Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
File:                     DUHQpubfLhjCVnMjaNbnaCiTExA.mft (raw, json)
Hash identifier:          zhqw/hEjyT+hyw5FsIXwRrlYtEXZ4FGV22+G70MTMN0=
Subject key identifier:   AF:AF:12:C3:C4:56:EB:C7:FA:AC:4F:AE:B1:78:E7:00:A4:C3:CF:D7
Authority key identifier: 0D:41:D0:A6:E6:DF:2E:18:C2:56:73:23:68:D6:E7:68:28:93:13:10
Certificate issuer:       /CN=0d41d0a6e6df2e18c256732368d6e76828931310
Certificate serial:       019D38D33178B31082A0BCCE209A8AA53981
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DUHQpubfLhjCVnMjaNbnaCiTExA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
Manifest number:          11D7
Signing time:             Sun 29 Mar 2026 09:00:58 +0000
Manifest this update:     Sun 29 Mar 2026 09:00:58 +0000
Manifest next update:     Mon 30 Mar 2026 09:00:58 +0000
Files and hashes:         1: DUHQpubfLhjCVnMjaNbnaCiTExA.crl (hash: rMSWdqGjo/gLMvyloofuWZJ2MWUvviNqsGxYzW+FSHI=)
                          2: gQCK6BeO-j5lVpUt90LH641D-Do.roa (hash: IdvQ6sUh6mIJW4ddDEmtmONm3UtG6O5w53GtVLTmX/w=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DUHQpubfLhjCVnMjaNbnaCiTExA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 08:48:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:d3:31:78:b3:10:82:a0:bc:ce:20:9a:8a:a5:39:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d41d0a6e6df2e18c256732368d6e76828931310
        Validity
            Not Before: Mar 29 09:00:58 2026 GMT
            Not After : Mar 30 09:00:58 2026 GMT
        Subject: CN=afaf12c3c456ebc7faac4faeb178e700a4c3cfd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:18:3a:81:69:58:9e:25:e2:9c:ea:34:35:9f:
                    e5:5d:f1:1c:d6:03:83:78:8b:11:2f:d6:26:cf:d9:
                    7c:f3:5b:0a:20:40:15:71:dc:f7:15:b8:a4:17:87:
                    ec:8d:73:bb:77:50:08:89:09:8e:07:81:c9:5a:6e:
                    20:99:cf:fd:1b:45:c2:12:8e:18:f6:83:bb:8b:62:
                    56:2c:47:fd:e9:2d:fc:6c:1d:7d:15:69:03:4f:03:
                    55:a8:dc:e2:96:74:b4:64:3a:0a:ce:39:c4:af:a1:
                    eb:b2:d3:24:43:14:ed:43:57:fc:17:39:d0:8d:d6:
                    8d:6b:89:82:21:ad:1a:e8:61:25:e2:fe:58:c8:bc:
                    98:0b:c3:f0:f0:b0:e1:1e:81:9e:50:96:92:f5:a0:
                    72:f6:0d:49:4f:d4:ce:4e:8f:c0:c6:5f:dd:25:23:
                    e1:81:bd:e2:1d:51:5c:5a:67:ef:c4:22:11:51:0c:
                    d2:27:31:65:76:5e:53:b1:00:a9:95:60:54:2f:79:
                    d9:9d:cc:de:36:f6:fa:c2:ad:11:99:f3:b4:10:20:
                    53:e6:63:e8:eb:c7:d7:93:cb:34:69:96:3d:8a:12:
                    e5:7e:55:03:13:da:66:76:09:94:a5:48:2b:56:19:
                    81:d7:5f:91:ea:f2:68:b6:b9:8d:72:22:f3:f1:e2:
                    c2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AF:12:C3:C4:56:EB:C7:FA:AC:4F:AE:B1:78:E7:00:A4:C3:CF:D7
            X509v3 Authority Key Identifier:
                keyid:0D:41:D0:A6:E6:DF:2E:18:C2:56:73:23:68:D6:E7:68:28:93:13:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DUHQpubfLhjCVnMjaNbnaCiTExA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/9837b2-0df0-4f5a-80db-62b640b02e2b/1/DUHQpubfLhjCVnMjaNbnaCiTExA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         0e:8d:8d:98:b7:8a:05:16:74:3b:c9:8c:2e:fc:aa:8c:81:b8:
         fb:e9:db:49:40:7d:ec:6b:4f:16:bb:00:da:b7:e1:d2:10:91:
         11:ad:4a:12:98:da:fa:7b:a1:a9:2e:d7:fc:5b:e4:dd:86:dd:
         ea:8d:4c:2e:ef:24:f9:3d:d4:4c:f1:88:f5:a8:e1:b6:58:9b:
         fb:44:89:f6:14:a2:e6:a0:2a:7d:ff:e9:a2:b7:73:ae:71:d6:
         6d:4b:56:6a:2b:da:9d:8c:91:bd:46:01:ae:40:7a:86:ce:af:
         00:c6:2b:d5:3d:36:74:dc:26:26:1d:9f:4e:00:32:bf:70:77:
         1e:52:fc:ed:be:f9:1b:74:d5:58:f4:53:2e:15:c0:47:22:2e:
         57:9e:4a:84:07:d1:3b:b6:cc:25:87:61:cb:58:4a:ac:1a:24:
         c2:7c:93:fb:90:24:d7:9d:28:e8:3a:2e:4c:69:e4:31:ea:52:
         fe:64:64:fe:4f:12:b6:00:9b:c6:9a:be:cc:06:f4:27:7f:2c:
         29:80:33:66:d9:52:08:f8:e3:94:3b:2e:64:cd:8d:cd:5f:82:
         68:6c:51:20:2d:48:e4:24:0e:38:fc:87:ba:75:09:1b:a8:19:
         46:38:6d:a9:2d:ed:27:ed:ff:d4:99:bf:88:4e:18:af:98:cc:
         5b:b1:11:69
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ040zF4sxCCoLzOIJqKpTmBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNDFkMGE2ZTZkZjJlMThjMjU2NzMyMzY4ZDZlNzY4Mjg5
MzEzMTAwHhcNMjYwMzI5MDkwMDU4WhcNMjYwMzMwMDkwMDU4WjAzMTEwLwYDVQQD
EyhhZmFmMTJjM2M0NTZlYmM3ZmFhYzRmYWViMTc4ZTcwMGE0YzNjZmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxg6gWlYniXinOo0NZ/lXfEc1gOD
eIsRL9Ymz9l881sKIEAVcdz3FbikF4fsjXO7d1AIiQmOB4HJWm4gmc/9G0XCEo4Y
9oO7i2JWLEf96S38bB19FWkDTwNVqNzilnS0ZDoKzjnEr6HrstMkQxTtQ1f8FznQ
jdaNa4mCIa0a6GEl4v5YyLyYC8Pw8LDhHoGeUJaS9aBy9g1JT9TOTo/Axl/dJSPh
gb3iHVFcWmfvxCIRUQzSJzFldl5TsQCplWBUL3nZnczeNvb6wq0RmfO0ECBT5mPo
68fXk8s0aZY9ihLlflUDE9pmdgmUpUgrVhmB11+R6vJotrmNciLz8eLCiwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFK+vEsPEVuvH+qxPrrF45wCkw8/XMB8GA1UdIwQY
MBaAFA1B0Kbm3y4YwlZzI2jW52gokxMQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFVIUXB1YmZMaGpDVm5NamFOYm5hQ2lURXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC85ODM3YjItMGRmMC00ZjVhLTgwZGIt
NjJiNjQwYjAyZTJiLzEvRFVIUXB1YmZMaGpDVm5NamFOYm5hQ2lURXhBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC85ODM3YjItMGRmMC00ZjVhLTgwZGItNjJiNjQwYjAyZTJi
LzEvRFVIUXB1YmZMaGpDVm5NamFOYm5hQ2lURXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEADo2NmLeK
BRZ0O8mMLvyqjIG4++nbSUB97GtPFrsA2rfh0hCREa1KEpja+nuhqS7X/Fvk3Ybd
6o1MLu8k+T3UTPGI9ajhtlib+0SJ9hSi5qAqff/pordzrnHWbUtWaivanYyRvUYB
rkB6hs6vAMYr1T02dNwmJh2fTgAyv3B3HlL87b75G3TVWPRTLhXARyIuV55KhAfR
O7bMJYdhy1hKrBokwnyT+5Ak150o6DouTGnkMepS/mRk/k8StgCbxpq+zAb0J38s
KYAzZtlSCPjjlDsuZM2NzV+CaGxRIC1I5CQOOPyHunUJG6gZRjhtqS3tJ+3/1Jm/
iE4Yr5jMW7ERaQ==
-----END CERTIFICATE-----
Generated at Sun Mar 29 19:17:29 2026 by rpki-client