Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          IZbjboRlbw0OrfFRWkP/lPSEbNMrZu4Hos7R5LWRb+0=
Subject key identifier:   FB:DA:06:9C:EA:47:16:06:78:74:94:C2:7A:A6:F0:7A:A5:34:BB:A2
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       019D3909D354AC6394E4FCF90C4DCB1E8C28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          071C
Signing time:             Sun 29 Mar 2026 10:00:38 +0000
Manifest this update:     Sun 29 Mar 2026 10:00:38 +0000
Manifest next update:     Mon 30 Mar 2026 10:00:38 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: JcYGEXzmmdVf1z9ZByp7YIoPXDH4/rC2miBjIkQKR+M=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:09:d3:54:ac:63:94:e4:fc:f9:0c:4d:cb:1e:8c:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Mar 29 10:00:38 2026 GMT
            Not After : Mar 30 10:00:38 2026 GMT
        Subject: CN=fbda069cea471606787494c27aa6f07aa534bba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9d:0e:9e:a1:e4:95:e1:13:e3:e5:2e:2e:e3:
                    66:ec:b6:6a:9f:07:76:fd:57:05:37:9a:e4:4b:b2:
                    e1:db:29:f7:1a:6f:fd:9e:eb:37:1e:3a:71:d6:74:
                    fd:14:9d:d3:e1:73:5b:70:d4:c0:e0:50:e7:55:4c:
                    08:b3:d8:f8:dd:92:8e:df:01:cc:21:5c:3a:5a:f2:
                    a1:03:df:26:f8:45:c5:d9:32:2b:46:55:f8:d5:18:
                    61:34:ad:69:54:60:86:75:ff:75:dd:0d:bc:34:89:
                    46:f9:2b:dc:c2:89:8f:53:97:f7:0b:a0:b4:c9:f4:
                    fa:b1:20:e0:08:14:96:7f:a9:0e:b8:11:52:e5:34:
                    8b:3a:f2:60:bc:59:c6:48:95:5c:da:21:19:1b:11:
                    5f:54:79:ab:ba:29:5e:3e:fb:53:a9:d5:55:7b:49:
                    70:1a:32:1e:d2:b3:e9:4f:47:61:fa:0b:e1:c3:da:
                    02:57:9f:d1:44:bd:d9:6b:53:08:0e:46:22:73:4c:
                    7c:40:15:83:88:00:b7:1c:de:d6:2a:25:e4:1f:b0:
                    9a:32:c7:c8:8e:5b:aa:23:22:d8:3d:c1:56:b9:24:
                    46:75:2f:6f:b8:4b:73:47:dc:bc:ab:d0:14:4e:61:
                    f8:6d:ad:1b:a4:dd:8d:ea:da:ab:f2:2e:f9:ad:55:
                    9b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:DA:06:9C:EA:47:16:06:78:74:94:C2:7A:A6:F0:7A:A5:34:BB:A2
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         8a:3c:9c:33:63:ce:cb:9e:23:de:23:c4:ec:a0:38:e2:71:6e:
         be:e5:b2:1a:ee:0b:f6:a1:c8:74:8b:a8:34:2f:6d:c6:e2:59:
         9c:d2:14:f7:1d:e5:b8:e0:c9:a1:b6:ae:ef:0b:02:88:db:de:
         3d:91:d2:47:e3:a1:dc:14:3f:7e:35:64:77:db:4d:38:ca:36:
         53:5f:da:a5:b0:07:cc:aa:13:7b:18:36:1f:83:a7:ea:01:c9:
         aa:0d:41:6a:2b:61:4f:05:9d:87:7f:46:f1:2b:3c:43:df:95:
         b9:32:98:10:c1:73:7f:ba:0c:70:fe:e4:dd:fe:8c:8e:79:36:
         bc:b3:7c:15:83:de:7a:c4:75:31:7e:d5:40:a7:a3:72:a6:1f:
         d4:66:e9:c9:c0:a3:6a:95:8f:9f:bc:d7:e7:ca:19:59:b8:45:
         cb:ee:28:66:53:58:d7:38:76:a7:ba:8d:07:4e:7f:da:4d:0b:
         3d:88:0a:59:03:a6:69:09:c2:d6:ce:14:09:c1:c8:1b:5a:8e:
         56:86:8b:ae:c9:de:8a:a5:50:07:88:9e:57:ac:3a:20:c6:96:
         cc:b7:8c:3d:6f:8a:cc:27:6e:ec:2c:2b:c0:62:de:ad:d8:2f:
         4b:03:ed:8e:26:b5:92:4a:68:ac:88:8d:dd:5b:3f:d0:57:67:
         06:a4:37:8b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05CdNUrGOU5Pz5DE3LHowoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjYwMzI5MTAwMDM4WhcNMjYwMzMwMTAwMDM4WjAzMTEwLwYDVQQD
EyhmYmRhMDY5Y2VhNDcxNjA2Nzg3NDk0YzI3YWE2ZjA3YWE1MzRiYmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv50OnqHkleET4+UuLuNm7LZqnwd2
/VcFN5rkS7Lh2yn3Gm/9nus3Hjpx1nT9FJ3T4XNbcNTA4FDnVUwIs9j43ZKO3wHM
IVw6WvKhA98m+EXF2TIrRlX41RhhNK1pVGCGdf913Q28NIlG+SvcwomPU5f3C6C0
yfT6sSDgCBSWf6kOuBFS5TSLOvJgvFnGSJVc2iEZGxFfVHmruilePvtTqdVVe0lw
GjIe0rPpT0dh+gvhw9oCV5/RRL3Za1MIDkYic0x8QBWDiAC3HN7WKiXkH7CaMsfI
jluqIyLYPcFWuSRGdS9vuEtzR9y8q9AUTmH4ba0bpN2N6tqr8i75rVWblQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPvaBpzqRxYGeHSUwnqm8HqlNLuiMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAijycM2PO
y54j3iPE7KA44nFuvuWyGu4L9qHIdIuoNC9txuJZnNIU9x3luODJobau7wsCiNve
PZHSR+Oh3BQ/fjVkd9tNOMo2U1/apbAHzKoTexg2H4On6gHJqg1BaithTwWdh39G
8Ss8Q9+VuTKYEMFzf7oMcP7k3f6Mjnk2vLN8FYPeesR1MX7VQKejcqYf1GbpycCj
apWPn7zX58oZWbhFy+4oZlNY1zh2p7qNB05/2k0LPYgKWQOmaQnC1s4UCcHIG1qO
VoaLrsneiqVQB4ieV6w6IMaWzLeMPW+KzCdu7CwrwGLerdgvSwPtjia1kkporIiN
3Vs/0FdnBqQ3iw==
-----END CERTIFICATE-----