Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft
File:                     kHpNEpJLU1fjAmev48XMc2QkEVg.mft (raw, json)
Hash identifier:          frTsJbnEBOpEMKsya+YL6oQ7R3FYY/HlRgjroeuRKoU=
Subject key identifier:   0D:29:84:18:A6:56:2A:18:02:7B:5A:11:01:89:F2:E7:F3:B0:03:F3
Authority key identifier: 90:7A:4D:12:92:4B:53:57:E3:02:67:AF:E3:C5:CC:73:64:24:11:58
Certificate issuer:       /CN=907a4d12924b5357e30267afe3c5cc7364241158
Certificate serial:       019D3865C7D7A644012C8AE64CFF351F5303
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kHpNEpJLU1fjAmev48XMc2QkEVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft
Manifest number:          12A4
Signing time:             Sun 29 Mar 2026 07:01:27 +0000
Manifest this update:     Sun 29 Mar 2026 07:01:27 +0000
Manifest next update:     Mon 30 Mar 2026 07:01:27 +0000
Files and hashes:         1: kHpNEpJLU1fjAmev48XMc2QkEVg.crl (hash: PaTZT8ZMxAkOmB5iLxEpj+4BXJZEDMr1uCWbzgcuYLM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kHpNEpJLU1fjAmev48XMc2QkEVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:65:c7:d7:a6:44:01:2c:8a:e6:4c:ff:35:1f:53:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=907a4d12924b5357e30267afe3c5cc7364241158
        Validity
            Not Before: Mar 29 07:01:27 2026 GMT
            Not After : Mar 30 07:01:27 2026 GMT
        Subject: CN=0d298418a6562a18027b5a110189f2e7f3b003f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:15:09:7f:ae:61:ca:8a:0a:ed:8e:28:a7:1b:
                    43:b5:a0:05:e9:27:39:e5:44:64:87:77:68:bc:66:
                    53:bd:d6:60:0c:58:81:af:95:28:16:14:66:0d:bf:
                    8d:a4:47:21:12:72:4a:54:bd:17:0f:a0:78:6d:99:
                    b7:db:c2:93:0a:24:0f:6b:37:30:b6:8a:74:49:e0:
                    ac:4b:89:dc:39:1b:be:9b:fc:af:8e:92:fd:9e:3f:
                    fb:a1:fe:d6:59:6c:63:de:41:58:a1:d4:b3:58:20:
                    a3:63:00:39:1a:15:31:5c:45:3a:aa:08:13:09:f1:
                    27:98:e9:dd:85:3a:63:e5:57:f6:96:7b:44:ae:58:
                    41:18:76:a3:6d:73:be:05:59:9d:fa:cd:60:a4:d6:
                    9a:43:65:82:57:1a:46:6e:11:76:f3:24:51:d5:85:
                    b5:d0:2e:8b:8e:9f:a6:0e:e3:07:ba:ec:b5:85:82:
                    30:cd:46:b3:98:7e:b5:0a:b2:42:f9:8b:20:7a:09:
                    83:ac:fd:8b:4c:72:55:54:b9:b3:7d:31:47:9b:84:
                    97:51:78:a7:5d:c5:8c:81:ed:3a:be:95:c6:ef:b6:
                    fb:5a:de:a3:c4:ec:06:6d:0d:60:d8:db:9b:a2:91:
                    64:5c:99:56:9c:5e:f4:a7:bb:83:54:bc:99:24:ff:
                    01:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:29:84:18:A6:56:2A:18:02:7B:5A:11:01:89:F2:E7:F3:B0:03:F3
            X509v3 Authority Key Identifier:
                keyid:90:7A:4D:12:92:4B:53:57:E3:02:67:AF:E3:C5:CC:73:64:24:11:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kHpNEpJLU1fjAmev48XMc2QkEVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         79:71:91:e1:35:b8:48:e9:c7:7d:97:53:e1:6d:db:41:67:0d:
         c2:91:68:1b:aa:32:25:74:5e:9e:71:48:de:08:a1:92:ba:89:
         e2:bc:05:79:f9:f6:07:c6:f9:0a:54:34:0f:67:c0:f4:99:df:
         ab:b2:3d:ee:d7:43:1c:6b:dc:12:21:23:6d:c7:04:15:e7:c2:
         6e:ef:19:90:f6:44:6d:34:4b:84:54:8e:18:e1:f7:43:8d:9f:
         78:47:9a:98:c2:9e:2a:62:24:b6:0f:ba:c8:8b:af:51:d1:56:
         5e:0b:99:23:20:b8:d1:9c:6a:1c:e7:24:06:0c:11:d7:50:63:
         e8:73:8a:b1:61:c7:9b:40:80:23:15:7b:d2:ae:cd:19:81:7c:
         3a:53:f5:2e:da:08:66:b4:f6:47:b9:ee:d3:21:12:36:1d:a8:
         a3:bd:44:9a:6b:66:9f:03:52:d1:f9:65:9e:ea:33:ac:d4:15:
         71:13:4d:f8:2e:59:c3:81:dd:58:3e:a0:52:f4:26:8b:ad:f8:
         86:9a:bb:20:b0:de:5e:ed:a1:7f:fd:3d:0e:38:67:5b:47:b4:
         42:93:cb:ff:db:50:26:ab:ca:68:c6:2d:0e:7e:ec:69:21:99:
         6f:13:28:5a:b1:c0:4c:36:f5:2d:29:2e:c8:f1:e5:03:a7:3c:
         19:ca:b8:ab
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04ZcfXpkQBLIrmTP81H1MDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwN2E0ZDEyOTI0YjUzNTdlMzAyNjdhZmUzYzVjYzczNjQy
NDExNTgwHhcNMjYwMzI5MDcwMTI3WhcNMjYwMzMwMDcwMTI3WjAzMTEwLwYDVQQD
EygwZDI5ODQxOGE2NTYyYTE4MDI3YjVhMTEwMTg5ZjJlN2YzYjAwM2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRUJf65hyooK7Y4opxtDtaAF6Sc5
5URkh3dovGZTvdZgDFiBr5UoFhRmDb+NpEchEnJKVL0XD6B4bZm328KTCiQPazcw
top0SeCsS4ncORu+m/yvjpL9nj/7of7WWWxj3kFYodSzWCCjYwA5GhUxXEU6qggT
CfEnmOndhTpj5Vf2lntErlhBGHajbXO+BVmd+s1gpNaaQ2WCVxpGbhF28yRR1YW1
0C6Ljp+mDuMHuuy1hYIwzUazmH61CrJC+YsgegmDrP2LTHJVVLmzfTFHm4SXUXin
XcWMge06vpXG77b7Wt6jxOwGbQ1g2NubopFkXJlWnF70p7uDVLyZJP8BtQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFA0phBimVioYAntaEQGJ8ufzsAPzMB8GA1UdIwQY
MBaAFJB6TRKSS1NX4wJnr+PFzHNkJBFYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0hwTkVwSkxVMWZqQW1ldjQ4WE1jMlFrRVZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9hZWY0NGYtY2JkZi00MTIwLTg0ZjEt
NjIxYTJiYjQwYzY2LzEva0hwTkVwSkxVMWZqQW1ldjQ4WE1jMlFrRVZnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9hZWY0NGYtY2JkZi00MTIwLTg0ZjEtNjIxYTJiYjQwYzY2
LzEva0hwTkVwSkxVMWZqQW1ldjQ4WE1jMlFrRVZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAeXGR4TW4
SOnHfZdT4W3bQWcNwpFoG6oyJXRennFI3gihkrqJ4rwFefn2B8b5ClQ0D2fA9Jnf
q7I97tdDHGvcEiEjbccEFefCbu8ZkPZEbTRLhFSOGOH3Q42feEeamMKeKmIktg+6
yIuvUdFWXguZIyC40ZxqHOckBgwR11Bj6HOKsWHHm0CAIxV70q7NGYF8OlP1LtoI
ZrT2R7nu0yESNh2oo71EmmtmnwNS0fllnuozrNQVcRNN+C5Zw4HdWD6gUvQmi634
hpq7ILDeXu2hf/09DjhnW0e0QpPL/9tQJqvKaMYtDn7saSGZbxMoWrHATDb1LSku
yPHlA6c8Gcq4qw==
-----END CERTIFICATE-----