Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/b330c7-fdac-400a-967b-a72ead295325/1/PO7GxHlRspnHCAZYPXkdUM2BbF8.mft
File:                     PO7GxHlRspnHCAZYPXkdUM2BbF8.mft (raw, json)
Hash identifier:          84X8dQkFNT0la9rLcmpnaNI/8g+T3fhk5QWtyPC07bw=
Subject key identifier:   08:47:5D:3A:28:C8:20:09:7C:D3:38:B9:05:90:3B:98:51:E7:9D:57
Authority key identifier: 3C:EE:C6:C4:79:51:B2:99:C7:08:06:58:3D:79:1D:50:CD:81:6C:5F
Certificate issuer:       /CN=3ceec6c47951b299c70806583d791d50cd816c5f
Certificate serial:       019D382E637A5761B264B8152445E788A125
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PO7GxHlRspnHCAZYPXkdUM2BbF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/b330c7-fdac-400a-967b-a72ead295325/1/PO7GxHlRspnHCAZYPXkdUM2BbF8.mft
Manifest number:          04DE
Signing time:             Sun 29 Mar 2026 06:00:57 +0000
Manifest this update:     Sun 29 Mar 2026 06:00:57 +0000
Manifest next update:     Mon 30 Mar 2026 06:00:57 +0000
Files and hashes:         1: PO7GxHlRspnHCAZYPXkdUM2BbF8.crl (hash: q/g0Nifp8y2bpR8yah+5hKTj7VXQA1JAxGjIY6sbUN8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/b330c7-fdac-400a-967b-a72ead295325/1/PO7GxHlRspnHCAZYPXkdUM2BbF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/b330c7-fdac-400a-967b-a72ead295325/1/PO7GxHlRspnHCAZYPXkdUM2BbF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PO7GxHlRspnHCAZYPXkdUM2BbF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:2e:63:7a:57:61:b2:64:b8:15:24:45:e7:88:a1:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ceec6c47951b299c70806583d791d50cd816c5f
        Validity
            Not Before: Mar 29 06:00:57 2026 GMT
            Not After : Mar 30 06:00:57 2026 GMT
        Subject: CN=08475d3a28c820097cd338b905903b9851e79d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e7:69:0c:3b:24:86:e8:e9:5a:fb:87:53:5e:
                    e2:ed:d8:b0:ed:4d:96:bf:1e:1e:7f:87:fa:b6:f3:
                    83:68:a4:cd:3f:19:f9:5e:42:7d:1d:aa:96:e2:44:
                    0a:98:5f:2e:df:5c:7c:4f:34:44:2b:13:cc:6d:f0:
                    fc:24:a6:19:5e:72:99:8e:73:cc:20:a1:ac:16:0d:
                    9d:ee:47:cb:23:08:d7:0e:74:f4:3f:35:07:9e:45:
                    67:ec:9b:28:81:c0:0c:96:c7:c4:3f:d0:79:0f:1e:
                    d2:c8:48:4c:04:92:ef:80:8f:93:a2:d2:64:18:b3:
                    df:3d:0e:2f:50:4f:d7:e8:17:cf:c8:bc:0b:20:bd:
                    a2:68:2c:3d:24:90:5d:d8:1a:26:66:8f:8a:eb:65:
                    c1:22:9a:5a:f3:66:e4:5b:a6:81:9f:19:ab:eb:8a:
                    eb:a6:b1:4c:10:69:f5:59:6b:53:9a:33:80:4b:92:
                    ad:b9:21:bd:f3:d0:bb:cb:1c:ba:40:bf:03:07:36:
                    af:12:4a:fc:32:e0:f0:71:c0:05:e2:49:25:b0:cd:
                    36:4f:30:19:03:a5:56:46:9a:87:a7:c2:64:7b:b6:
                    58:d0:ed:5f:a2:54:97:a0:01:60:2d:94:0c:db:4b:
                    6b:5d:9f:69:ca:36:25:f8:ca:2b:3f:21:89:c4:48:
                    9e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:47:5D:3A:28:C8:20:09:7C:D3:38:B9:05:90:3B:98:51:E7:9D:57
            X509v3 Authority Key Identifier:
                keyid:3C:EE:C6:C4:79:51:B2:99:C7:08:06:58:3D:79:1D:50:CD:81:6C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PO7GxHlRspnHCAZYPXkdUM2BbF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/b330c7-fdac-400a-967b-a72ead295325/1/PO7GxHlRspnHCAZYPXkdUM2BbF8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/b330c7-fdac-400a-967b-a72ead295325/1/PO7GxHlRspnHCAZYPXkdUM2BbF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         64:0e:2c:3c:a0:99:df:96:4d:c6:5b:75:7a:2e:9b:b6:70:e3:
         0a:96:42:34:cc:d8:ee:f2:14:1a:d2:71:17:88:c9:47:f8:6c:
         61:20:cb:89:b9:a1:19:2f:bb:2f:d8:6b:65:a1:1d:62:c6:3b:
         cb:5e:ee:30:98:df:e6:8f:af:ff:84:c1:23:8f:22:be:c7:7e:
         44:98:f2:a1:e8:c3:db:60:58:f8:70:1e:59:74:b4:1c:11:a3:
         76:c8:a1:32:66:86:b2:1a:ce:09:c4:ef:73:11:ee:63:b4:53:
         eb:68:8f:e6:d7:3a:64:3b:8f:db:5d:ba:83:02:1a:a0:a0:b1:
         ed:b2:7e:b0:6b:48:29:18:0e:3e:62:a1:5d:da:20:c6:72:4a:
         13:9c:b7:e7:b7:0d:1b:5f:03:e0:d7:11:3a:86:d3:ef:05:a5:
         86:b4:0f:71:bd:b9:27:92:f8:13:7f:a5:52:b4:b0:a7:c5:f9:
         40:a3:f8:c9:3a:8a:ab:2e:97:a3:d8:3b:27:f8:8b:aa:8f:75:
         c5:66:66:5c:77:a8:67:b0:de:e2:7a:2b:7d:30:fe:14:88:50:
         25:03:50:15:6b:a5:cd:d1:c2:6d:85:81:04:98:3f:04:78:0b:
         1f:42:23:e8:b7:c5:9a:31:7a:6e:55:8d:97:63:14:88:06:7a:
         36:58:85:fb
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04LmN6V2GyZLgVJEXniKElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZWVjNmM0Nzk1MWIyOTljNzA4MDY1ODNkNzkxZDUwY2Q4
MTZjNWYwHhcNMjYwMzI5MDYwMDU3WhcNMjYwMzMwMDYwMDU3WjAzMTEwLwYDVQQD
EygwODQ3NWQzYTI4YzgyMDA5N2NkMzM4YjkwNTkwM2I5ODUxZTc5ZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+dpDDskhujpWvuHU17i7diw7U2W
vx4ef4f6tvODaKTNPxn5XkJ9HaqW4kQKmF8u31x8TzREKxPMbfD8JKYZXnKZjnPM
IKGsFg2d7kfLIwjXDnT0PzUHnkVn7JsogcAMlsfEP9B5Dx7SyEhMBJLvgI+TotJk
GLPfPQ4vUE/X6BfPyLwLIL2iaCw9JJBd2BomZo+K62XBIppa82bkW6aBnxmr64rr
prFMEGn1WWtTmjOAS5KtuSG989C7yxy6QL8DBzavEkr8MuDwccAF4kklsM02TzAZ
A6VWRpqHp8Jke7ZY0O1folSXoAFgLZQM20trXZ9pyjYl+MorPyGJxEieYQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAhHXTooyCAJfNM4uQWQO5hR551XMB8GA1UdIwQY
MBaAFDzuxsR5UbKZxwgGWD15HVDNgWxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE83R3hIbFJzcG5IQ0FaWVBYa2RVTTJCYkY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9iMzMwYzctZmRhYy00MDBhLTk2N2It
YTcyZWFkMjk1MzI1LzEvUE83R3hIbFJzcG5IQ0FaWVBYa2RVTTJCYkY4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9iMzMwYzctZmRhYy00MDBhLTk2N2ItYTcyZWFkMjk1MzI1
LzEvUE83R3hIbFJzcG5IQ0FaWVBYa2RVTTJCYkY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZA4sPKCZ
35ZNxlt1ei6btnDjCpZCNMzY7vIUGtJxF4jJR/hsYSDLibmhGS+7L9hrZaEdYsY7
y17uMJjf5o+v/4TBI48ivsd+RJjyoejD22BY+HAeWXS0HBGjdsihMmaGshrOCcTv
cxHuY7RT62iP5tc6ZDuP2126gwIaoKCx7bJ+sGtIKRgOPmKhXdogxnJKE5y357cN
G18D4NcROobT7wWlhrQPcb25J5L4E3+lUrSwp8X5QKP4yTqKqy6Xo9g7J/iLqo91
xWZmXHeoZ7De4norfTD+FIhQJQNQFWulzdHCbYWBBJg/BHgLH0Ij6LfFmjF6blWN
l2MUiAZ6NliF+w==
-----END CERTIFICATE-----