Manifest
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.mft
File: OpL12TZ1K68tDfcTKZSZzs-p9I0.mft (raw, json)
Hash identifier: g2iaHC9t8H9yJr1HzxyW4AyJFzrn/ZR3FRAYtmBMn1w=
Subject key identifier: 20:25:0D:F4:19:80:A1:2E:AD:CC:AC:24:BD:1F:E3:05:51:14:34:98
Authority key identifier: 3A:92:F5:D9:36:75:2B:AF:2D:0D:F7:13:29:94:99:CE:CF:A9:F4:8D
Certificate issuer: /CN=3a92f5d936752baf2d0df713299499cecfa9f48d
Certificate serial: 019D3752BF7B274660E6B01B5EA6C4FB166F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OpL12TZ1K68tDfcTKZSZzs-p9I0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.mft
Manifest number: 1895
Signing time: Sun 29 Mar 2026 02:01:02 +0000
Manifest this update: Sun 29 Mar 2026 02:01:02 +0000
Manifest next update: Mon 30 Mar 2026 02:01:02 +0000
Files and hashes: 1: LAK8MpI2c0abasjZoSw7_w7kgs4.roa (hash: clU497fVHM51q9eiZ1bT8jJiNXCByxpgSNSxbj5Sv9U=)
2: OpL12TZ1K68tDfcTKZSZzs-p9I0.crl (hash: WAhSdsSGzqC6+8DgSJ+nGnw+24KXK0CCuTouNezk+sI=)
3: jksHLXQsL8kIaSdyy1KKgItGkLM.roa (hash: SvVYKXT2yItHZ/QXEnN9YsWJ7pv9MmMOoAi6wKxSVaU=)
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.crl
rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.mft
rsync://rpki.ripe.net/repository/DEFAULT/OpL12TZ1K68tDfcTKZSZzs-p9I0.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 30 Mar 2026 02:01:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:37:52:bf:7b:27:46:60:e6:b0:1b:5e:a6:c4:fb:16:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a92f5d936752baf2d0df713299499cecfa9f48d
Validity
Not Before: Mar 29 02:01:02 2026 GMT
Not After : Mar 30 02:01:02 2026 GMT
Subject: CN=20250df41980a12eadccac24bd1fe30551143498
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:97:5f:b8:24:f7:18:bf:18:db:bd:65:49:62:
b0:b8:b7:51:ca:a1:7e:8c:df:39:05:fe:79:4a:91:
61:2b:fb:b7:3e:68:bf:64:76:fc:14:59:c4:00:e6:
9b:11:04:1a:58:0b:3b:ed:90:66:29:53:84:e0:3b:
bf:2f:7a:92:40:68:4e:aa:b4:43:10:f5:f8:0c:b3:
07:15:46:f4:53:1f:f6:a2:f4:f7:eb:28:c7:98:2a:
4b:ee:a8:08:d2:fc:0a:87:b1:da:da:23:49:ae:b0:
0f:b2:f9:86:7a:13:25:02:e6:eb:27:32:a0:e7:e5:
f4:53:e6:40:86:e7:fc:4f:f8:37:5c:65:cc:14:b2:
1b:63:19:6a:96:0e:c7:c0:82:9d:16:d2:51:83:f4:
3e:f9:89:30:8c:f0:92:84:53:77:55:7b:2f:9c:c4:
79:25:80:4d:92:97:5a:4b:78:b0:0c:39:cc:b2:63:
8f:fc:14:1b:3a:7a:9b:71:b5:cc:88:d0:9c:32:4d:
86:ee:75:58:6e:da:d1:fc:e8:16:90:ed:91:7d:4b:
d2:c6:73:1c:de:3a:d0:a1:ff:61:22:6c:53:02:a1:
07:27:f1:23:23:bd:19:64:13:7c:e9:5d:d0:ab:6b:
95:4a:be:fe:1c:92:f3:2b:b5:b8:57:56:1c:9e:93:
c0:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:25:0D:F4:19:80:A1:2E:AD:CC:AC:24:BD:1F:E3:05:51:14:34:98
X509v3 Authority Key Identifier:
keyid:3A:92:F5:D9:36:75:2B:AF:2D:0D:F7:13:29:94:99:CE:CF:A9:F4:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpL12TZ1K68tDfcTKZSZzs-p9I0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.mft
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7cd157-c58f-4cb9-8252-1696b246cd50/1/OpL12TZ1K68tDfcTKZSZzs-p9I0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4: inherit
IPv6: inherit
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
inherit
Signature Algorithm: sha256WithRSAEncryption
03:fb:3a:b2:3b:25:30:e6:50:41:cf:28:98:d6:29:d4:14:19:
5c:3e:36:b8:69:f6:ff:4e:fa:fa:1a:59:37:9c:93:a7:16:e2:
16:53:57:f7:f8:fd:99:34:2f:dd:28:42:bf:c4:be:f5:35:45:
69:a4:0b:a6:1a:dd:12:35:5c:e1:36:f3:68:fd:8e:5e:2b:be:
21:c9:a5:44:3b:af:c4:e0:a5:bc:88:ad:86:a0:db:10:f8:a9:
35:43:22:d3:5c:ef:aa:f8:47:c9:95:90:af:66:5d:8d:3a:17:
af:14:c9:37:18:31:58:3c:44:b0:1e:83:11:67:91:76:bd:48:
62:95:1f:a7:c4:53:c4:de:a6:f0:9d:3b:05:c5:06:f5:3f:d1:
55:80:2b:7b:ae:ff:12:c9:4c:f9:58:ef:39:9e:c2:57:86:30:
71:80:84:2d:20:f1:6c:af:78:75:69:aa:17:56:c8:dd:6d:d4:
43:8e:a9:fc:aa:bc:26:f7:2a:4b:41:09:92:ab:5c:39:f2:b2:
e7:89:7b:d5:53:00:e9:2f:72:5f:38:15:74:7e:08:00:6c:5e:
5d:87:90:c4:2d:28:d7:f5:b1:a2:f0:30:e3:66:c5:93:a4:d6:
e8:f6:fa:29:96:ab:81:56:34:56:3f:c4:02:4e:25:bd:91:e3:
35:5e:54:5b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ03Ur97J0Zg5rAbXqbE+xZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhOTJmNWQ5MzY3NTJiYWYyZDBkZjcxMzI5OTQ5OWNlY2Zh
OWY0OGQwHhcNMjYwMzI5MDIwMTAyWhcNMjYwMzMwMDIwMTAyWjAzMTEwLwYDVQQD
EygyMDI1MGRmNDE5ODBhMTJlYWRjY2FjMjRiZDFmZTMwNTUxMTQzNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJdfuCT3GL8Y271lSWKwuLdRyqF+
jN85Bf55SpFhK/u3Pmi/ZHb8FFnEAOabEQQaWAs77ZBmKVOE4Du/L3qSQGhOqrRD
EPX4DLMHFUb0Ux/2ovT36yjHmCpL7qgI0vwKh7Ha2iNJrrAPsvmGehMlAubrJzKg
5+X0U+ZAhuf8T/g3XGXMFLIbYxlqlg7HwIKdFtJRg/Q++YkwjPCShFN3VXsvnMR5
JYBNkpdaS3iwDDnMsmOP/BQbOnqbcbXMiNCcMk2G7nVYbtrR/OgWkO2RfUvSxnMc
3jrQof9hImxTAqEHJ/EjI70ZZBN86V3Qq2uVSr7+HJLzK7W4V1YcnpPApQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCAlDfQZgKEurcysJL0f4wVRFDSYMB8GA1UdIwQY
MBaAFDqS9dk2dSuvLQ33EymUmc7PqfSNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3BMMTJUWjFLNjh0RGZjVEtaU1p6cy1wOUkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83Y2QxNTctYzU4Zi00Y2I5LTgyNTIt
MTY5NmIyNDZjZDUwLzEvT3BMMTJUWjFLNjh0RGZjVEtaU1p6cy1wOUkwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83Y2QxNTctYzU4Zi00Y2I5LTgyNTItMTY5NmIyNDZjZDUw
LzEvT3BMMTJUWjFLNjh0RGZjVEtaU1p6cy1wOUkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAA/s6sjsl
MOZQQc8omNYp1BQZXD42uGn2/076+hpZN5yTpxbiFlNX9/j9mTQv3ShCv8S+9TVF
aaQLphrdEjVc4TbzaP2OXiu+IcmlRDuvxOClvIithqDbEPipNUMi01zvqvhHyZWQ
r2ZdjToXrxTJNxgxWDxEsB6DEWeRdr1IYpUfp8RTxN6m8J07BcUG9T/RVYAre67/
EslM+VjvOZ7CV4YwcYCELSDxbK94dWmqF1bI3W3UQ46p/Kq8JvcqS0EJkqtcOfKy
54l71VMA6S9yXzgVdH4IAGxeXYeQxC0o1/WxovAw42bFk6TW6Pb6KZargVY0Vj/E
Ak4lvZHjNV5UWw==
-----END CERTIFICATE-----
Generated at Sun Mar 29 12:37:45 2026 by rpki-client