Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.mft
File:                     ONBDirVthCFxMbwG_jNeTHhD63k.mft (raw, json)
Hash identifier:          Wo/Oz6m5bJWpi6v0SHRKT17nQ8db2xjlKcUPI+EWqWc=
Subject key identifier:   95:D9:CC:94:04:B0:9B:84:9F:EA:47:58:09:B4:20:09:7D:48:5B:C7
Authority key identifier: 38:D0:43:8A:B5:6D:84:21:71:31:BC:06:FE:33:5E:4C:78:43:EB:79
Certificate issuer:       /CN=38d0438ab56d84217131bc06fe335e4c7843eb79
Certificate serial:       019D39E589101AB1A2CE372F20B287E41B38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ONBDirVthCFxMbwG_jNeTHhD63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.mft
Manifest number:          0595
Signing time:             Sun 29 Mar 2026 14:00:37 +0000
Manifest this update:     Sun 29 Mar 2026 14:00:37 +0000
Manifest next update:     Mon 30 Mar 2026 14:00:37 +0000
Files and hashes:         1: ONBDirVthCFxMbwG_jNeTHhD63k.crl (hash: uytOKy07hdaEUvy9V27gH/JAWdTN62swAhzeSa4BBzM=)
                          2: pSL3Mi5XEdAchUtMULvCKuIdKaM.roa (hash: PIsMvcROTvHOYMP/WBLkPzqoyaR6+wBcYymEnJhYyE4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ONBDirVthCFxMbwG_jNeTHhD63k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:e5:89:10:1a:b1:a2:ce:37:2f:20:b2:87:e4:1b:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38d0438ab56d84217131bc06fe335e4c7843eb79
        Validity
            Not Before: Mar 29 14:00:37 2026 GMT
            Not After : Mar 30 14:00:37 2026 GMT
        Subject: CN=95d9cc9404b09b849fea475809b420097d485bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1b:a1:75:c2:1f:40:e7:d8:55:6e:e4:40:ca:
                    f1:e0:39:70:6d:ae:ca:f7:3c:04:96:06:e7:a2:e0:
                    fe:a5:ff:6c:30:b2:24:71:80:3e:98:b9:6b:f9:6b:
                    8c:cc:28:18:7d:43:5d:29:7d:2e:af:fb:33:c7:52:
                    48:f5:dd:53:30:e2:1c:65:24:d2:c0:6a:84:db:e2:
                    15:cb:8d:ac:7e:6b:46:3a:97:02:a4:c4:a9:c3:a3:
                    92:81:ff:f1:45:3f:76:c2:38:3c:35:9f:04:00:3d:
                    a8:90:ca:bc:a9:93:90:25:a5:bc:19:42:e4:e1:5f:
                    76:96:22:c3:f9:ab:5b:35:c6:5e:e2:ff:72:c6:fc:
                    69:57:9a:43:01:78:09:01:84:cb:4a:f2:5b:8e:90:
                    5a:5f:84:b3:87:f4:09:30:bf:01:38:6e:06:e3:4b:
                    cf:24:e5:f9:b3:ee:83:4b:03:9f:71:4f:98:5d:f6:
                    a8:72:fc:66:49:df:e4:8c:f4:e3:32:fd:b7:14:83:
                    91:34:e6:bb:dd:b0:ca:1b:3e:f4:a8:82:f8:9d:7d:
                    24:0a:97:b3:00:1a:85:54:1d:3b:99:fe:b0:a6:43:
                    25:71:f9:ff:b5:65:76:c4:54:90:28:f5:00:fd:8b:
                    d4:7d:33:b3:e3:71:0e:b9:78:19:b9:b4:84:56:50:
                    e0:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:D9:CC:94:04:B0:9B:84:9F:EA:47:58:09:B4:20:09:7D:48:5B:C7
            X509v3 Authority Key Identifier:
                keyid:38:D0:43:8A:B5:6D:84:21:71:31:BC:06:FE:33:5E:4C:78:43:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ONBDirVthCFxMbwG_jNeTHhD63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/fe1a8c-9585-4291-9df1-d9e6c5f0d288/1/ONBDirVthCFxMbwG_jNeTHhD63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         38:bb:26:f8:32:92:93:0a:e3:5c:70:bc:f7:2c:1f:f2:a4:24:
         76:1a:f3:a9:a7:a2:8e:8f:f2:93:0c:cf:ce:41:e5:e5:9d:15:
         6f:f2:8a:86:0b:44:86:d7:08:52:86:86:a1:e6:75:81:b1:ec:
         86:d3:5b:35:e9:23:41:56:ee:36:b3:22:c5:b1:49:56:9d:89:
         3f:10:8e:6a:c2:9d:c5:11:aa:cc:9d:d4:90:04:64:00:72:52:
         45:ed:da:90:4b:9e:b5:9f:36:fd:a0:eb:9b:a5:52:9c:60:b8:
         8a:af:9b:d9:f2:16:ad:2a:ea:82:67:10:db:ee:b2:7f:f5:10:
         3a:1e:76:86:1e:34:09:66:c6:6a:30:f2:73:32:26:cd:b1:a0:
         43:b8:1a:dc:29:bf:67:dc:75:cc:a8:41:b4:35:40:92:99:8d:
         5e:aa:a0:46:03:08:d0:94:b2:66:75:bf:c1:60:fd:d5:7f:08:
         7c:ed:e6:f0:29:6a:bb:ca:da:2c:6b:de:ac:20:f2:56:0c:1b:
         1c:89:3f:8c:43:a4:ce:bd:c0:97:70:93:06:0b:52:50:a3:d7:
         2e:0c:06:be:e0:8a:8d:a5:fd:4f:7d:eb:08:08:4f:96:ed:a8:
         30:7d:25:42:47:68:6f:53:7e:97:6d:c7:e1:75:e1:53:49:d8:
         7d:c9:7c:3a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ055YkQGrGizjcvILKH5Bs4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZDA0MzhhYjU2ZDg0MjE3MTMxYmMwNmZlMzM1ZTRjNzg0
M2ViNzkwHhcNMjYwMzI5MTQwMDM3WhcNMjYwMzMwMTQwMDM3WjAzMTEwLwYDVQQD
Eyg5NWQ5Y2M5NDA0YjA5Yjg0OWZlYTQ3NTgwOWI0MjAwOTdkNDg1YmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBuhdcIfQOfYVW7kQMrx4Dlwba7K
9zwElgbnouD+pf9sMLIkcYA+mLlr+WuMzCgYfUNdKX0ur/szx1JI9d1TMOIcZSTS
wGqE2+IVy42sfmtGOpcCpMSpw6OSgf/xRT92wjg8NZ8EAD2okMq8qZOQJaW8GULk
4V92liLD+atbNcZe4v9yxvxpV5pDAXgJAYTLSvJbjpBaX4Szh/QJML8BOG4G40vP
JOX5s+6DSwOfcU+YXfaocvxmSd/kjPTjMv23FIORNOa73bDKGz70qIL4nX0kCpez
ABqFVB07mf6wpkMlcfn/tWV2xFSQKPUA/YvUfTOz43EOuXgZubSEVlDgZwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJXZzJQEsJuEn+pHWAm0IAl9SFvHMB8GA1UdIwQY
MBaAFDjQQ4q1bYQhcTG8Bv4zXkx4Q+t5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT05CRGlyVnRoQ0Z4TWJ3R19qTmVUSGhENjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9mZTFhOGMtOTU4NS00MjkxLTlkZjEt
ZDllNmM1ZjBkMjg4LzEvT05CRGlyVnRoQ0Z4TWJ3R19qTmVUSGhENjNrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9mZTFhOGMtOTU4NS00MjkxLTlkZjEtZDllNmM1ZjBkMjg4
LzEvT05CRGlyVnRoQ0Z4TWJ3R19qTmVUSGhENjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAOLsm+DKS
kwrjXHC89ywf8qQkdhrzqaeijo/ykwzPzkHl5Z0Vb/KKhgtEhtcIUoaGoeZ1gbHs
htNbNekjQVbuNrMixbFJVp2JPxCOasKdxRGqzJ3UkARkAHJSRe3akEuetZ82/aDr
m6VSnGC4iq+b2fIWrSrqgmcQ2+6yf/UQOh52hh40CWbGajDyczImzbGgQ7ga3Cm/
Z9x1zKhBtDVAkpmNXqqgRgMI0JSyZnW/wWD91X8IfO3m8Clqu8raLGverCDyVgwb
HIk/jEOkzr3Al3CTBgtSUKPXLgwGvuCKjaX9T33rCAhPlu2oMH0lQkdob1N+l23H
4XXhU0nYfcl8Og==
-----END CERTIFICATE-----
Generated at Sun Mar 29 16:59:33 2026 by rpki-client