Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
File:                     DUHQpubfLhjCVnMjaNbnaCiTExA.mft (raw, json)
Hash identifier:          V202BWEmOIaEZfxftOTJj/ONiF1Hpc1unjYdKyFfyb8=
Subject key identifier:   91:5B:FA:E0:B1:84:8E:93:F7:14:D8:1C:9B:29:CC:9E:E2:C5:19:FF
Authority key identifier: 0D:41:D0:A6:E6:DF:2E:18:C2:56:73:23:68:D6:E7:68:28:93:13:10
Certificate issuer:       /CN=0d41d0a6e6df2e18c256732368d6e76828931310
Certificate serial:       019D3AC195CB0E301DF46D8604B37DE78639
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DUHQpubfLhjCVnMjaNbnaCiTExA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
Manifest number:          11D8
Signing time:             Sun 29 Mar 2026 18:00:58 +0000
Manifest this update:     Sun 29 Mar 2026 18:00:58 +0000
Manifest next update:     Mon 30 Mar 2026 18:00:58 +0000
Files and hashes:         1: DUHQpubfLhjCVnMjaNbnaCiTExA.crl (hash: Z59F63FwlIGJ+TXtKgNFHt5FQRtiBcrn8+8t9HSHjpA=)
                          2: gQCK6BeO-j5lVpUt90LH641D-Do.roa (hash: IdvQ6sUh6mIJW4ddDEmtmONm3UtG6O5w53GtVLTmX/w=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DUHQpubfLhjCVnMjaNbnaCiTExA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3a:c1:95:cb:0e:30:1d:f4:6d:86:04:b3:7d:e7:86:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d41d0a6e6df2e18c256732368d6e76828931310
        Validity
            Not Before: Mar 29 18:00:58 2026 GMT
            Not After : Mar 30 18:00:58 2026 GMT
        Subject: CN=915bfae0b1848e93f714d81c9b29cc9ee2c519ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8a:74:12:f9:ff:4b:4a:2a:e2:8d:dc:2d:f9:
                    4f:02:8b:30:9a:6e:dc:49:89:e3:42:b7:d0:d1:8e:
                    fe:3c:c1:80:40:6d:3b:a7:01:4c:04:4c:56:4f:51:
                    21:f6:f9:40:ed:c6:a1:eb:6e:6b:1f:eb:12:8e:32:
                    13:bc:de:3a:2c:60:d1:d2:99:f3:3a:bf:51:cb:b5:
                    03:7b:26:19:d5:84:79:ab:66:61:ca:51:41:05:34:
                    59:bb:cd:c6:a4:4a:26:d8:4b:ac:23:06:d5:02:48:
                    a6:d3:06:d9:5c:cf:a2:d4:7a:3c:c6:2f:0a:63:73:
                    29:2c:65:6d:0b:0e:1a:79:d4:b2:33:42:a6:81:7f:
                    a3:85:28:56:8d:85:49:7b:a7:52:e2:35:77:ad:52:
                    dc:fd:4c:50:9b:90:02:9a:61:10:56:22:6e:52:07:
                    9e:5f:43:81:2a:02:5e:ad:d9:38:b5:c7:b6:78:34:
                    87:f2:a6:45:26:a0:c3:b3:2a:d8:70:aa:99:ef:f1:
                    8a:44:d4:e9:32:60:9c:0f:92:80:63:17:ee:16:d1:
                    89:b8:05:00:bb:35:1f:5e:83:5b:fd:a5:1a:fb:ba:
                    e3:b7:50:f9:78:e6:6a:34:e8:d1:95:b4:0f:5f:13:
                    a7:65:46:70:3c:47:2c:59:88:06:68:cb:45:62:3c:
                    ee:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:5B:FA:E0:B1:84:8E:93:F7:14:D8:1C:9B:29:CC:9E:E2:C5:19:FF
            X509v3 Authority Key Identifier:
                keyid:0D:41:D0:A6:E6:DF:2E:18:C2:56:73:23:68:D6:E7:68:28:93:13:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DUHQpubfLhjCVnMjaNbnaCiTExA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1f:95:65:61:ed:3a:24:78:7b:52:08:62:8a:4e:01:d8:60:b9:
         ed:6d:16:0e:08:d9:c8:97:e6:6e:ad:17:bc:c6:43:70:ec:b4:
         cd:d7:13:3f:6e:6d:31:3e:f1:44:6a:79:a4:ee:d2:6c:ec:8b:
         a6:03:8b:c4:05:01:83:99:89:2f:a5:4a:e3:d3:1a:3d:ad:90:
         cf:5b:d8:75:f4:c3:21:89:b6:a9:5e:56:9e:5d:d7:69:09:1e:
         1e:7f:cc:49:cf:ea:66:8d:aa:df:0f:de:6c:d6:58:f0:e5:4b:
         a1:2e:f3:cd:7e:fa:c1:56:51:82:59:5c:e2:c4:3a:93:46:79:
         37:2a:e2:2c:df:38:cb:fd:9a:a9:27:87:b8:05:99:70:ca:cf:
         f7:1f:f5:c1:de:8a:5c:41:06:d2:26:c2:4c:07:e8:cd:69:f5:
         cb:59:01:ab:b3:3d:8d:03:48:d2:c3:28:77:d3:37:f9:47:f7:
         c3:1e:c0:80:c2:3d:e7:6c:93:96:df:2b:af:4d:94:e7:e2:27:
         aa:39:b0:5a:a5:ea:76:6e:81:bd:27:b9:c5:f4:91:cc:f9:08:
         2c:7d:5e:3a:a8:e0:5a:51:77:91:e9:31:f4:06:96:60:91:62:
         c5:c7:1e:d7:f6:72:b0:11:e3:83:b9:6a:4b:9d:ae:b2:cf:ac:
         1a:99:32:77
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ06wZXLDjAd9G2GBLN954Y5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNDFkMGE2ZTZkZjJlMThjMjU2NzMyMzY4ZDZlNzY4Mjg5
MzEzMTAwHhcNMjYwMzI5MTgwMDU4WhcNMjYwMzMwMTgwMDU4WjAzMTEwLwYDVQQD
Eyg5MTViZmFlMGIxODQ4ZTkzZjcxNGQ4MWM5YjI5Y2M5ZWUyYzUxOWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIp0Evn/S0oq4o3cLflPAoswmm7c
SYnjQrfQ0Y7+PMGAQG07pwFMBExWT1Eh9vlA7cah625rH+sSjjITvN46LGDR0pnz
Or9Ry7UDeyYZ1YR5q2ZhylFBBTRZu83GpEom2EusIwbVAkim0wbZXM+i1Ho8xi8K
Y3MpLGVtCw4aedSyM0KmgX+jhShWjYVJe6dS4jV3rVLc/UxQm5ACmmEQViJuUgee
X0OBKgJerdk4tce2eDSH8qZFJqDDsyrYcKqZ7/GKRNTpMmCcD5KAYxfuFtGJuAUA
uzUfXoNb/aUa+7rjt1D5eOZqNOjRlbQPXxOnZUZwPEcsWYgGaMtFYjzu/QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJFb+uCxhI6T9xTYHJspzJ7ixRn/MB8GA1UdIwQY
MBaAFA1B0Kbm3y4YwlZzI2jW52gokxMQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFVIUXB1YmZMaGpDVm5NamFOYm5hQ2lURXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85ODM3YjItMGRmMC00ZjVhLTgwZGIt
NjJiNjQwYjAyZTJiLzEvRFVIUXB1YmZMaGpDVm5NamFOYm5hQ2lURXhBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85ODM3YjItMGRmMC00ZjVhLTgwZGItNjJiNjQwYjAyZTJi
LzEvRFVIUXB1YmZMaGpDVm5NamFOYm5hQ2lURXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAH5VlYe06
JHh7Ughiik4B2GC57W0WDgjZyJfmbq0XvMZDcOy0zdcTP25tMT7xRGp5pO7SbOyL
pgOLxAUBg5mJL6VK49MaPa2Qz1vYdfTDIYm2qV5Wnl3XaQkeHn/MSc/qZo2q3w/e
bNZY8OVLoS7zzX76wVZRgllc4sQ6k0Z5NyriLN84y/2aqSeHuAWZcMrP9x/1wd6K
XEEG0ibCTAfozWn1y1kBq7M9jQNI0sMod9M3+Uf3wx7AgMI952yTlt8rr02U5+In
qjmwWqXqdm6BvSe5xfSRzPkILH1eOqjgWlF3kekx9AaWYJFixcce1/ZysBHjg7lq
S52uss+sGpkydw==
-----END CERTIFICATE-----
Generated at Sun Mar 29 20:25:48 2026 by rpki-client