Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
File:                     OhsBRND2_wuDzON2eUYxdFt8p6A.mft (raw, json)
Hash identifier:          cmPv4KOEKYKOepjNrbWm+udtk43a6WzDUNXxtA6oSwQ=
Subject key identifier:   14:0F:F1:E9:BB:42:3E:7A:13:10:EB:B0:37:C0:53:30:43:04:67:03
Authority key identifier: 3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0
Certificate issuer:       /CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
Certificate serial:       019D3909A248C8D512DC78AAC9E16724238B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
Manifest number:          13C0
Signing time:             Sun 29 Mar 2026 10:00:25 +0000
Manifest this update:     Sun 29 Mar 2026 10:00:25 +0000
Manifest next update:     Mon 30 Mar 2026 10:00:25 +0000
Files and hashes:         1: OhsBRND2_wuDzON2eUYxdFt8p6A.crl (hash: lmUVkPwcuRA9INyL3Li+9WCq9NGkY8WMajrl+CXRMPY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:09:a2:48:c8:d5:12:dc:78:aa:c9:e1:67:24:23:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
        Validity
            Not Before: Mar 29 10:00:25 2026 GMT
            Not After : Mar 30 10:00:25 2026 GMT
        Subject: CN=140ff1e9bb423e7a1310ebb037c0533043046703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:90:2b:b7:ee:72:bd:87:c0:8e:ba:40:6f:ce:
                    58:b2:83:70:93:d6:d0:83:27:fd:b6:e0:5d:52:3e:
                    7e:f1:8a:8e:01:d8:04:49:ff:13:71:fa:e1:e1:06:
                    ea:ef:f3:ed:71:b8:d3:61:a6:c7:68:ca:0e:c3:53:
                    77:f3:e0:29:c5:79:66:66:d0:46:d8:0f:fa:03:c4:
                    0e:e8:9c:85:ba:72:c2:0d:10:87:9a:fd:e2:7a:4e:
                    9f:00:9a:db:3a:ea:86:4d:a4:a4:21:27:8b:65:dc:
                    d4:68:3a:1c:46:fc:bf:d6:73:f3:f6:f0:9e:4d:81:
                    ed:7b:17:11:62:dc:b4:31:1b:a2:ef:b4:f1:28:ac:
                    00:60:4a:b7:31:8b:58:75:54:78:ec:65:da:80:8a:
                    34:d7:8f:a1:8b:c5:56:22:a3:88:20:af:5a:38:1a:
                    ea:2b:b6:8f:02:0a:2e:f8:82:f3:52:e6:ef:45:c0:
                    7f:06:c8:f7:c9:bd:37:c5:fb:4a:fb:b4:87:27:43:
                    e0:be:49:02:ef:e4:4f:b3:b5:9f:61:57:2e:80:45:
                    46:b3:1b:35:50:6a:e3:2d:7f:50:77:79:66:1b:7f:
                    c2:4e:b0:5b:3e:5b:9f:26:fd:f3:41:93:2f:b3:a0:
                    1e:4e:19:a2:cf:92:6a:25:5d:a2:c7:73:12:da:8a:
                    ad:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:0F:F1:E9:BB:42:3E:7A:13:10:EB:B0:37:C0:53:30:43:04:67:03
            X509v3 Authority Key Identifier:
                keyid:3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         10:ab:32:8a:a3:f0:80:00:3c:8b:25:39:80:76:9b:33:13:b4:
         da:d3:24:a1:5b:50:53:ac:16:1d:36:11:96:e7:8d:5d:c4:69:
         70:85:c3:d2:17:08:ff:22:de:d1:bb:71:08:3f:a6:9e:9b:1f:
         b5:cf:cb:e7:96:6c:7d:b1:9b:19:4c:62:79:2d:7b:8e:bb:f5:
         78:63:34:57:74:2c:2c:32:a2:40:15:c2:07:41:a2:08:f0:68:
         5d:f2:65:2c:89:ed:52:6f:f5:7c:f3:c3:e7:e7:d8:33:78:ad:
         fe:38:13:c0:f4:5a:f4:42:c2:ac:1e:98:16:d5:40:e8:e9:60:
         92:e4:94:b1:c3:5f:0f:7f:74:02:7c:de:d3:0f:45:6b:f2:39:
         83:9a:c4:ec:52:e3:2d:d6:ab:db:5b:5d:e0:05:43:3c:cf:c9:
         25:77:dd:ec:b7:44:b3:49:5c:9a:3d:e1:1d:f4:46:ea:c1:a4:
         c2:bd:1f:6f:e3:6f:10:95:75:67:26:ac:3a:7e:83:71:16:e9:
         b5:b9:74:6d:42:97:e8:09:83:e3:c0:9c:57:f8:34:9f:53:ef:
         2f:42:72:bc:21:12:c6:68:87:1a:d4:37:f7:f4:6d:ed:1d:61:
         18:03:a2:50:4a:23:77:53:f9:71:00:d6:c6:95:e2:6f:86:3f:
         af:9b:66:34
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05CaJIyNUS3HiqyeFnJCOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWIwMTQ0ZDBmNmZmMGI4M2NjZTM3Njc5NDYzMTc0NWI3
Y2E3YTAwHhcNMjYwMzI5MTAwMDI1WhcNMjYwMzMwMTAwMDI1WjAzMTEwLwYDVQQD
EygxNDBmZjFlOWJiNDIzZTdhMTMxMGViYjAzN2MwNTMzMDQzMDQ2NzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJArt+5yvYfAjrpAb85YsoNwk9bQ
gyf9tuBdUj5+8YqOAdgESf8Tcfrh4Qbq7/PtcbjTYabHaMoOw1N38+ApxXlmZtBG
2A/6A8QO6JyFunLCDRCHmv3iek6fAJrbOuqGTaSkISeLZdzUaDocRvy/1nPz9vCe
TYHtexcRYty0MRui77TxKKwAYEq3MYtYdVR47GXagIo014+hi8VWIqOIIK9aOBrq
K7aPAgou+ILzUubvRcB/Bsj3yb03xftK+7SHJ0PgvkkC7+RPs7WfYVcugEVGsxs1
UGrjLX9Qd3lmG3/CTrBbPlufJv3zQZMvs6AeThmiz5JqJV2ix3MS2oqtXwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBQP8em7Qj56ExDrsDfAUzBDBGcDMB8GA1UdIwQY
MBaAFDobAUTQ9v8Lg8zjdnlGMXRbfKegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEt
MjUwNTQ0Mjc3ZDVjLzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEtMjUwNTQ0Mjc3ZDVj
LzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAEKsyiqPw
gAA8iyU5gHabMxO02tMkoVtQU6wWHTYRlueNXcRpcIXD0hcI/yLe0btxCD+mnpsf
tc/L55ZsfbGbGUxieS17jrv1eGM0V3QsLDKiQBXCB0GiCPBoXfJlLIntUm/1fPPD
5+fYM3it/jgTwPRa9ELCrB6YFtVA6OlgkuSUscNfD390Anze0w9Fa/I5g5rE7FLj
Ldar21td4AVDPM/JJXfd7LdEs0lcmj3hHfRG6sGkwr0fb+NvEJV1ZyasOn6DcRbp
tbl0bUKX6AmD48CcV/g0n1PvL0JyvCESxmiHGtQ39/Rt7R1hGAOiUEojd1P5cQDW
xpXib4Y/r5tmNA==
-----END CERTIFICATE-----