Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft
File:                     oCUv6bQqZD9HflhGYZquiGkX7_s.mft (raw, json)
Hash identifier:          2z1olDXyBxTIi0x9Gy1+7w9c8KELSCRzQnfySYTGg58=
Subject key identifier:   5F:22:7B:22:77:73:7A:96:84:A9:6A:2F:24:67:E4:79:17:2A:2C:67
Authority key identifier: A0:25:2F:E9:B4:2A:64:3F:47:7E:58:46:61:9A:AE:88:69:17:EF:FB
Certificate issuer:       /CN=a0252fe9b42a643f477e5846619aae886917effb
Certificate serial:       019D3940DAD653A677C5EBE254F1C911492B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oCUv6bQqZD9HflhGYZquiGkX7_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft
Manifest number:          1678
Signing time:             Sun 29 Mar 2026 11:00:44 +0000
Manifest this update:     Sun 29 Mar 2026 11:00:44 +0000
Manifest next update:     Mon 30 Mar 2026 11:00:44 +0000
Files and hashes:         1: oCUv6bQqZD9HflhGYZquiGkX7_s.crl (hash: OpPPkmtNsquWVO2rCak4NIHjIRtnZN+CgwZ34cBvK6Y=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oCUv6bQqZD9HflhGYZquiGkX7_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:40:da:d6:53:a6:77:c5:eb:e2:54:f1:c9:11:49:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0252fe9b42a643f477e5846619aae886917effb
        Validity
            Not Before: Mar 29 11:00:44 2026 GMT
            Not After : Mar 30 11:00:44 2026 GMT
        Subject: CN=5f227b2277737a9684a96a2f2467e479172a2c67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:40:f9:d8:51:5a:8b:2f:1b:d1:56:8e:09:2d:
                    81:f5:6a:c8:ca:cd:f0:24:e6:ab:6d:46:99:66:40:
                    b5:7c:28:aa:5e:ea:a8:c8:fa:5f:be:aa:87:c4:d0:
                    5e:84:97:44:1a:1d:51:c0:c7:f9:18:49:16:52:48:
                    75:34:88:03:8b:65:8a:d0:b9:cb:05:36:5c:64:71:
                    53:a6:71:cb:0e:dd:7d:cf:62:09:2f:9f:d2:15:5f:
                    45:f5:16:55:af:3f:c4:92:4d:5d:63:23:d0:e5:07:
                    be:4c:1b:88:85:43:3d:20:47:fb:fb:01:fa:54:dd:
                    75:a5:2d:d5:84:b3:c7:2a:b0:f5:3a:5d:0a:c8:0d:
                    95:81:6e:7d:77:8f:34:59:e7:97:2b:65:18:ba:8e:
                    b8:c2:ca:76:6a:69:76:31:1a:02:2f:13:5f:bb:10:
                    6a:3c:6d:bb:a5:7d:f6:08:4b:dc:d1:b9:8f:ad:f4:
                    f0:a6:c7:9f:e7:8d:50:1d:65:63:e2:b5:fe:c7:ba:
                    6b:3c:fe:16:61:ce:73:90:8d:01:3d:fb:d8:1f:f9:
                    36:d2:26:00:b8:1b:7a:98:06:96:91:57:6b:3d:e8:
                    41:c7:c4:88:56:27:95:07:4b:cd:17:9a:75:a2:72:
                    55:cb:7d:73:7f:6b:19:e4:dc:0c:ad:78:4f:0e:3d:
                    87:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:22:7B:22:77:73:7A:96:84:A9:6A:2F:24:67:E4:79:17:2A:2C:67
            X509v3 Authority Key Identifier:
                keyid:A0:25:2F:E9:B4:2A:64:3F:47:7E:58:46:61:9A:AE:88:69:17:EF:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oCUv6bQqZD9HflhGYZquiGkX7_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         22:7e:33:50:0a:a8:f4:fe:cd:f3:76:4d:83:50:4e:fc:a9:fa:
         a5:a2:25:84:a3:77:cc:1d:43:72:1e:10:e7:d3:af:11:4d:02:
         e4:9d:72:88:73:ca:c1:fe:63:51:83:87:a1:20:6b:32:5a:f4:
         b7:35:cd:98:46:e5:e9:ce:01:c8:6e:1a:32:6b:27:50:f5:1f:
         b7:56:f4:c4:71:57:59:10:dc:47:bb:82:d2:ca:69:f0:1e:ad:
         3d:06:ee:22:c5:39:63:51:d3:cf:07:b4:6b:1d:74:48:d1:5c:
         4c:88:d6:df:33:ff:92:37:bf:c0:cb:4c:12:a2:26:c7:6f:d5:
         eb:d5:f6:45:e4:23:a2:c9:98:25:b3:d8:f9:16:62:90:a2:9b:
         18:15:02:b0:b1:9a:b0:99:bf:fa:a1:5d:3e:7f:5d:f0:a3:72:
         7d:a1:02:27:b8:fd:fa:06:ed:81:96:9d:e6:bb:b7:43:4e:a6:
         02:f4:ec:22:d3:62:da:39:f6:18:a6:23:6e:54:e7:a2:2f:92:
         f2:66:13:90:b9:c3:70:3c:9e:f0:3e:42:52:a4:a0:9a:e0:a3:
         96:e8:a5:a1:7e:59:ef:b9:6e:0d:70:6c:4e:e2:7f:74:d9:49:
         76:43:f3:55:13:14:96:57:77:cd:ec:95:b0:06:2e:56:88:e9:
         d2:bc:be:3b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05QNrWU6Z3xeviVPHJEUkrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMjUyZmU5YjQyYTY0M2Y0NzdlNTg0NjYxOWFhZTg4Njkx
N2VmZmIwHhcNMjYwMzI5MTEwMDQ0WhcNMjYwMzMwMTEwMDQ0WjAzMTEwLwYDVQQD
Eyg1ZjIyN2IyMjc3NzM3YTk2ODRhOTZhMmYyNDY3ZTQ3OTE3MmEyYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00D52FFaiy8b0VaOCS2B9WrIys3w
JOarbUaZZkC1fCiqXuqoyPpfvqqHxNBehJdEGh1RwMf5GEkWUkh1NIgDi2WK0LnL
BTZcZHFTpnHLDt19z2IJL5/SFV9F9RZVrz/Ekk1dYyPQ5Qe+TBuIhUM9IEf7+wH6
VN11pS3VhLPHKrD1Ol0KyA2VgW59d480WeeXK2UYuo64wsp2aml2MRoCLxNfuxBq
PG27pX32CEvc0bmPrfTwpsef541QHWVj4rX+x7prPP4WYc5zkI0BPfvYH/k20iYA
uBt6mAaWkVdrPehBx8SIVieVB0vNF5p1onJVy31zf2sZ5NwMrXhPDj2HNQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFF8ieyJ3c3qWhKlqLyRn5HkXKixnMB8GA1UdIwQY
MBaAFKAlL+m0KmQ/R35YRmGarohpF+/7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0NVdjZiUXFaRDlIZmxoR1lacXVpR2tYN19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jOWNhNjUtOTI1My00ZmM0LTliYmYt
MDFkYzk0NGM0NDc3LzEvb0NVdjZiUXFaRDlIZmxoR1lacXVpR2tYN19zLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jOWNhNjUtOTI1My00ZmM0LTliYmYtMDFkYzk0NGM0NDc3
LzEvb0NVdjZiUXFaRDlIZmxoR1lacXVpR2tYN19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIn4zUAqo
9P7N83ZNg1BO/Kn6paIlhKN3zB1Dch4Q59OvEU0C5J1yiHPKwf5jUYOHoSBrMlr0
tzXNmEbl6c4ByG4aMmsnUPUft1b0xHFXWRDcR7uC0spp8B6tPQbuIsU5Y1HTzwe0
ax10SNFcTIjW3zP/kje/wMtMEqImx2/V69X2ReQjosmYJbPY+RZikKKbGBUCsLGa
sJm/+qFdPn9d8KNyfaECJ7j9+gbtgZad5ru3Q06mAvTsItNi2jn2GKYjblTnoi+S
8mYTkLnDcDye8D5CUqSgmuCjluiloX5Z77luDXBsTuJ/dNlJdkPzVRMUlld3zeyV
sAYuVojp0ry+Ow==
-----END CERTIFICATE-----