Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/9kixVYLTS9UXCp3RO4EyW6uuXjo.mft
File:                     9kixVYLTS9UXCp3RO4EyW6uuXjo.mft (raw, json)
Hash identifier:          wshntbuTEEb4sABLivkkFJfoDbFdAZBkDobIih6K7a0=
Subject key identifier:   70:9E:18:0A:86:2C:D8:20:AD:33:EB:A3:F2:38:48:5A:B2:D1:8D:AE
Authority key identifier: F6:48:B1:55:82:D3:4B:D5:17:0A:9D:D1:3B:81:32:5B:AB:AE:5E:3A
Certificate issuer:       /CN=f648b15582d34bd5170a9dd13b81325babae5e3a
Certificate serial:       019D37C09CAA53E655A2591F7E5743D5B8F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9kixVYLTS9UXCp3RO4EyW6uuXjo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/9kixVYLTS9UXCp3RO4EyW6uuXjo.mft
Manifest number:          188F
Signing time:             Sun 29 Mar 2026 04:01:02 +0000
Manifest this update:     Sun 29 Mar 2026 04:01:02 +0000
Manifest next update:     Mon 30 Mar 2026 04:01:02 +0000
Files and hashes:         1: 9kixVYLTS9UXCp3RO4EyW6uuXjo.crl (hash: 08QfgKuNCal6jlLPS3USHYOHsLRd2ZKGdENJek/0iPY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/9kixVYLTS9UXCp3RO4EyW6uuXjo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/9kixVYLTS9UXCp3RO4EyW6uuXjo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9kixVYLTS9UXCp3RO4EyW6uuXjo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:37:c0:9c:aa:53:e6:55:a2:59:1f:7e:57:43:d5:b8:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f648b15582d34bd5170a9dd13b81325babae5e3a
        Validity
            Not Before: Mar 29 04:01:02 2026 GMT
            Not After : Mar 30 04:01:02 2026 GMT
        Subject: CN=709e180a862cd820ad33eba3f238485ab2d18dae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ea:a2:b0:85:0b:8a:e5:92:8d:f4:15:68:d4:
                    10:a6:f4:c7:5c:8f:63:61:f6:c2:4d:79:74:4d:bb:
                    59:95:69:e4:63:f0:e1:7b:92:4a:9e:4f:d5:90:e2:
                    37:25:fe:ea:a7:51:78:cf:fa:8a:70:72:16:2a:a9:
                    88:b2:59:1f:d6:f9:2a:c1:26:5c:23:bc:97:f0:21:
                    bc:09:c6:62:e3:0f:26:c0:ef:6d:1d:8f:25:89:49:
                    d1:c9:2c:b3:1f:dd:e3:be:74:90:6d:06:ed:cb:a5:
                    7b:d2:2e:2a:75:1f:fe:f8:ba:04:e3:af:20:09:02:
                    19:d4:a7:07:2a:79:b9:93:97:9b:47:9d:9b:1f:d7:
                    00:30:cb:a5:64:20:5e:9c:7c:74:cb:1b:fd:ed:cf:
                    1e:ec:22:28:06:4a:c1:31:40:b0:01:68:3d:de:30:
                    db:79:76:0d:8f:2e:08:00:60:7c:8f:fd:4b:4d:15:
                    f7:1c:a3:76:c7:87:d8:08:10:b1:f9:01:3e:b3:39:
                    f5:ba:87:ac:72:1c:60:cc:92:1b:a1:2d:18:85:51:
                    35:fc:fe:50:9e:25:31:82:c8:6e:3d:c1:a4:53:08:
                    dc:25:1c:2e:64:fb:7b:97:eb:5f:3b:38:ab:74:b0:
                    02:53:1c:5e:11:46:e5:d0:53:fc:77:4c:ce:26:20:
                    a9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:9E:18:0A:86:2C:D8:20:AD:33:EB:A3:F2:38:48:5A:B2:D1:8D:AE
            X509v3 Authority Key Identifier:
                keyid:F6:48:B1:55:82:D3:4B:D5:17:0A:9D:D1:3B:81:32:5B:AB:AE:5E:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9kixVYLTS9UXCp3RO4EyW6uuXjo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/9kixVYLTS9UXCp3RO4EyW6uuXjo.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/d8f672-539f-401d-9dc7-62799b90231b/1/9kixVYLTS9UXCp3RO4EyW6uuXjo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         71:45:06:9e:a8:bd:12:d7:1e:3b:f6:5b:ed:4a:bb:40:ce:16:
         77:59:03:aa:91:fe:5d:08:f9:73:06:b2:e5:81:8d:d9:0b:eb:
         83:d9:28:32:82:85:9b:f6:0c:f7:66:5a:d9:18:3e:ef:1a:58:
         d9:f2:d9:dd:79:0a:4c:bd:3e:5e:f7:92:01:39:c8:2d:dc:c3:
         f5:75:f8:d9:f5:bd:f8:b5:d5:96:63:42:cd:10:87:90:8a:10:
         04:18:50:63:69:41:48:21:ae:5d:e7:e9:cc:cd:95:51:f1:4c:
         e5:04:85:d2:c0:6d:03:66:a4:da:84:7a:12:20:75:91:2c:41:
         b1:8a:ce:3f:56:e0:6a:9e:f0:b9:21:72:b8:e7:8f:4c:49:f9:
         a0:0b:9c:eb:cb:a1:5a:5d:91:84:14:4e:22:1e:4c:47:c5:f3:
         43:52:6b:d1:1c:0f:7e:08:28:49:39:f3:6d:d3:8b:ba:80:ee:
         67:17:7b:52:d4:75:bc:4a:ef:d9:dc:7f:9e:36:e1:c5:1d:ac:
         ae:0b:f5:8f:0a:2c:68:40:d5:6e:9f:42:ce:de:ad:87:c1:e8:
         29:65:d4:a8:6a:a7:95:fa:f0:63:50:df:f3:21:b7:01:90:a6:
         c6:db:96:32:94:2e:a2:57:87:fc:ed:fa:28:88:c4:bf:e4:f0:
         15:f7:45:ea
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ03wJyqU+ZVolkffldD1bj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NDhiMTU1ODJkMzRiZDUxNzBhOWRkMTNiODEzMjViYWJh
ZTVlM2EwHhcNMjYwMzI5MDQwMTAyWhcNMjYwMzMwMDQwMTAyWjAzMTEwLwYDVQQD
Eyg3MDllMTgwYTg2MmNkODIwYWQzM2ViYTNmMjM4NDg1YWIyZDE4ZGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAruqisIULiuWSjfQVaNQQpvTHXI9j
YfbCTXl0TbtZlWnkY/Dhe5JKnk/VkOI3Jf7qp1F4z/qKcHIWKqmIslkf1vkqwSZc
I7yX8CG8CcZi4w8mwO9tHY8liUnRySyzH93jvnSQbQbty6V70i4qdR/++LoE468g
CQIZ1KcHKnm5k5ebR52bH9cAMMulZCBenHx0yxv97c8e7CIoBkrBMUCwAWg93jDb
eXYNjy4IAGB8j/1LTRX3HKN2x4fYCBCx+QE+szn1uoeschxgzJIboS0YhVE1/P5Q
niUxgshuPcGkUwjcJRwuZPt7l+tfOzirdLACUxxeEUbl0FP8d0zOJiCpgQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHCeGAqGLNggrTPro/I4SFqy0Y2uMB8GA1UdIwQY
MBaAFPZIsVWC00vVFwqd0TuBMlurrl46MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWtpeFZZTFRTOVVYQ3AzUk80RXlXNnV1WGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9kOGY2NzItNTM5Zi00MDFkLTlkYzct
NjI3OTliOTAyMzFiLzEvOWtpeFZZTFRTOVVYQ3AzUk80RXlXNnV1WGpvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9kOGY2NzItNTM5Zi00MDFkLTlkYzctNjI3OTliOTAyMzFi
LzEvOWtpeFZZTFRTOVVYQ3AzUk80RXlXNnV1WGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAcUUGnqi9
EtceO/Zb7Uq7QM4Wd1kDqpH+XQj5cway5YGN2Qvrg9koMoKFm/YM92Za2Rg+7xpY
2fLZ3XkKTL0+XveSATnILdzD9XX42fW9+LXVlmNCzRCHkIoQBBhQY2lBSCGuXefp
zM2VUfFM5QSF0sBtA2ak2oR6EiB1kSxBsYrOP1bgap7wuSFyuOePTEn5oAuc68uh
Wl2RhBROIh5MR8XzQ1Jr0RwPfggoSTnzbdOLuoDuZxd7UtR1vErv2dx/njbhxR2s
rgv1jwosaEDVbp9Czt6th8HoKWXUqGqnlfrwY1Df8yG3AZCmxtuWMpQuoleH/O36
KIjEv+TwFfdF6g==
-----END CERTIFICATE-----