Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/9bd669-2abb-499b-a91f-4445a4d786d4/1/2LlxoaILZPFCUYAfj0NKQHX36pE.mft
File:                     2LlxoaILZPFCUYAfj0NKQHX36pE.mft (raw, json)
Hash identifier:          uMJetvcP7TqXu3fs/3dxaVXd1k0LFEwbDkDM1c5FD3w=
Subject key identifier:   9B:44:5F:58:86:E6:AC:8E:DD:70:29:85:70:8E:38:BF:01:86:F1:B1
Authority key identifier: D8:B9:71:A1:A2:0B:64:F1:42:51:80:1F:8F:43:4A:40:75:F7:EA:91
Certificate issuer:       /CN=d8b971a1a20b64f14251801f8f434a4075f7ea91
Certificate serial:       019A71EED104BFFB5CD27024782CFD597C7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2LlxoaILZPFCUYAfj0NKQHX36pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/9bd669-2abb-499b-a91f-4445a4d786d4/1/2LlxoaILZPFCUYAfj0NKQHX36pE.mft
Manifest number:          03CE
Signing time:             Tue 11 Nov 2025 08:01:07 +0000
Manifest this update:     Tue 11 Nov 2025 08:01:07 +0000
Manifest next update:     Wed 12 Nov 2025 08:01:07 +0000
Files and hashes:         1: 2LlxoaILZPFCUYAfj0NKQHX36pE.crl (hash: DwyFb8hpSAmerVYoXCzFO/vowZyCZpuv8D8K2TK4jmo=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/9bd669-2abb-499b-a91f-4445a4d786d4/1/2LlxoaILZPFCUYAfj0NKQHX36pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/9bd669-2abb-499b-a91f-4445a4d786d4/1/2LlxoaILZPFCUYAfj0NKQHX36pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2LlxoaILZPFCUYAfj0NKQHX36pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 08:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:ee:d1:04:bf:fb:5c:d2:70:24:78:2c:fd:59:7c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8b971a1a20b64f14251801f8f434a4075f7ea91
        Validity
            Not Before: Nov 11 08:01:07 2025 GMT
            Not After : Nov 12 08:01:07 2025 GMT
        Subject: CN=9b445f5886e6ac8edd702985708e38bf0186f1b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5b:1e:99:ac:56:c2:f0:19:e3:d2:ff:bf:6a:
                    01:57:00:cd:58:fd:d9:fa:97:38:48:bb:81:9d:6c:
                    88:50:e5:3c:9b:d0:94:be:6f:03:20:e1:84:42:78:
                    55:c5:a1:8d:3e:2e:6d:e9:98:e5:88:44:a0:51:20:
                    fc:3b:1a:ff:f3:ae:ae:13:80:52:a9:d4:e8:28:bc:
                    7e:c8:3b:b3:13:f1:37:2a:e4:27:6e:34:d9:11:56:
                    7d:2b:c7:ef:5b:40:c7:28:08:3c:90:cb:b7:63:0b:
                    8f:fe:be:64:7c:1f:9e:7d:d9:d7:29:8b:b4:24:58:
                    f6:4a:a3:56:97:f6:5b:36:31:44:66:b4:07:e7:06:
                    61:60:f4:a8:a0:ad:62:e7:bf:96:ca:43:8e:fe:65:
                    97:80:e0:cf:e4:f2:2e:0b:19:ca:32:7c:c2:6d:05:
                    92:b9:aa:f7:10:d4:ba:eb:d2:23:ef:22:29:a4:49:
                    f2:d1:8f:52:8e:61:ff:42:c6:56:f7:21:dd:b7:ef:
                    49:9c:a9:5f:67:61:d2:9f:6a:29:ec:8f:84:8f:84:
                    42:07:4e:c3:a8:1a:3f:89:82:9f:a6:cc:80:6d:ee:
                    ce:72:dc:5f:60:16:5d:ee:6a:c9:a4:80:14:e0:71:
                    0c:6b:9d:05:2f:db:79:42:6a:e7:b4:5c:dd:43:c4:
                    d1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:44:5F:58:86:E6:AC:8E:DD:70:29:85:70:8E:38:BF:01:86:F1:B1
            X509v3 Authority Key Identifier:
                keyid:D8:B9:71:A1:A2:0B:64:F1:42:51:80:1F:8F:43:4A:40:75:F7:EA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2LlxoaILZPFCUYAfj0NKQHX36pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9bd669-2abb-499b-a91f-4445a4d786d4/1/2LlxoaILZPFCUYAfj0NKQHX36pE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9bd669-2abb-499b-a91f-4445a4d786d4/1/2LlxoaILZPFCUYAfj0NKQHX36pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         54:bc:dd:c9:b0:33:37:d2:99:3a:95:d5:31:fc:4d:63:9d:39:
         5e:b5:b1:c3:d9:60:20:18:7c:31:84:6b:be:6b:aa:8d:58:8c:
         cb:56:17:05:a2:a1:29:ff:e3:a7:dc:4d:da:f7:4b:ee:51:53:
         df:30:05:c6:89:4e:03:5f:86:4e:ef:2b:d1:c2:2d:91:2d:2a:
         1e:e4:46:f1:4a:c0:5d:bb:f0:f1:d1:4d:cf:b8:5c:2e:7c:00:
         50:6c:fc:4b:c4:9e:bb:2b:e5:91:75:ae:4b:59:2e:cd:43:d7:
         7b:25:64:23:2d:41:d9:bf:67:3e:15:10:b8:32:50:cb:eb:f3:
         28:55:7d:c4:06:29:58:ed:7e:c3:19:da:97:56:29:40:4f:89:
         b2:0b:34:00:7a:03:b8:82:f0:05:08:2d:21:31:b5:bf:a8:bc:
         26:27:e9:34:70:8c:e6:a1:5f:28:97:cd:88:ad:86:7d:f3:70:
         18:d8:2b:28:cf:85:b4:cb:be:dd:2c:61:03:ef:27:37:fd:f0:
         3f:01:f1:6f:19:5c:cb:84:ef:a2:52:40:30:17:a1:ee:91:e9:
         39:64:0d:f7:8e:e9:c9:c1:d3:6a:01:c1:5b:46:9e:ee:a8:68:
         ba:01:71:8e:e9:af:45:c2:e9:06:8b:12:d1:96:a3:57:c4:06:
         58:73:cf:ad
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpx7tEEv/tc0nAkeCz9WXx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Yjk3MWExYTIwYjY0ZjE0MjUxODAxZjhmNDM0YTQwNzVm
N2VhOTEwHhcNMjUxMTExMDgwMTA3WhcNMjUxMTEyMDgwMTA3WjAzMTEwLwYDVQQD
Eyg5YjQ0NWY1ODg2ZTZhYzhlZGQ3MDI5ODU3MDhlMzhiZjAxODZmMWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFsemaxWwvAZ49L/v2oBVwDNWP3Z
+pc4SLuBnWyIUOU8m9CUvm8DIOGEQnhVxaGNPi5t6ZjliESgUSD8Oxr/866uE4BS
qdToKLx+yDuzE/E3KuQnbjTZEVZ9K8fvW0DHKAg8kMu3YwuP/r5kfB+efdnXKYu0
JFj2SqNWl/ZbNjFEZrQH5wZhYPSooK1i57+WykOO/mWXgODP5PIuCxnKMnzCbQWS
uar3ENS669Ij7yIppEny0Y9SjmH/QsZW9yHdt+9JnKlfZ2HSn2op7I+Ej4RCB07D
qBo/iYKfpsyAbe7OctxfYBZd7mrJpIAU4HEMa50FL9t5QmrntFzdQ8TR1QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJtEX1iG5qyO3XAphXCOOL8BhvGxMB8GA1UdIwQY
MBaAFNi5caGiC2TxQlGAH49DSkB19+qRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkxseG9hSUxaUEZDVVlBZmowTktRSFgzNnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85YmQ2NjktMmFiYi00OTliLWE5MWYt
NDQ0NWE0ZDc4NmQ0LzEvMkxseG9hSUxaUEZDVVlBZmowTktRSFgzNnBFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85YmQ2NjktMmFiYi00OTliLWE5MWYtNDQ0NWE0ZDc4NmQ0
LzEvMkxseG9hSUxaUEZDVVlBZmowTktRSFgzNnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAVLzdybAz
N9KZOpXVMfxNY505XrWxw9lgIBh8MYRrvmuqjViMy1YXBaKhKf/jp9xN2vdL7lFT
3zAFxolOA1+GTu8r0cItkS0qHuRG8UrAXbvw8dFNz7hcLnwAUGz8S8SeuyvlkXWu
S1kuzUPXeyVkIy1B2b9nPhUQuDJQy+vzKFV9xAYpWO1+wxnal1YpQE+Jsgs0AHoD
uILwBQgtITG1v6i8JifpNHCM5qFfKJfNiK2GffNwGNgrKM+FtMu+3SxhA+8nN/3w
PwHxbxlcy4TvolJAMBeh7pHpOWQN947pycHTagHBW0ae7qhougFxjumvRcLpBosS
0ZajV8QGWHPPrQ==
-----END CERTIFICATE-----