Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/9c6167-ff9d-451b-84eb-7770e790720f/1/AhtowZzVXWul-GX7DdDW-MnZ49o.mft
File:                     AhtowZzVXWul-GX7DdDW-MnZ49o.mft (raw, json)
Hash identifier:          j2YkbLUgZTfS3ALXcg94bfM0ZbkJHv8CR0XyJRicWQU=
Subject key identifier:   32:A1:30:34:34:F6:BD:45:C5:43:D4:8A:E9:9B:E4:93:B8:47:84:17
Authority key identifier: 02:1B:68:C1:9C:D5:5D:6B:A5:F8:65:FB:0D:D0:D6:F8:C9:D9:E3:DA
Certificate issuer:       /CN=021b68c19cd55d6ba5f865fb0dd0d6f8c9d9e3da
Certificate serial:       019D3865600A58C0ABB91A54036567B9E4EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AhtowZzVXWul-GX7DdDW-MnZ49o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/9c6167-ff9d-451b-84eb-7770e790720f/1/AhtowZzVXWul-GX7DdDW-MnZ49o.mft
Manifest number:          0343
Signing time:             Sun 29 Mar 2026 07:01:00 +0000
Manifest this update:     Sun 29 Mar 2026 07:01:00 +0000
Manifest next update:     Mon 30 Mar 2026 07:01:00 +0000
Files and hashes:         1: AhtowZzVXWul-GX7DdDW-MnZ49o.crl (hash: ySyYAMiS1vQlt2fPsDeaL36U4UmtGFewt3YncG6+FBs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/9c6167-ff9d-451b-84eb-7770e790720f/1/AhtowZzVXWul-GX7DdDW-MnZ49o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/9c6167-ff9d-451b-84eb-7770e790720f/1/AhtowZzVXWul-GX7DdDW-MnZ49o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AhtowZzVXWul-GX7DdDW-MnZ49o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:65:60:0a:58:c0:ab:b9:1a:54:03:65:67:b9:e4:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=021b68c19cd55d6ba5f865fb0dd0d6f8c9d9e3da
        Validity
            Not Before: Mar 29 07:01:00 2026 GMT
            Not After : Mar 30 07:01:00 2026 GMT
        Subject: CN=32a1303434f6bd45c543d48ae99be493b8478417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a2:ff:dc:39:07:58:66:d7:2b:87:77:69:9a:
                    a8:7a:d0:fb:27:20:42:94:d0:93:f4:ef:f1:dd:ef:
                    f4:5a:ca:9b:8b:d0:34:07:21:9f:00:b4:69:2a:28:
                    1f:30:84:45:86:35:3f:b0:f0:a5:99:a3:c7:92:4f:
                    8a:7f:4d:11:d0:98:4d:21:a5:6b:7a:3a:3d:f1:c9:
                    6c:02:bb:aa:ba:39:4e:74:1f:df:20:f7:c0:aa:f7:
                    e5:7c:6b:97:6c:f0:44:11:03:c7:09:99:9e:a3:27:
                    a9:89:ac:1f:0d:ad:1f:f2:d3:6f:91:1b:b1:66:94:
                    a7:83:6b:26:bf:33:d6:9e:c7:fe:52:39:c7:93:65:
                    c7:79:86:df:13:1e:37:5c:85:9e:fe:fe:38:26:81:
                    2d:ae:18:c3:c2:3c:05:88:a4:01:e0:4e:1a:cc:47:
                    44:92:86:96:87:e5:b4:71:f8:0d:da:06:08:44:12:
                    ce:73:db:4b:46:79:42:9e:43:4d:0a:c9:35:56:a5:
                    bf:98:2f:35:ad:cb:bf:8d:aa:54:46:46:c7:ae:a1:
                    d4:bb:bb:1e:32:a2:b7:b0:e7:b4:ee:4a:43:0a:34:
                    5b:a6:e0:c1:12:4f:e2:f9:2d:73:6d:ee:9a:b8:97:
                    72:76:69:2f:1d:81:7a:22:7a:59:00:3d:f4:8f:6b:
                    dc:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:A1:30:34:34:F6:BD:45:C5:43:D4:8A:E9:9B:E4:93:B8:47:84:17
            X509v3 Authority Key Identifier:
                keyid:02:1B:68:C1:9C:D5:5D:6B:A5:F8:65:FB:0D:D0:D6:F8:C9:D9:E3:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AhtowZzVXWul-GX7DdDW-MnZ49o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9c6167-ff9d-451b-84eb-7770e790720f/1/AhtowZzVXWul-GX7DdDW-MnZ49o.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/9c6167-ff9d-451b-84eb-7770e790720f/1/AhtowZzVXWul-GX7DdDW-MnZ49o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6c:72:23:18:60:3b:e5:e4:4a:30:15:66:fa:d9:f0:e6:d3:66:
         d0:41:73:95:e5:d3:4b:5e:5b:4d:4c:42:48:b4:15:43:89:b6:
         c8:40:41:83:f4:4d:70:13:12:73:c2:5d:d0:d1:f1:ef:6d:ee:
         77:d2:b8:0c:5d:b1:f2:c4:d7:65:4e:4e:0d:63:7c:50:ae:3f:
         eb:0b:d1:92:e1:5f:1a:b1:49:e4:49:aa:0f:3d:33:c6:ae:21:
         3f:17:a2:cd:da:92:9a:01:65:dc:4a:ed:c6:cc:cf:d6:ba:29:
         e2:21:0d:2b:2d:fc:55:ab:a1:96:a8:ac:48:84:bb:7b:08:09:
         50:5d:bf:f1:ba:cf:03:38:7b:3a:18:86:cc:d3:ee:bd:4e:4f:
         f6:8d:d6:d5:d7:44:3f:62:27:56:05:60:34:86:52:ed:7b:df:
         f6:87:17:c3:6f:b1:24:5f:12:39:d2:fc:e5:86:52:29:85:c3:
         a7:de:8c:47:d2:fa:ad:b0:a4:8a:6d:46:ec:f8:8c:68:fd:af:
         12:8c:c5:b3:05:5c:0f:41:4c:4e:e9:f3:45:66:21:17:79:f0:
         48:2a:b8:17:32:75:66:3f:1a:27:22:ea:db:fd:c6:35:ae:2a:
         07:fd:17:36:55:53:91:ad:c9:97:0c:81:f2:a6:48:bd:63:06:
         fe:d1:9a:c2
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04ZWAKWMCruRpUA2VnueTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMWI2OGMxOWNkNTVkNmJhNWY4NjVmYjBkZDBkNmY4Yzlk
OWUzZGEwHhcNMjYwMzI5MDcwMTAwWhcNMjYwMzMwMDcwMTAwWjAzMTEwLwYDVQQD
EygzMmExMzAzNDM0ZjZiZDQ1YzU0M2Q0OGFlOTliZTQ5M2I4NDc4NDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKL/3DkHWGbXK4d3aZqoetD7JyBC
lNCT9O/x3e/0Wsqbi9A0ByGfALRpKigfMIRFhjU/sPClmaPHkk+Kf00R0JhNIaVr
ejo98clsAruqujlOdB/fIPfAqvflfGuXbPBEEQPHCZmeoyepiawfDa0f8tNvkRux
ZpSng2smvzPWnsf+UjnHk2XHeYbfEx43XIWe/v44JoEtrhjDwjwFiKQB4E4azEdE
koaWh+W0cfgN2gYIRBLOc9tLRnlCnkNNCsk1VqW/mC81rcu/japURkbHrqHUu7se
MqK3sOe07kpDCjRbpuDBEk/i+S1zbe6auJdydmkvHYF6InpZAD30j2vcPQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDKhMDQ09r1FxUPUiumb5JO4R4QXMB8GA1UdIwQY
MBaAFAIbaMGc1V1rpfhl+w3Q1vjJ2ePaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWh0b3daelZYV3VsLUdYN0RkRFctTW5aNDlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi85YzYxNjctZmY5ZC00NTFiLTg0ZWIt
Nzc3MGU3OTA3MjBmLzEvQWh0b3daelZYV3VsLUdYN0RkRFctTW5aNDlvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi85YzYxNjctZmY5ZC00NTFiLTg0ZWItNzc3MGU3OTA3MjBm
LzEvQWh0b3daelZYV3VsLUdYN0RkRFctTW5aNDlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAbHIjGGA7
5eRKMBVm+tnw5tNm0EFzleXTS15bTUxCSLQVQ4m2yEBBg/RNcBMSc8Jd0NHx723u
d9K4DF2x8sTXZU5ODWN8UK4/6wvRkuFfGrFJ5EmqDz0zxq4hPxeizdqSmgFl3Ert
xszP1rop4iENKy38VauhlqisSIS7ewgJUF2/8brPAzh7OhiGzNPuvU5P9o3W1ddE
P2InVgVgNIZS7Xvf9ocXw2+xJF8SOdL85YZSKYXDp96MR9L6rbCkim1G7PiMaP2v
EozFswVcD0FMTunzRWYhF3nwSCq4FzJ1Zj8aJyLq2/3GNa4qB/0XNlVTka3JlwyB
8qZIvWMG/tGawg==
-----END CERTIFICATE-----