Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft
File:                     KrmiSem1jILhRV6yM5RVsDHn3d8.mft (raw, json)
Hash identifier:          v3keaiB0/8LBD/KIVg64daccMUY1K2o6AYfyYyTZJac=
Subject key identifier:   9A:6F:4F:C3:44:1C:FF:C7:2A:D9:94:09:D2:39:E1:F1:17:6A:F9:90
Authority key identifier: 2A:B9:A2:49:E9:B5:8C:82:E1:45:5E:B2:33:94:55:B0:31:E7:DD:DF
Certificate issuer:       /CN=2ab9a249e9b58c82e1455eb2339455b031e7dddf
Certificate serial:       019D38D377D8710BB87AB8AAD6007FC1C744
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KrmiSem1jILhRV6yM5RVsDHn3d8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft
Manifest number:          188C
Signing time:             Sun 29 Mar 2026 09:01:15 +0000
Manifest this update:     Sun 29 Mar 2026 09:01:15 +0000
Manifest next update:     Mon 30 Mar 2026 09:01:15 +0000
Files and hashes:         1: KrmiSem1jILhRV6yM5RVsDHn3d8.crl (hash: zLG7fxv0gXgNWebwYeAnGk5J8lelQgCd48cJlpW/DOs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KrmiSem1jILhRV6yM5RVsDHn3d8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:d3:77:d8:71:0b:b8:7a:b8:aa:d6:00:7f:c1:c7:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ab9a249e9b58c82e1455eb2339455b031e7dddf
        Validity
            Not Before: Mar 29 09:01:15 2026 GMT
            Not After : Mar 30 09:01:15 2026 GMT
        Subject: CN=9a6f4fc3441cffc72ad99409d239e1f1176af990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e3:ac:89:52:ab:2c:bd:cc:67:f4:a0:63:2c:
                    d1:a7:d0:7e:46:66:d1:2d:c1:a9:d6:c1:f3:24:d6:
                    01:e4:bd:2b:39:a0:ed:df:ee:37:12:c1:75:91:0f:
                    a2:83:44:de:a2:02:e0:1b:08:5f:7c:d9:fa:ae:d2:
                    c8:4d:44:97:d1:f9:20:22:ad:2c:e4:65:44:1f:24:
                    3f:21:c2:dc:48:dd:d1:aa:0b:54:a3:2b:f2:ae:80:
                    86:4b:45:4f:44:60:d0:82:cf:0b:e7:a6:37:a0:0c:
                    af:38:cd:52:19:51:50:5d:82:8c:91:fd:8b:2e:6e:
                    db:d6:84:b4:6b:15:43:af:85:04:2c:01:b5:60:ae:
                    18:74:a3:ca:c8:b5:55:a6:e8:a1:09:8e:05:5a:7c:
                    1a:63:4b:02:75:5f:ce:d7:0e:c3:61:26:2d:af:e4:
                    35:9d:62:51:75:f3:75:11:a7:8c:13:03:03:69:66:
                    53:51:29:7f:cd:c7:a5:ef:c8:f1:57:15:63:9e:10:
                    80:de:63:45:0a:bc:47:0f:6a:a1:29:e8:24:c3:b5:
                    47:db:c5:12:e3:1d:67:1d:c9:3f:af:c7:bd:04:81:
                    5f:ba:34:42:54:45:db:e7:c4:9f:fc:a5:95:6d:89:
                    38:a2:78:0f:d0:f1:63:5e:2e:4b:1b:b2:44:3f:fa:
                    42:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:6F:4F:C3:44:1C:FF:C7:2A:D9:94:09:D2:39:E1:F1:17:6A:F9:90
            X509v3 Authority Key Identifier:
                keyid:2A:B9:A2:49:E9:B5:8C:82:E1:45:5E:B2:33:94:55:B0:31:E7:DD:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KrmiSem1jILhRV6yM5RVsDHn3d8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         88:f3:62:dd:df:70:23:ee:94:28:5a:ae:17:60:14:3d:63:80:
         49:23:20:cd:5f:b8:f9:39:72:01:ed:bc:09:58:2c:0b:43:42:
         f3:39:ac:13:42:69:86:17:90:04:18:64:3c:84:28:f7:40:ba:
         ef:9c:5b:f1:51:18:bf:b2:61:06:69:9a:07:af:eb:1a:18:bd:
         d6:29:8b:a4:e1:bf:99:49:ce:66:a5:48:86:a8:68:1c:5a:11:
         29:82:03:a0:fa:94:16:50:1b:39:4b:71:65:88:73:e6:c2:86:
         8a:06:b0:e6:f9:27:96:82:9c:96:7c:29:33:19:c5:2c:5a:93:
         f8:61:26:76:1b:39:0a:cf:49:2f:c8:29:7f:f4:10:22:5f:1c:
         6b:5b:47:32:1f:66:6d:83:8c:bf:21:44:15:c5:bb:9a:08:7b:
         ee:e6:f4:0b:23:ac:48:ce:a1:27:22:cb:28:0e:0f:a7:9b:df:
         23:95:d2:db:8e:20:5a:ce:0b:f0:f9:12:a7:04:fd:15:72:a5:
         f2:a9:2d:ee:a9:99:c4:58:d8:4d:f3:87:b5:07:9f:e2:bb:7c:
         14:8b:08:ab:e7:a5:4d:35:ee:81:05:7f:9a:76:61:6e:be:14:
         8c:93:2a:2e:b1:ad:23:56:2b:a6:31:c9:49:4b:a9:c4:2c:69:
         d5:38:3a:08
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0403fYcQu4eriq1gB/wcdEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYjlhMjQ5ZTliNThjODJlMTQ1NWViMjMzOTQ1NWIwMzFl
N2RkZGYwHhcNMjYwMzI5MDkwMTE1WhcNMjYwMzMwMDkwMTE1WjAzMTEwLwYDVQQD
Eyg5YTZmNGZjMzQ0MWNmZmM3MmFkOTk0MDlkMjM5ZTFmMTE3NmFmOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOOsiVKrLL3MZ/SgYyzRp9B+RmbR
LcGp1sHzJNYB5L0rOaDt3+43EsF1kQ+ig0TeogLgGwhffNn6rtLITUSX0fkgIq0s
5GVEHyQ/IcLcSN3RqgtUoyvyroCGS0VPRGDQgs8L56Y3oAyvOM1SGVFQXYKMkf2L
Lm7b1oS0axVDr4UELAG1YK4YdKPKyLVVpuihCY4FWnwaY0sCdV/O1w7DYSYtr+Q1
nWJRdfN1EaeMEwMDaWZTUSl/zcel78jxVxVjnhCA3mNFCrxHD2qhKegkw7VH28US
4x1nHck/r8e9BIFfujRCVEXb58Sf/KWVbYk4ongP0PFjXi5LG7JEP/pCkQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJpvT8NEHP/HKtmUCdI54fEXavmQMB8GA1UdIwQY
MBaAFCq5oknptYyC4UVesjOUVbAx593fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3JtaVNlbTFqSUxoUlY2eU01UlZzREhuM2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85ZWFiNmQtNmIzNS00YTVhLWFmYjEt
MjUxZjIyMDkzZDA0LzEvS3JtaVNlbTFqSUxoUlY2eU01UlZzREhuM2Q4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85ZWFiNmQtNmIzNS00YTVhLWFmYjEtMjUxZjIyMDkzZDA0
LzEvS3JtaVNlbTFqSUxoUlY2eU01UlZzREhuM2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAiPNi3d9w
I+6UKFquF2AUPWOASSMgzV+4+TlyAe28CVgsC0NC8zmsE0JphheQBBhkPIQo90C6
75xb8VEYv7JhBmmaB6/rGhi91imLpOG/mUnOZqVIhqhoHFoRKYIDoPqUFlAbOUtx
ZYhz5sKGigaw5vknloKclnwpMxnFLFqT+GEmdhs5Cs9JL8gpf/QQIl8ca1tHMh9m
bYOMvyFEFcW7mgh77ub0CyOsSM6hJyLLKA4Pp5vfI5XS244gWs4L8PkSpwT9FXKl
8qkt7qmZxFjYTfOHtQef4rt8FIsIq+elTTXugQV/mnZhbr4UjJMqLrGtI1YrpjHJ
SUupxCxp1Tg6CA==
-----END CERTIFICATE-----