Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/8d9aa5-d52a-486f-b64c-7c605d32165d/1/lGIh95q-ptPAw0gGQlkN0K4Mqjs.mft
File:                     lGIh95q-ptPAw0gGQlkN0K4Mqjs.mft (raw, json)
Hash identifier:          cOTEyVbSlvomeaJkhFtNmO9XesWsz8pThywaznKeha0=
Subject key identifier:   19:E7:56:29:14:D8:A3:48:72:AB:69:3D:C4:21:54:88:24:87:C9:14
Authority key identifier: 94:62:21:F7:9A:BE:A6:D3:C0:C3:48:06:42:59:0D:D0:AE:0C:AA:3B
Certificate issuer:       /CN=946221f79abea6d3c0c3480642590dd0ae0caa3b
Certificate serial:       019D38664E01BAA95656FC4DCC7728DA8190
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lGIh95q-ptPAw0gGQlkN0K4Mqjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/8d9aa5-d52a-486f-b64c-7c605d32165d/1/lGIh95q-ptPAw0gGQlkN0K4Mqjs.mft
Manifest number:          158F
Signing time:             Sun 29 Mar 2026 07:02:01 +0000
Manifest this update:     Sun 29 Mar 2026 07:02:01 +0000
Manifest next update:     Mon 30 Mar 2026 07:02:01 +0000
Files and hashes:         1: lGIh95q-ptPAw0gGQlkN0K4Mqjs.crl (hash: 6KMT0Az/QnkCf6N9cLtfKvdkBQ34uRi1ICEuTe03Qaw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/8d9aa5-d52a-486f-b64c-7c605d32165d/1/lGIh95q-ptPAw0gGQlkN0K4Mqjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/8d9aa5-d52a-486f-b64c-7c605d32165d/1/lGIh95q-ptPAw0gGQlkN0K4Mqjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lGIh95q-ptPAw0gGQlkN0K4Mqjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:66:4e:01:ba:a9:56:56:fc:4d:cc:77:28:da:81:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=946221f79abea6d3c0c3480642590dd0ae0caa3b
        Validity
            Not Before: Mar 29 07:02:01 2026 GMT
            Not After : Mar 30 07:02:01 2026 GMT
        Subject: CN=19e7562914d8a34872ab693dc42154882487c914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:da:3d:ff:f7:ea:f9:33:a0:f1:36:77:c2:2d:
                    c1:48:d7:46:0c:76:2d:69:c2:75:16:b2:94:27:a9:
                    db:f3:b0:98:f9:88:8a:09:a2:79:de:ea:5b:23:8c:
                    9a:71:3a:a1:5d:c1:82:09:a7:d2:ef:8a:08:ec:34:
                    59:38:60:9d:c4:f6:3e:05:45:59:4e:26:52:ad:23:
                    02:85:27:60:b0:ce:22:84:01:36:1e:03:11:42:79:
                    ee:4b:33:4a:44:ef:32:7b:c8:a2:6b:6c:f8:65:bc:
                    a5:b3:4e:1e:e1:0e:f9:23:b9:01:f2:30:cc:47:b7:
                    18:20:82:55:67:e1:f7:e5:ef:c3:35:7c:7b:01:7c:
                    ab:c7:0e:a6:a9:c8:6d:85:8c:7d:ec:c9:0c:e9:31:
                    44:49:ff:29:0f:6b:32:c6:f9:a5:fd:c1:22:eb:d2:
                    5f:e9:b1:3f:2d:6c:da:fa:14:a0:e7:9a:71:60:65:
                    f0:ce:2d:91:84:08:cf:39:dd:d6:fc:09:aa:9c:4f:
                    78:0c:94:e5:fe:8a:8a:bc:89:0c:cf:32:70:25:93:
                    12:da:df:b1:8e:da:93:1e:f2:67:f2:fb:67:9b:c9:
                    68:db:b5:ce:23:90:e5:a6:e7:54:d9:f5:8a:5a:da:
                    a7:de:04:46:1d:7c:90:e0:6b:ef:31:31:7b:ef:5c:
                    ad:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E7:56:29:14:D8:A3:48:72:AB:69:3D:C4:21:54:88:24:87:C9:14
            X509v3 Authority Key Identifier:
                keyid:94:62:21:F7:9A:BE:A6:D3:C0:C3:48:06:42:59:0D:D0:AE:0C:AA:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lGIh95q-ptPAw0gGQlkN0K4Mqjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/8d9aa5-d52a-486f-b64c-7c605d32165d/1/lGIh95q-ptPAw0gGQlkN0K4Mqjs.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/8d9aa5-d52a-486f-b64c-7c605d32165d/1/lGIh95q-ptPAw0gGQlkN0K4Mqjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         95:86:9c:79:7e:91:3d:04:f3:a5:33:05:78:7d:7f:4e:44:fe:
         cc:6d:bf:48:ef:1f:49:d8:68:84:72:42:fe:e3:49:e7:f9:83:
         cd:e4:72:e3:f5:85:25:eb:3a:f9:28:06:11:7d:b0:30:4f:00:
         66:2b:9f:d7:f1:5b:87:b8:ee:ec:77:4a:ce:55:30:99:68:2f:
         ac:29:f4:d0:65:8d:cc:29:3a:f4:4b:47:19:4f:58:82:d2:f7:
         67:1f:94:82:a7:0a:95:1a:93:d2:27:39:1c:b6:af:99:02:ff:
         35:79:a3:d0:e8:53:4e:9a:57:1b:51:4f:e9:b5:c2:2e:0a:62:
         1d:40:c5:dd:21:ee:cf:4b:2e:28:1a:67:d3:1f:3c:dd:52:d0:
         a3:ba:eb:79:41:d4:3d:37:a0:0a:8f:11:d3:07:7c:f8:87:0a:
         9f:f5:b7:68:89:34:50:4f:da:fd:87:e1:53:1b:8d:36:3b:f9:
         c7:06:46:8d:f2:f6:7d:d5:44:ec:e8:a1:80:fd:3c:2a:e2:04:
         ac:5e:0b:ed:8f:f7:6e:99:cf:f8:5c:0d:d5:77:c1:dc:fd:08:
         06:62:9f:d7:19:4e:d6:f6:39:ee:d5:71:78:78:a4:09:35:d4:
         fc:bc:43:38:7d:d9:04:0f:b4:e6:55:b5:33:62:75:d3:88:04:
         a4:26:c7:dd
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04Zk4BuqlWVvxNzHco2oGQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NjIyMWY3OWFiZWE2ZDNjMGMzNDgwNjQyNTkwZGQwYWUw
Y2FhM2IwHhcNMjYwMzI5MDcwMjAxWhcNMjYwMzMwMDcwMjAxWjAzMTEwLwYDVQQD
EygxOWU3NTYyOTE0ZDhhMzQ4NzJhYjY5M2RjNDIxNTQ4ODI0ODdjOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNo9//fq+TOg8TZ3wi3BSNdGDHYt
acJ1FrKUJ6nb87CY+YiKCaJ53upbI4yacTqhXcGCCafS74oI7DRZOGCdxPY+BUVZ
TiZSrSMChSdgsM4ihAE2HgMRQnnuSzNKRO8ye8iia2z4Zbyls04e4Q75I7kB8jDM
R7cYIIJVZ+H35e/DNXx7AXyrxw6mqchthYx97MkM6TFESf8pD2syxvml/cEi69Jf
6bE/LWza+hSg55pxYGXwzi2RhAjPOd3W/AmqnE94DJTl/oqKvIkMzzJwJZMS2t+x
jtqTHvJn8vtnm8lo27XOI5DlpudU2fWKWtqn3gRGHXyQ4GvvMTF771ytuwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBnnVikU2KNIcqtpPcQhVIgkh8kUMB8GA1UdIwQY
MBaAFJRiIfeavqbTwMNIBkJZDdCuDKo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEdJaDk1cS1wdFBBdzBnR1Fsa04wSzRNcWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi84ZDlhYTUtZDUyYS00ODZmLWI2NGMt
N2M2MDVkMzIxNjVkLzEvbEdJaDk1cS1wdFBBdzBnR1Fsa04wSzRNcWpzLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi84ZDlhYTUtZDUyYS00ODZmLWI2NGMtN2M2MDVkMzIxNjVk
LzEvbEdJaDk1cS1wdFBBdzBnR1Fsa04wSzRNcWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlYaceX6R
PQTzpTMFeH1/TkT+zG2/SO8fSdhohHJC/uNJ5/mDzeRy4/WFJes6+SgGEX2wME8A
Ziuf1/Fbh7ju7HdKzlUwmWgvrCn00GWNzCk69EtHGU9YgtL3Zx+UgqcKlRqT0ic5
HLavmQL/NXmj0OhTTppXG1FP6bXCLgpiHUDF3SHuz0suKBpn0x883VLQo7rreUHU
PTegCo8R0wd8+IcKn/W3aIk0UE/a/YfhUxuNNjv5xwZGjfL2fdVE7OihgP08KuIE
rF4L7Y/3bpnP+FwN1XfB3P0IBmKf1xlO1vY57tVxeHikCTXU/LxDOH3ZBA+05lW1
M2J104gEpCbH3Q==
-----END CERTIFICATE-----