Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft
File:                     2Gcf4VfnflYoTFTVLi3w1_4609k.mft (raw, json)
Hash identifier:          39uQzZBpBRC6bvFAGNqrcdi7BvuwnGDDb2TTNLMv5m8=
Subject key identifier:   90:7B:A4:69:1B:28:0C:12:96:1F:13:0D:52:47:49:42:C1:90:B3:75
Authority key identifier: D8:67:1F:E1:57:E7:7E:56:28:4C:54:D5:2E:2D:F0:D7:FE:3A:D3:D9
Certificate issuer:       /CN=d8671fe157e77e56284c54d52e2df0d7fe3ad3d9
Certificate serial:       019D39AEB1B14D2998E636D5B9A81D3A7104
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Gcf4VfnflYoTFTVLi3w1_4609k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft
Manifest number:          1521
Signing time:             Sun 29 Mar 2026 13:00:43 +0000
Manifest this update:     Sun 29 Mar 2026 13:00:43 +0000
Manifest next update:     Mon 30 Mar 2026 13:00:43 +0000
Files and hashes:         1: 2Gcf4VfnflYoTFTVLi3w1_4609k.crl (hash: +ffn1QyzybhjiOYain7pnM5cgWhD+FtOnCipP5ZdQxg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Gcf4VfnflYoTFTVLi3w1_4609k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 13:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:ae:b1:b1:4d:29:98:e6:36:d5:b9:a8:1d:3a:71:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8671fe157e77e56284c54d52e2df0d7fe3ad3d9
        Validity
            Not Before: Mar 29 13:00:43 2026 GMT
            Not After : Mar 30 13:00:43 2026 GMT
        Subject: CN=907ba4691b280c12961f130d52474942c190b375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:00:8e:ff:91:2f:a5:c1:a2:f7:cb:96:f7:ac:
                    9b:ff:31:39:86:c2:86:3d:ea:3e:ad:0a:06:98:a7:
                    65:a7:27:0c:a6:8d:dd:53:1e:2c:bf:03:31:cd:d2:
                    0a:7e:b0:33:7f:fb:f2:bb:91:d2:98:df:6b:90:74:
                    fe:a2:90:64:18:72:92:eb:80:e2:22:99:4b:d4:53:
                    a7:4d:37:b3:1b:84:17:5d:04:1e:95:70:03:ed:37:
                    ff:c7:9e:24:26:67:97:5c:84:0c:a2:fa:e3:c5:28:
                    ca:ed:03:b4:53:18:96:1f:7f:b6:02:93:98:24:7c:
                    37:35:8f:93:6c:b4:03:09:7d:fd:b2:10:a9:b8:7d:
                    65:b9:8b:7b:a8:db:43:41:b6:69:46:e6:b8:74:da:
                    43:84:bb:07:9f:73:66:58:98:b7:b2:9c:cd:66:e5:
                    ed:b9:b4:6c:cd:29:ed:da:71:8b:b9:85:2f:b6:bf:
                    85:ae:af:af:6d:c3:12:c0:28:e4:36:0a:82:df:a4:
                    2d:a6:70:34:dd:bb:a2:fc:43:46:4d:2d:bc:1b:4f:
                    ac:49:45:ab:30:3f:ca:e4:b5:24:ae:c8:ac:69:1a:
                    6d:51:73:f3:1a:98:5a:f3:94:34:2b:a4:db:47:aa:
                    d8:3e:34:40:4a:1a:b2:7b:23:c6:14:6c:4a:ee:d7:
                    fe:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7B:A4:69:1B:28:0C:12:96:1F:13:0D:52:47:49:42:C1:90:B3:75
            X509v3 Authority Key Identifier:
                keyid:D8:67:1F:E1:57:E7:7E:56:28:4C:54:D5:2E:2D:F0:D7:FE:3A:D3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Gcf4VfnflYoTFTVLi3w1_4609k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         39:c1:8d:0e:cb:56:84:03:a3:47:7a:fa:e7:81:61:67:9f:59:
         ce:c2:62:10:eb:0d:c1:c6:d7:42:5c:a4:c0:76:03:a5:61:34:
         a1:9f:8d:cd:af:69:23:8a:9f:54:72:be:cd:0e:fe:ad:e0:b8:
         c3:55:a5:b7:4e:73:de:11:72:06:3d:b5:46:87:ec:3d:67:42:
         9f:e1:43:35:22:2d:d9:bf:ba:64:88:03:93:23:d8:03:38:c0:
         2c:96:35:8e:82:d7:ce:69:f2:09:b5:43:04:66:f3:f4:08:b6:
         63:a2:f3:91:40:dc:78:dd:9c:da:59:8a:34:f9:a6:c2:19:ab:
         e8:6b:d2:47:9c:60:cc:2a:a7:36:d0:a7:ed:40:87:2d:04:97:
         92:da:86:ba:5a:70:a8:43:5e:2a:7a:3a:34:4b:43:56:00:ef:
         07:69:0d:3d:70:a6:3a:05:b6:e6:cc:02:93:d5:0b:23:59:b9:
         4f:81:c8:c5:6c:3c:39:b2:d3:e3:66:0e:e6:3b:68:98:03:e6:
         27:c6:8d:7e:c8:bc:8d:55:09:8d:43:3f:a9:df:d7:6d:f1:aa:
         cd:07:b1:ad:ae:86:d0:35:92:7c:e0:89:45:ae:61:a3:d7:d8:
         76:7c:56:94:54:1a:a0:4e:66:72:f0:35:02:dd:52:95:c2:01:
         cd:98:66:10
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05rrGxTSmY5jbVuagdOnEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NjcxZmUxNTdlNzdlNTYyODRjNTRkNTJlMmRmMGQ3ZmUz
YWQzZDkwHhcNMjYwMzI5MTMwMDQzWhcNMjYwMzMwMTMwMDQzWjAzMTEwLwYDVQQD
Eyg5MDdiYTQ2OTFiMjgwYzEyOTYxZjEzMGQ1MjQ3NDk0MmMxOTBiMzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQCO/5EvpcGi98uW96yb/zE5hsKG
Peo+rQoGmKdlpycMpo3dUx4svwMxzdIKfrAzf/vyu5HSmN9rkHT+opBkGHKS64Di
IplL1FOnTTezG4QXXQQelXAD7Tf/x54kJmeXXIQMovrjxSjK7QO0UxiWH3+2ApOY
JHw3NY+TbLQDCX39shCpuH1luYt7qNtDQbZpRua4dNpDhLsHn3NmWJi3spzNZuXt
ubRszSnt2nGLuYUvtr+Frq+vbcMSwCjkNgqC36QtpnA03bui/ENGTS28G0+sSUWr
MD/K5LUkrsisaRptUXPzGpha85Q0K6TbR6rYPjRAShqyeyPGFGxK7tf+lQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJB7pGkbKAwSlh8TDVJHSULBkLN1MB8GA1UdIwQY
MBaAFNhnH+FX535WKExU1S4t8Nf+OtPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdjZjRWZm5mbFlvVEZUVkxpM3cxXzQ2MDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83NjhiNzItMmE3Ny00MmI5LThiMGMt
MWVhYmZmYWFmZjE5LzEvMkdjZjRWZm5mbFlvVEZUVkxpM3cxXzQ2MDlrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83NjhiNzItMmE3Ny00MmI5LThiMGMtMWVhYmZmYWFmZjE5
LzEvMkdjZjRWZm5mbFlvVEZUVkxpM3cxXzQ2MDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAOcGNDstW
hAOjR3r654FhZ59ZzsJiEOsNwcbXQlykwHYDpWE0oZ+Nza9pI4qfVHK+zQ7+reC4
w1Wlt05z3hFyBj21RofsPWdCn+FDNSIt2b+6ZIgDkyPYAzjALJY1joLXzmnyCbVD
BGbz9Ai2Y6LzkUDceN2c2lmKNPmmwhmr6GvSR5xgzCqnNtCn7UCHLQSXktqGulpw
qENeKno6NEtDVgDvB2kNPXCmOgW25swCk9ULI1m5T4HIxWw8ObLT42YO5jtomAPm
J8aNfsi8jVUJjUM/qd/XbfGqzQexra6G0DWSfOCJRa5ho9fYdnxWlFQaoE5mcvA1
At1SlcIBzZhmEA==
-----END CERTIFICATE-----