Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/608ede-09ae-4811-b109-e797b2d82b39/1/O5keroXFJmJwwx30GBqgerLge1Q.mft
File:                     O5keroXFJmJwwx30GBqgerLge1Q.mft (raw, json)
Hash identifier:          2lmcS1KN1elIBWlgXsBdwrvzzwbZcBZbA08o/MUREBE=
Subject key identifier:   4A:34:66:10:51:A8:7F:0C:08:94:34:56:35:B2:1A:9E:95:6A:E1:6C
Authority key identifier: 3B:99:1E:AE:85:C5:26:62:70:C3:1D:F4:18:1A:A0:7A:B2:E0:7B:54
Certificate issuer:       /CN=3b991eae85c5266270c31df4181aa07ab2e07b54
Certificate serial:       019D38661016835A59DC6C6D92946E79F733
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5keroXFJmJwwx30GBqgerLge1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/608ede-09ae-4811-b109-e797b2d82b39/1/O5keroXFJmJwwx30GBqgerLge1Q.mft
Manifest number:          0A20
Signing time:             Sun 29 Mar 2026 07:01:46 +0000
Manifest this update:     Sun 29 Mar 2026 07:01:46 +0000
Manifest next update:     Mon 30 Mar 2026 07:01:46 +0000
Files and hashes:         1: O5keroXFJmJwwx30GBqgerLge1Q.crl (hash: KTAOYKAtz2ThuaiFQ+yoz0xJsaBDQTEcn01pwQAeIDU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/608ede-09ae-4811-b109-e797b2d82b39/1/O5keroXFJmJwwx30GBqgerLge1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/608ede-09ae-4811-b109-e797b2d82b39/1/O5keroXFJmJwwx30GBqgerLge1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5keroXFJmJwwx30GBqgerLge1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:66:10:16:83:5a:59:dc:6c:6d:92:94:6e:79:f7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b991eae85c5266270c31df4181aa07ab2e07b54
        Validity
            Not Before: Mar 29 07:01:46 2026 GMT
            Not After : Mar 30 07:01:46 2026 GMT
        Subject: CN=4a34661051a87f0c0894345635b21a9e956ae16c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:51:6c:ab:6d:5f:29:49:e7:16:4b:0f:a3:b2:
                    f4:eb:9b:bf:8b:20:b4:df:e8:76:f2:e1:91:bc:14:
                    cf:88:71:b9:ed:64:0c:08:0f:d6:ae:56:9e:08:69:
                    c5:31:ab:b6:2e:2c:84:f9:1a:95:9c:39:8d:6e:df:
                    a0:72:d3:93:ab:5c:87:49:8a:50:6f:d9:30:c7:10:
                    27:1d:b8:ff:e6:31:0e:4b:c8:60:e2:c7:79:f3:31:
                    62:43:3d:8a:02:9e:88:cf:ea:75:dc:a7:4d:f9:3f:
                    b5:66:c7:49:e4:1b:66:e8:e0:7f:79:19:7a:7f:f1:
                    1a:c3:13:77:08:8f:d7:62:1e:ad:01:a1:74:f5:5c:
                    a1:c1:65:19:40:2e:77:fd:12:05:ca:4d:17:a8:d3:
                    49:c3:e3:b5:a7:a1:6f:37:b1:d8:9d:75:1c:4d:36:
                    e0:b6:fa:57:33:d8:f9:75:9a:7a:7f:f5:be:4a:8a:
                    db:67:31:7a:82:45:6b:3e:a2:75:66:64:97:54:2e:
                    9e:6b:96:7d:b7:70:6b:5c:39:bc:ae:ea:b2:54:5a:
                    f3:7f:fe:4d:78:e4:e4:5b:be:48:d7:62:14:0b:94:
                    74:b5:82:44:50:f3:3b:87:44:58:4d:50:34:92:41:
                    8b:c2:62:48:66:6f:df:50:f9:e3:f6:a5:67:fb:8e:
                    89:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:34:66:10:51:A8:7F:0C:08:94:34:56:35:B2:1A:9E:95:6A:E1:6C
            X509v3 Authority Key Identifier:
                keyid:3B:99:1E:AE:85:C5:26:62:70:C3:1D:F4:18:1A:A0:7A:B2:E0:7B:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5keroXFJmJwwx30GBqgerLge1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/608ede-09ae-4811-b109-e797b2d82b39/1/O5keroXFJmJwwx30GBqgerLge1Q.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/608ede-09ae-4811-b109-e797b2d82b39/1/O5keroXFJmJwwx30GBqgerLge1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         9f:b3:08:a2:ae:7e:b7:84:bb:40:ca:2a:c5:22:d0:b3:7c:98:
         03:09:9a:61:3a:e6:c1:90:83:87:bf:9b:00:f5:b6:5b:76:01:
         50:cb:34:51:04:4f:05:75:bd:6c:c4:43:cf:58:76:fe:59:98:
         9d:f5:ed:22:89:25:54:90:2a:08:b9:cc:f4:a8:1e:85:f9:f2:
         2b:86:d7:85:1f:ed:6a:c4:49:a1:fd:0e:d9:71:6e:32:ba:3b:
         1a:99:d4:f2:b5:aa:ba:36:58:7f:8d:41:5a:57:e8:85:65:ac:
         ff:8d:01:76:1d:9e:fc:57:3b:de:b4:a9:77:4c:73:28:4b:d8:
         39:0b:d7:0f:ce:b7:b9:72:a1:62:d6:e0:c4:11:ef:c3:60:73:
         c7:59:73:a7:d3:2f:63:06:0f:5a:7a:9c:3f:e2:1d:1b:8e:f3:
         80:0a:35:63:ba:8f:fd:d0:ab:fc:23:1b:fa:7e:80:d2:f6:cc:
         1a:4b:b5:1d:97:5e:75:42:c8:14:35:4b:30:27:9c:60:68:68:
         c5:57:00:85:b8:d5:d3:2a:d7:7e:45:f4:79:d3:6a:28:a3:25:
         a1:e5:40:9c:77:9a:8c:17:24:b5:53:85:25:ea:eb:66:d2:58:
         17:f8:43:f4:c0:18:dc:f9:43:c9:4c:71:ea:cd:c9:d8:65:c4:
         95:43:ea:dd
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04ZhAWg1pZ3GxtkpRuefczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOTkxZWFlODVjNTI2NjI3MGMzMWRmNDE4MWFhMDdhYjJl
MDdiNTQwHhcNMjYwMzI5MDcwMTQ2WhcNMjYwMzMwMDcwMTQ2WjAzMTEwLwYDVQQD
Eyg0YTM0NjYxMDUxYTg3ZjBjMDg5NDM0NTYzNWIyMWE5ZTk1NmFlMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVFsq21fKUnnFksPo7L065u/iyC0
3+h28uGRvBTPiHG57WQMCA/WrlaeCGnFMau2LiyE+RqVnDmNbt+gctOTq1yHSYpQ
b9kwxxAnHbj/5jEOS8hg4sd58zFiQz2KAp6Iz+p13KdN+T+1ZsdJ5Btm6OB/eRl6
f/EawxN3CI/XYh6tAaF09VyhwWUZQC53/RIFyk0XqNNJw+O1p6FvN7HYnXUcTTbg
tvpXM9j5dZp6f/W+SorbZzF6gkVrPqJ1ZmSXVC6ea5Z9t3BrXDm8ruqyVFrzf/5N
eOTkW75I12IUC5R0tYJEUPM7h0RYTVA0kkGLwmJIZm/fUPnj9qVn+46JTwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEo0ZhBRqH8MCJQ0VjWyGp6VauFsMB8GA1UdIwQY
MBaAFDuZHq6FxSZicMMd9BgaoHqy4HtUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVrZXJvWEZKbUp3d3gzMEdCcWdlckxnZTFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi82MDhlZGUtMDlhZS00ODExLWIxMDkt
ZTc5N2IyZDgyYjM5LzEvTzVrZXJvWEZKbUp3d3gzMEdCcWdlckxnZTFRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi82MDhlZGUtMDlhZS00ODExLWIxMDktZTc5N2IyZDgyYjM5
LzEvTzVrZXJvWEZKbUp3d3gzMEdCcWdlckxnZTFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAn7MIoq5+
t4S7QMoqxSLQs3yYAwmaYTrmwZCDh7+bAPW2W3YBUMs0UQRPBXW9bMRDz1h2/lmY
nfXtIoklVJAqCLnM9KgehfnyK4bXhR/tasRJof0O2XFuMro7GpnU8rWqujZYf41B
WlfohWWs/40Bdh2e/Fc73rSpd0xzKEvYOQvXD863uXKhYtbgxBHvw2Bzx1lzp9Mv
YwYPWnqcP+IdG47zgAo1Y7qP/dCr/CMb+n6A0vbMGku1HZdedULIFDVLMCecYGho
xVcAhbjV0yrXfkX0edNqKKMloeVAnHeajBcktVOFJerrZtJYF/hD9MAY3PlDyUxx
6s3J2GXElUPq3Q==
-----END CERTIFICATE-----