Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft
File:                     BZqsWXzkoNE7edIrO_GKSJnddk8.mft (raw, json)
Hash identifier:          ydwdzl4BopBcVyi9EPtreSG6jCqr2dzWHM+LJ75Fb2E=
Subject key identifier:   52:4F:9E:A0:47:D2:B2:B7:99:81:BF:4C:95:2B:AB:09:04:2C:95:9F
Authority key identifier: 05:9A:AC:59:7C:E4:A0:D1:3B:79:D2:2B:3B:F1:8A:48:99:DD:76:4F
Certificate issuer:       /CN=059aac597ce4a0d13b79d22b3bf18a4899dd764f
Certificate serial:       019D38D33D07896823EF973E23E2064C7F52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZqsWXzkoNE7edIrO_GKSJnddk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft
Manifest number:          0D1D
Signing time:             Sun 29 Mar 2026 09:01:00 +0000
Manifest this update:     Sun 29 Mar 2026 09:01:00 +0000
Manifest next update:     Mon 30 Mar 2026 09:01:00 +0000
Files and hashes:         1: BZqsWXzkoNE7edIrO_GKSJnddk8.crl (hash: pnDI5FoIvctmR9nZDT7HBXLQxZmueLey6ueEXJCsiys=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZqsWXzkoNE7edIrO_GKSJnddk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:d3:3d:07:89:68:23:ef:97:3e:23:e2:06:4c:7f:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=059aac597ce4a0d13b79d22b3bf18a4899dd764f
        Validity
            Not Before: Mar 29 09:01:00 2026 GMT
            Not After : Mar 30 09:01:00 2026 GMT
        Subject: CN=524f9ea047d2b2b79981bf4c952bab09042c959f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:81:ac:ee:a3:62:a2:f4:dc:0d:0a:34:72:39:
                    bf:af:f1:e4:b8:32:28:61:19:00:a3:db:81:14:dc:
                    de:82:c9:0b:ef:14:3d:21:35:8a:4e:b5:79:84:d4:
                    fe:64:cb:6f:21:06:c3:cf:67:2e:35:44:d9:cb:a3:
                    5a:8f:63:44:a6:0e:4c:e5:05:2c:6f:0d:33:1c:5c:
                    70:32:5e:b9:65:5e:bd:ae:33:bf:47:d0:d5:9b:78:
                    d6:73:f1:99:c8:f2:25:a3:72:25:41:b8:8d:28:d5:
                    1c:94:1e:e5:74:b2:c1:15:a3:88:45:44:60:26:11:
                    c4:54:37:1c:79:e1:2b:97:2f:07:38:a6:81:e5:07:
                    bd:89:5f:ad:bf:bb:77:fc:d6:ad:84:9d:86:72:84:
                    af:c4:52:5b:66:0a:dd:f9:40:61:01:1c:5d:31:64:
                    79:ef:47:6f:81:bc:eb:b6:36:af:6c:73:67:4a:15:
                    9b:56:e0:2b:f4:23:1b:b7:22:03:a1:b0:bb:b5:3d:
                    b3:34:2a:76:8b:28:b9:4e:ab:9b:73:12:c6:2a:28:
                    09:70:85:13:ad:c1:d5:43:7a:68:93:60:3f:9d:3e:
                    09:80:48:f3:67:a3:25:0c:22:5a:d9:dc:23:37:52:
                    0c:d2:03:32:a3:b1:0a:3b:3b:eb:5c:2b:52:e8:69:
                    30:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:4F:9E:A0:47:D2:B2:B7:99:81:BF:4C:95:2B:AB:09:04:2C:95:9F
            X509v3 Authority Key Identifier:
                keyid:05:9A:AC:59:7C:E4:A0:D1:3B:79:D2:2B:3B:F1:8A:48:99:DD:76:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZqsWXzkoNE7edIrO_GKSJnddk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         9f:fd:e1:5d:d7:aa:b5:d7:a4:07:81:f7:13:a7:9e:19:58:c9:
         7a:8f:fd:0a:06:e1:66:d4:d6:86:9b:e0:a5:7b:61:a8:2d:c8:
         d3:d4:a9:8e:0f:e1:4c:f7:d4:c2:a0:c2:7a:3c:91:95:74:9c:
         ef:b7:f1:e8:ab:f7:fb:17:a8:0f:34:e2:7a:4a:fb:e7:6a:be:
         d3:24:e2:ec:2f:db:12:98:68:1f:96:9b:99:6a:72:db:83:7b:
         4e:6e:48:80:47:80:96:82:ab:da:6b:b7:de:4d:30:16:d4:23:
         6a:5b:f6:9e:76:d8:43:06:9e:ec:27:6c:90:1a:d8:20:3f:1b:
         8c:fc:4b:52:ff:43:c1:f0:09:80:de:a7:3a:e9:4b:a7:90:b5:
         10:77:37:b1:64:b2:3e:e8:a8:c2:d6:85:a3:bd:cb:da:07:b6:
         35:38:ea:bd:6d:1a:c5:2c:9e:bb:b6:40:90:13:89:8f:88:8c:
         17:52:cc:d3:db:13:40:fc:84:20:10:53:2f:a5:96:79:1b:4d:
         ca:14:07:96:8e:64:2d:e0:f0:10:d3:53:e3:62:20:42:a7:d5:
         44:9f:e5:09:4b:17:a4:42:b3:38:cf:73:74:49:05:9f:1b:3a:
         bb:09:d7:d6:03:d5:3f:c2:e9:e8:51:b1:ab:1c:8c:bd:8f:6f:
         8e:26:cc:59
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ040z0HiWgj75c+I+IGTH9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OWFhYzU5N2NlNGEwZDEzYjc5ZDIyYjNiZjE4YTQ4OTlk
ZDc2NGYwHhcNMjYwMzI5MDkwMTAwWhcNMjYwMzMwMDkwMTAwWjAzMTEwLwYDVQQD
Eyg1MjRmOWVhMDQ3ZDJiMmI3OTk4MWJmNGM5NTJiYWIwOTA0MmM5NTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4Gs7qNiovTcDQo0cjm/r/HkuDIo
YRkAo9uBFNzegskL7xQ9ITWKTrV5hNT+ZMtvIQbDz2cuNUTZy6Naj2NEpg5M5QUs
bw0zHFxwMl65ZV69rjO/R9DVm3jWc/GZyPIlo3IlQbiNKNUclB7ldLLBFaOIRURg
JhHEVDcceeErly8HOKaB5Qe9iV+tv7t3/NathJ2GcoSvxFJbZgrd+UBhARxdMWR5
70dvgbzrtjavbHNnShWbVuAr9CMbtyIDobC7tT2zNCp2iyi5TqubcxLGKigJcIUT
rcHVQ3pok2A/nT4JgEjzZ6MlDCJa2dwjN1IM0gMyo7EKOzvrXCtS6GkwfQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFJPnqBH0rK3mYG/TJUrqwkELJWfMB8GA1UdIwQY
MBaAFAWarFl85KDRO3nSKzvxikiZ3XZPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpxc1dYemtvTkU3ZWRJck9fR0tTSm5kZGs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iYWI4OWEtZDk5MC00ZmM3LTg2ZGQt
ZTJjODE2ZGI4MWNjLzEvQlpxc1dYemtvTkU3ZWRJck9fR0tTSm5kZGs4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iYWI4OWEtZDk5MC00ZmM3LTg2ZGQtZTJjODE2ZGI4MWNj
LzEvQlpxc1dYemtvTkU3ZWRJck9fR0tTSm5kZGs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAn/3hXdeq
tdekB4H3E6eeGVjJeo/9CgbhZtTWhpvgpXthqC3I09Spjg/hTPfUwqDCejyRlXSc
77fx6Kv3+xeoDzTiekr752q+0yTi7C/bEphoH5abmWpy24N7Tm5IgEeAloKr2mu3
3k0wFtQjalv2nnbYQwae7CdskBrYID8bjPxLUv9DwfAJgN6nOulLp5C1EHc3sWSy
PuiowtaFo73L2ge2NTjqvW0axSyeu7ZAkBOJj4iMF1LM09sTQPyEIBBTL6WWeRtN
yhQHlo5kLeDwENNT42IgQqfVRJ/lCUsXpEKzOM9zdEkFnxs6uwnX1gPVP8Lp6FGx
qxyMvY9vjibMWQ==
-----END CERTIFICATE-----