Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
File:                     2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft (raw, json)
Hash identifier:          UHnEyR0ZnRolTE7ZGkaFH7uUCooAfSFMC3ge5iCDhNM=
Subject key identifier:   FE:A1:18:1A:93:B3:5C:74:D5:73:69:AA:76:D7:45:0A:1C:4E:B3:3E
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       019D3909F9E19FE714FF02BEECDB944EEB4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
Manifest number:          18A7
Signing time:             Sun 29 Mar 2026 10:00:48 +0000
Manifest this update:     Sun 29 Mar 2026 10:00:48 +0000
Manifest next update:     Mon 30 Mar 2026 10:00:48 +0000
Files and hashes:         1: 2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl (hash: 6w49T5tZdlTBxudjxSt5ZUi+FPqzJLNkR0C63JGxHMI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 08:48:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:09:f9:e1:9f:e7:14:ff:02:be:ec:db:94:4e:eb:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Mar 29 10:00:48 2026 GMT
            Not After : Mar 30 10:00:48 2026 GMT
        Subject: CN=fea1181a93b35c74d57369aa76d7450a1c4eb33e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:43:08:2b:7e:21:ec:96:19:d6:af:df:54:ee:
                    86:35:89:12:d0:8f:11:79:54:f5:e3:02:cb:ee:02:
                    76:4b:03:3e:00:4f:bd:55:dd:b1:66:49:00:1b:a4:
                    db:5d:03:56:d7:87:58:b3:2a:10:86:24:83:47:82:
                    e4:38:e3:dc:6c:7e:43:7b:42:fb:d7:dc:8e:53:2c:
                    73:76:42:25:ba:93:1b:93:b5:d4:41:92:62:00:a2:
                    c5:6f:d2:db:bc:8c:e7:51:67:c7:84:93:2a:62:5f:
                    22:32:df:65:8e:92:2e:e1:35:24:77:4a:f9:6e:ec:
                    ca:36:5a:99:15:4d:4a:ad:89:58:5a:a9:04:22:9d:
                    c5:1b:ed:a5:a0:44:f2:41:16:8e:87:59:8f:30:21:
                    be:1a:98:69:96:5c:ea:35:7b:be:38:07:67:45:dd:
                    ba:bc:31:49:07:0b:f4:98:71:47:60:db:a7:1c:65:
                    89:84:92:31:be:58:fc:2e:4e:2c:58:bb:46:ce:87:
                    d6:68:e6:01:d8:c8:c5:e6:9b:6a:70:a9:3a:8e:72:
                    f5:11:7d:9e:38:38:e7:82:20:5d:21:ca:e7:4e:58:
                    99:6e:8e:96:27:f5:85:26:8a:bc:06:c9:e0:6a:7b:
                    e8:14:f8:49:3d:c0:02:bd:a3:56:d5:d1:3f:5c:f7:
                    b4:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:A1:18:1A:93:B3:5C:74:D5:73:69:AA:76:D7:45:0A:1C:4E:B3:3E
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         53:3a:20:9d:7b:07:7d:8a:f9:af:b1:34:c1:cf:47:ed:78:9b:
         47:bb:da:6b:f6:c2:70:a9:70:2c:b2:28:df:66:30:8b:51:03:
         df:f4:85:ca:ec:43:52:af:16:2a:51:48:73:f1:80:11:ec:71:
         6e:52:9b:82:b3:0d:11:55:75:ee:69:a5:67:52:11:3b:44:c8:
         5d:f8:57:14:ef:e0:df:e2:91:09:58:c0:6d:68:f1:f5:f6:dc:
         15:5e:48:84:ef:2c:c1:8c:4e:de:7e:a9:b7:e6:47:bf:f7:da:
         72:e4:92:02:90:27:6e:3c:b7:95:0e:d6:8f:43:99:56:f0:51:
         a6:e3:c5:bb:56:7e:23:ab:10:76:d8:17:e8:f3:0f:8a:a5:77:
         f4:6c:95:a0:99:29:60:90:c8:24:22:91:fe:7f:34:b1:8e:8a:
         55:34:54:1d:ac:2f:c2:fd:e0:4b:69:d0:d8:7a:22:f7:71:25:
         7d:79:d7:40:39:09:55:0a:63:96:1a:a2:be:78:4f:3b:fb:3b:
         ae:21:89:6f:b8:ab:20:c9:f3:43:61:25:08:4e:5b:4b:2c:dd:
         35:f8:da:bb:ac:b0:ab:32:5a:1c:86:43:b3:cc:2a:15:41:cd:
         2f:9c:80:ad:03:a1:fc:55:ca:4c:3e:69:ea:4a:e3:2c:69:66:
         63:e0:af:2f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05Cfnhn+cU/wK+7NuUTutOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjYwMzI5MTAwMDQ4WhcNMjYwMzMwMTAwMDQ4WjAzMTEwLwYDVQQD
EyhmZWExMTgxYTkzYjM1Yzc0ZDU3MzY5YWE3NmQ3NDUwYTFjNGViMzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UMIK34h7JYZ1q/fVO6GNYkS0I8R
eVT14wLL7gJ2SwM+AE+9Vd2xZkkAG6TbXQNW14dYsyoQhiSDR4LkOOPcbH5De0L7
19yOUyxzdkIlupMbk7XUQZJiAKLFb9LbvIznUWfHhJMqYl8iMt9ljpIu4TUkd0r5
buzKNlqZFU1KrYlYWqkEIp3FG+2loETyQRaOh1mPMCG+GphpllzqNXu+OAdnRd26
vDFJBwv0mHFHYNunHGWJhJIxvlj8Lk4sWLtGzofWaOYB2MjF5ptqcKk6jnL1EX2e
ODjngiBdIcrnTliZbo6WJ/WFJoq8BsnganvoFPhJPcACvaNW1dE/XPe08QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFP6hGBqTs1x01XNpqnbXRQocTrM+MB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAUzognXsH
fYr5r7E0wc9H7XibR7vaa/bCcKlwLLIo32Ywi1ED3/SFyuxDUq8WKlFIc/GAEexx
blKbgrMNEVV17mmlZ1IRO0TIXfhXFO/g3+KRCVjAbWjx9fbcFV5IhO8swYxO3n6p
t+ZHv/facuSSApAnbjy3lQ7Wj0OZVvBRpuPFu1Z+I6sQdtgX6PMPiqV39GyVoJkp
YJDIJCKR/n80sY6KVTRUHawvwv3gS2nQ2Hoi93ElfXnXQDkJVQpjlhqivnhPO/s7
riGJb7irIMnzQ2ElCE5bSyzdNfjau6ywqzJaHIZDs8wqFUHNL5yArQOh/FXKTD5p
6krjLGlmY+CvLw==
-----END CERTIFICATE-----