Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
File:                     2bN6OM6IfTdjYEau84ehwjMVLkE.mft (raw, json)
Hash identifier:          q0XoFN5ytGL68LYwIm/ddea4l+7FNjoFkLqvZx74F1I=
Subject key identifier:   95:C5:A5:5C:BA:14:4E:20:9E:0B:85:38:EF:2B:AE:71:11:F8:7F:FB
Authority key identifier: D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41
Certificate issuer:       /CN=d9b37a38ce887d37636046aef387a1c233152e41
Certificate serial:       019D3866955CF92A41251312497902D7FC0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
Manifest number:          0920
Signing time:             Sun 29 Mar 2026 07:02:20 +0000
Manifest this update:     Sun 29 Mar 2026 07:02:20 +0000
Manifest next update:     Mon 30 Mar 2026 07:02:20 +0000
Files and hashes:         1: 2bN6OM6IfTdjYEau84ehwjMVLkE.crl (hash: rdWO3BoJ76BYOMvseoiMGO6yzkbT62TzkEX8CCqQq+4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:66:95:5c:f9:2a:41:25:13:12:49:79:02:d7:fc:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9b37a38ce887d37636046aef387a1c233152e41
        Validity
            Not Before: Mar 29 07:02:20 2026 GMT
            Not After : Mar 30 07:02:20 2026 GMT
        Subject: CN=95c5a55cba144e209e0b8538ef2bae7111f87ffb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d1:14:56:b5:a2:8b:bc:7e:01:6b:c0:d1:e9:
                    e3:4d:2d:f7:99:c9:6d:0f:73:9b:c0:d1:00:89:e7:
                    45:88:56:ff:d1:d4:8e:7b:2e:32:8f:89:3c:16:8d:
                    32:70:e8:f5:7d:da:40:56:3d:f8:63:e6:38:63:5c:
                    f0:b7:40:62:6c:f6:64:ec:67:8d:6d:3d:f5:d4:04:
                    48:83:11:96:c3:e6:59:9b:8c:0d:76:b3:fa:ff:34:
                    95:88:b2:2e:fe:a6:66:05:52:f2:80:0e:48:ce:76:
                    82:66:89:6f:0c:b9:6e:e5:0f:b7:19:bf:fc:75:80:
                    36:a6:46:45:cb:0f:c1:29:fc:17:8f:67:77:7d:78:
                    55:47:c6:62:90:32:a2:05:3b:31:27:20:fe:7d:30:
                    66:52:1f:ae:ba:d5:85:2b:d4:66:be:fc:40:cf:20:
                    e2:b2:07:fc:02:00:29:cd:dc:28:92:6e:fe:6f:b3:
                    2f:1c:c4:db:d5:67:48:5e:f9:52:72:13:ed:cb:5c:
                    f9:47:6e:dd:a4:d2:df:b1:8c:65:f4:c1:73:ca:7c:
                    3e:29:f2:a1:83:0f:25:1a:46:26:2f:7e:cc:f3:9e:
                    36:03:87:fe:05:f7:63:09:6b:ad:04:83:75:cb:b6:
                    44:fd:86:cf:20:95:e8:6e:ff:ef:c6:b4:ac:e9:0d:
                    bd:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:C5:A5:5C:BA:14:4E:20:9E:0B:85:38:EF:2B:AE:71:11:F8:7F:FB
            X509v3 Authority Key Identifier:
                keyid:D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         78:79:a3:0e:05:ec:40:7f:5b:4e:d8:18:0a:68:e0:e5:25:8e:
         41:f8:23:d6:85:bf:b1:60:a6:9a:a5:81:35:d6:30:cc:99:59:
         a2:91:95:72:e1:cf:1f:2f:f1:c5:fe:33:df:6d:2b:b6:f1:36:
         4a:ef:e4:88:6a:f6:1b:ba:1a:a7:6a:09:e5:25:b0:64:4f:86:
         74:79:56:50:56:b4:53:75:c2:d9:65:93:a4:24:b7:2f:bc:da:
         35:62:ac:d7:a3:bf:cd:82:bf:a0:92:6b:e7:81:04:3b:25:fb:
         7d:2c:48:eb:65:5e:b9:09:2d:73:bf:4f:44:fc:ea:f2:63:79:
         b8:49:f8:d8:d3:1a:54:9c:6c:d6:14:98:96:1e:83:38:02:23:
         e5:e3:54:06:73:d1:b4:ad:cd:d6:1a:c4:61:5c:22:57:16:f9:
         ed:71:aa:f2:ab:22:be:a4:82:ef:43:6c:09:e1:ee:2b:09:d1:
         5d:ac:99:c8:9e:0a:9e:90:17:4d:6a:31:09:8d:a5:1d:fc:a6:
         9b:d0:d3:f3:82:86:45:2f:2c:bd:66:1c:98:25:0f:83:96:fe:
         21:58:37:50:fd:d6:f4:a9:65:b2:a1:e5:7e:79:2a:1f:c4:9b:
         10:ad:f5:86:f5:b4:38:23:1b:cc:f7:af:0e:ac:40:6e:4e:17:
         52:95:73:0d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04ZpVc+SpBJRMSSXkC1/wPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YjM3YTM4Y2U4ODdkMzc2MzYwNDZhZWYzODdhMWMyMzMx
NTJlNDEwHhcNMjYwMzI5MDcwMjIwWhcNMjYwMzMwMDcwMjIwWjAzMTEwLwYDVQQD
Eyg5NWM1YTU1Y2JhMTQ0ZTIwOWUwYjg1MzhlZjJiYWU3MTExZjg3ZmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNEUVrWii7x+AWvA0enjTS33mclt
D3ObwNEAiedFiFb/0dSOey4yj4k8Fo0ycOj1fdpAVj34Y+Y4Y1zwt0BibPZk7GeN
bT311ARIgxGWw+ZZm4wNdrP6/zSViLIu/qZmBVLygA5IznaCZolvDLlu5Q+3Gb/8
dYA2pkZFyw/BKfwXj2d3fXhVR8ZikDKiBTsxJyD+fTBmUh+uutWFK9RmvvxAzyDi
sgf8AgApzdwokm7+b7MvHMTb1WdIXvlSchPty1z5R27dpNLfsYxl9MFzynw+KfKh
gw8lGkYmL37M8542A4f+BfdjCWutBIN1y7ZE/YbPIJXobv/vxrSs6Q29ywIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJXFpVy6FE4gnguFOO8rrnER+H/7MB8GA1UdIwQY
MBaAFNmzejjOiH03Y2BGrvOHocIzFS5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgt
ZDZhYWM2MTM4MzBiLzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgtZDZhYWM2MTM4MzBi
LzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAeHmjDgXs
QH9bTtgYCmjg5SWOQfgj1oW/sWCmmqWBNdYwzJlZopGVcuHPHy/xxf4z320rtvE2
Su/kiGr2G7oap2oJ5SWwZE+GdHlWUFa0U3XC2WWTpCS3L7zaNWKs16O/zYK/oJJr
54EEOyX7fSxI62VeuQktc79PRPzq8mN5uEn42NMaVJxs1hSYlh6DOAIj5eNUBnPR
tK3N1hrEYVwiVxb57XGq8qsivqSC70NsCeHuKwnRXayZyJ4KnpAXTWoxCY2lHfym
m9DT84KGRS8svWYcmCUPg5b+IVg3UP3W9KllsqHlfnkqH8SbEK31hvW0OCMbzPev
DqxAbk4XUpVzDQ==
-----END CERTIFICATE-----