:d8:36:4f:84:3f:2a:72:34:b3:64:3f:93:b2:b5:3a:4a:
         35:45:2d:08:7d:83:91:0e:a4:04:99:96:b8:f3:9b:6e:ed:e3:
         6f:bf:db:d6:53:74:87:4a:2c:e6:b7:14:0e:91:f6:2c:3e:d1:
         3e:d5:25:2c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZzHUKaVoDro7oyokD0m4K/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjYwMzA3MDgwMTE3WhcNMjYwMzA4MDgwMTE3WjAzMTEwLwYDVQQD
EygyODg2YTRhYjdjZWUyMjNkNTUwMDQ1Mjg5ZjA1ZDY1NjAwMzBlMDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+Wji3nBsIG1iWZLbpVQ2v1oMoLa
3c6TzCBS2zet/KvcXNUF98XOCFYnDqhkvZv5dfNURSWPqBMmhtcHUymzpsp8/yr8
eDtbv04sCujLU7Ftrlhmp9m2vKii4OS3xy5bhh6QvXXyDV0X6m3XiL5xz1jW4qXY
bhhXMAhjoT/P9Sw8TYvjLAH4Jm6NT9bfRQs6XYzPgvdfXKndkeSbUlvoz3G5ini2
RN/v63dDyHR1qDVmazBncndVsZdBp/19ZWlSwg4qqbuskPL1wDTc+42dyg1l7pmr
dFvpP7dKTi5F4RfQG0M8BZOnVoqyFy1gQoGsOuY+NKkrwNDuExW4tYbpYQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCiGpKt87iI9VQBFKJ8F1lYAMOBlMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAQDhwH7Mm
W6jpI87hXRsXslthdxB9ZOoIqRUrtW48iuUoE21TT1W5hxzTVeE//StUgP/5xpcb
eFXrEGnHT1+ywP3u1o7GYiuv+z8gAhzTw9elfg7ZjvdKMWPSoCsueSJYQ/9lJmta
2ayG206rRmqIqwBumrjH0mZ4dvkusDFYGNNIOMVstCv+EEwhW2LY+Y1LnZi46C3Y
3bawPxnZ+dE58BfDR661Nb3pcirJ8znGNwtqj42aV6K6ZEUqNgX+IqGItkSfhE/J
mKbYNk+EPypyNLNkP5OytTpKNUUtCH2DkQ6kBJmWuPObbu3jb7/b1lN0h0os5rcU
DpH2LD7RPtUlLA==
-----END CERTIFICATE-----