Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
File:                     Kfp91j8uLYe194UAk8dDu_vhTkQ.mft (raw, json)
Hash identifier:          U2utvXCvi1QlPotIEOwEzJCwbTVC7ElYqSQHoE3vhrY=
Subject key identifier:   5B:E1:B9:86:CD:BB:C9:87:E5:F4:A1:48:3C:00:23:F1:AC:7F:59:1E
Authority key identifier: 29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44
Certificate issuer:       /CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
Certificate serial:       019929D84C514DD930E082CC82120095DC91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
Manifest number:          0526
Signing time:             Mon 08 Sep 2025 15:01:05 +0000
Manifest this update:     Mon 08 Sep 2025 15:01:05 +0000
Manifest next update:     Tue 09 Sep 2025 15:01:05 +0000
Files and hashes:         1: 05o0ilxpLPFj724SFa-brN8vzXk.roa (hash: CPN9MrS7MYDAN7zH2nr9vN3ZoOoKTAOXjde0z1Y3r4g=)
                          2: 5h88FMdyJ4BKxPsdcgHQyCeiggw.roa (hash: Owv+GMEcs1uONJHFnOZ4mKs3NxskXYOAjZpyCXtz47Y=)
                          3: 7HfOX3VXYMpd2AIPBc7-S-uMs_8.roa (hash: k5M6cr3ux0zaC3HrK4AQu/eEDnL7gIrijJy4BZ0Nw4M=)
                          4: 7OOt-MnHsX07hiPdKHIMZaJ8wrg.roa (hash: 7nZ90mtRGZWhPbm1Puw7IzZkWIgR1R3W35D51WFY05w=)
                          5: BT9PpbhARp2PKEupubiiio8TvBc.roa (hash: PoRHUsj11iEWOHUhXg6p185DLswF97IfYO5dpNwM+4k=)
                          6: F1OWe033_DuZ-JjrisCh6PYvi1s.roa (hash: bLONjsizRZ/N6QYxCW6KHMn5K6t8a7PJWP3/t57vEJk=)
                          7: K3PHjFr5iZQBePAHzZD7020H3CQ.roa (hash: cYqNDwyqOAThtjZwtvIGK4yhgMYUiG7kHacZddA60SQ=)
                          8: Kfp91j8uLYe194UAk8dDu_vhTkQ.crl (hash: HWvNVUwtWnd5ZM0fAjQ3Wtf5CU6Ev+hrWYGMya8XVNM=)
                          9: PwDUcjqBkiIEULzXxKTVGmmTWG4.roa (hash: FRJ/j45X7Ib31MDYnkP96sRJLV09a4YTIEwHH8GRm+c=)
                          10: SGJaxM1tftN6eWW_JhWZIZdq6Hs.roa (hash: i3+GB/wkLsPOj8TleSkbJUTDI0kj7dMA6dFb0QRWP+8=)
                          11: X-V1c33BeHLMq6YPZ6efCsl3cMM.roa (hash: qD2GqEyAmd2okDBw6OR3DlzX+O8r0bDHBHVLHEg9U3g=)
                          12: X6A7ZOxQkF-N5TBF6hNZ0D-sPxQ.roa (hash: sOJamuYIhYJWJLrvAE1wd1xA2gh7NgXmer7n43KBLdc=)
                          13: Y68HM_eE8K1w4SS6fxm68_4816Q.roa (hash: j5XSBxx8t0t2IG8jaeix/JPoU5Vp2pcHE0yvoVN43nY=)
                          14: eM7RoSEq3C715iKtcwBUqsiVTDM.roa (hash: U7xNVv9g2fKrI4EOjzXQcIX1ekwna/aEJqfXxfKaR90=)
                          15: u-M1H4DlyfJcf3cI4KPf60AAf5E.roa (hash: rqvHkJ1B+GOatMUS6IQfjBMvmK91Ea22MfD3TS1yuVM=)
                          16: us6ukJjPwguMUHmhc8SpjnjeHOE.roa (hash: RuHDwxtF2zmik+S8Nhu0t8NrGvwHVQJraNmp1nORf/c=)
                          17: zvMqPtiLMOCgjOxqm6euJp83YNA.roa (hash: jIvx8RFgHAKB/kauSEcxDljiE/0sDn1/Jfcw3a0iCKU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 14:10:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:d8:4c:51:4d:d9:30:e0:82:cc:82:12:00:95:dc:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29fa7dd63f2e2d87b5f7850093c743bbfbe14e44
        Validity
            Not Before: Sep  8 15:01:05 2025 GMT
            Not After : Sep  9 15:01:05 2025 GMT
        Subject: CN=5be1b986cdbbc987e5f4a1483c0023f1ac7f591e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:47:3b:00:61:99:c0:7d:aa:28:61:f9:f5:a3:
                    b4:23:db:ec:4c:a5:42:c9:46:ab:ae:bb:05:dd:13:
                    76:d6:68:79:74:22:39:f2:2c:fd:9f:5b:a8:0a:a0:
                    3c:0d:fd:4a:9d:6c:94:3e:00:73:8e:31:f5:ca:9c:
                    9e:f9:a7:33:d9:41:33:c1:14:58:9c:b1:c4:64:c5:
                    f6:f1:9b:9a:20:4e:0b:51:df:fa:7f:33:3c:98:59:
                    14:67:af:a8:6d:ed:9b:2f:c3:7a:0e:f8:4e:ac:fb:
                    3c:48:3f:f6:0b:d2:b1:83:0c:d5:d2:5d:b7:7b:a3:
                    6f:73:25:69:c7:a1:a3:c2:37:b3:31:99:c0:eb:95:
                    f9:da:63:88:ed:ef:a5:5c:ab:79:9f:1c:59:37:77:
                    13:d0:fa:72:93:27:a1:a5:1e:96:34:ae:af:f1:93:
                    20:5d:9b:0b:79:a1:c0:c8:51:ae:89:22:92:ff:43:
                    b3:ac:03:ce:6d:a4:9a:66:4e:68:c0:0d:b2:cb:ec:
                    bc:bd:3b:64:f7:7c:f4:e9:9b:fd:19:fb:35:69:28:
                    e9:2a:54:16:4c:0c:b2:e4:ba:18:6e:ab:52:08:3f:
                    b9:40:db:d4:a7:e7:56:b8:29:e1:78:05:34:da:f5:
                    86:aa:6b:cf:b2:34:c7:64:66:88:f2:f5:c6:cd:05:
                    9d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:E1:B9:86:CD:BB:C9:87:E5:F4:A1:48:3C:00:23:F1:AC:7F:59:1E
            X509v3 Authority Key Identifier:
                keyid:29:FA:7D:D6:3F:2E:2D:87:B5:F7:85:00:93:C7:43:BB:FB:E1:4E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kfp91j8uLYe194UAk8dDu_vhTkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/2c0cbf-11f7-4b6d-b88e-79f7b6ea7c14/1/Kfp91j8uLYe194UAk8dDu_vhTkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1f:bd:7b:09:30:79:47:28:72:2b:32:3c:d6:63:8d:25:43:ef:
         ac:0b:82:46:cf:5a:df:59:2c:c5:45:2a:66:79:76:46:21:a4:
         5c:39:25:9a:8d:f3:65:82:15:13:b1:cf:0e:06:43:67:02:61:
         ff:c8:ec:8e:8e:9e:f2:6a:1a:b1:17:5b:ac:dc:c0:3e:a1:66:
         8f:72:1f:23:40:14:e9:5c:ec:50:40:48:d5:f7:70:ee:e4:67:
         d3:8f:17:66:94:1e:2f:db:47:53:eb:2b:84:12:53:15:4a:5d:
         1e:8d:4c:c6:7a:50:7e:57:42:82:7a:61:df:2d:f5:78:99:89:
         f5:8d:be:dd:15:68:e8:9b:ab:50:b1:15:60:44:06:2e:cd:f5:
         85:e0:55:58:a7:83:01:bc:0e:a7:23:9a:6b:b6:bb:be:f3:0b:
         f0:b3:c9:51:ae:64:45:99:ff:15:ac:b3:c4:f7:a2:44:ef:e3:
         ef:ba:fb:98:ea:e5:14:74:47:7b:58:c4:65:8b:f4:c7:0b:58:
         a4:7d:2e:c7:f4:9b:7e:fe:48:1a:d8:29:a6:a4:b7:30:ca:cf:
         c5:2d:00:10:75:06:8f:db:19:9f:94:82:31:84:e7:9a:38:37:
         86:0d:9f:3e:fc:80:4e:81:17:2d:c0:27:b0:12:26:4b:0c:28:
         97:68:30:98
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZkp2ExRTdkw4ILMghIAldyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZmE3ZGQ2M2YyZTJkODdiNWY3ODUwMDkzYzc0M2JiZmJl
MTRlNDQwHhcNMjUwOTA4MTUwMTA1WhcNMjUwOTA5MTUwMTA1WjAzMTEwLwYDVQQD
Eyg1YmUxYjk4NmNkYmJjOTg3ZTVmNGExNDgzYzAwMjNmMWFjN2Y1OTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Uc7AGGZwH2qKGH59aO0I9vsTKVC
yUarrrsF3RN21mh5dCI58iz9n1uoCqA8Df1KnWyUPgBzjjH1ypye+acz2UEzwRRY
nLHEZMX28ZuaIE4LUd/6fzM8mFkUZ6+obe2bL8N6DvhOrPs8SD/2C9KxgwzV0l23
e6NvcyVpx6GjwjezMZnA65X52mOI7e+lXKt5nxxZN3cT0PpykyehpR6WNK6v8ZMg
XZsLeaHAyFGuiSKS/0OzrAPObaSaZk5owA2yy+y8vTtk93z06Zv9Gfs1aSjpKlQW
TAyy5LoYbqtSCD+5QNvUp+dWuCnheAU02vWGqmvPsjTHZGaI8vXGzQWdiQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFvhuYbNu8mH5fShSDwAI/Gsf1keMB8GA1UdIwQY
MBaAFCn6fdY/Li2HtfeFAJPHQ7v74U5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUt
NzlmN2I2ZWE3YzE0LzEvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8yYzBjYmYtMTFmNy00YjZkLWI4OGUtNzlmN2I2ZWE3YzE0
LzEvS2ZwOTFqOHVMWWUxOTRVQWs4ZER1X3ZoVGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAH717CTB5
RyhyKzI81mONJUPvrAuCRs9a31ksxUUqZnl2RiGkXDklmo3zZYIVE7HPDgZDZwJh
/8jsjo6e8moasRdbrNzAPqFmj3IfI0AU6VzsUEBI1fdw7uRn048XZpQeL9tHU+sr
hBJTFUpdHo1MxnpQfldCgnph3y31eJmJ9Y2+3RVo6JurULEVYEQGLs31heBVWKeD
AbwOpyOaa7a7vvML8LPJUa5kRZn/FayzxPeiRO/j77r7mOrlFHRHe1jEZYv0xwtY
pH0ux/Sbfv5IGtgppqS3MMrPxS0AEHUGj9sZn5SCMYTnmjg3hg2fPvyAToEXLcAn
sBImSwwol2gwmA==
-----END CERTIFICATE-----