Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft
File:                     YhcForItk4GoI8l5xvTnc0I1I20.mft (raw, json)
Hash identifier:          H99Q9A6cvn/40S1tvEX9Svo1XgjROfGT1IzwdxUrMm8=
Subject key identifier:   6F:D4:8E:D2:7B:15:2A:14:23:70:0A:85:B9:A5:1A:89:11:52:7A:D8
Authority key identifier: 62:17:05:A2:B2:2D:93:81:A8:23:C9:79:C6:F4:E7:73:42:35:23:6D
Certificate issuer:       /CN=621705a2b22d9381a823c979c6f4e7734235236d
Certificate serial:       019D39407D0A1B713B9189D95ACCCC69492C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhcForItk4GoI8l5xvTnc0I1I20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft
Manifest number:          1171
Signing time:             Sun 29 Mar 2026 11:00:20 +0000
Manifest this update:     Sun 29 Mar 2026 11:00:20 +0000
Manifest next update:     Mon 30 Mar 2026 11:00:20 +0000
Files and hashes:         1: YhcForItk4GoI8l5xvTnc0I1I20.crl (hash: Qg387AvRF7MjQxq3fCuW+nF12tG6nlD9DTHRUnV12fs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhcForItk4GoI8l5xvTnc0I1I20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:40:7d:0a:1b:71:3b:91:89:d9:5a:cc:cc:69:49:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621705a2b22d9381a823c979c6f4e7734235236d
        Validity
            Not Before: Mar 29 11:00:20 2026 GMT
            Not After : Mar 30 11:00:20 2026 GMT
        Subject: CN=6fd48ed27b152a1423700a85b9a51a8911527ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:63:13:8f:dd:f6:0b:f5:61:3f:8a:3d:7a:b3:
                    3b:fd:2b:d3:50:4e:4b:4a:ea:38:ea:27:fe:29:99:
                    7f:f5:93:74:d8:90:64:e5:2d:3d:18:99:90:7c:85:
                    45:53:5d:39:c3:36:58:68:ce:6a:23:74:46:ba:c3:
                    e1:70:27:0d:00:24:18:bc:5f:e3:99:28:1b:2d:59:
                    00:6a:36:69:76:eb:0f:0c:1f:bb:36:a1:76:2f:a5:
                    9b:f2:4d:95:31:94:28:29:df:bf:26:9e:39:04:8c:
                    b3:64:eb:45:01:19:ab:94:0f:4d:16:74:73:a0:5e:
                    ba:13:df:ba:09:df:4d:d8:1e:38:da:e3:f7:b6:07:
                    2a:b1:62:15:f5:84:7f:e6:44:ea:f1:14:79:04:58:
                    fe:61:2a:23:00:b3:8e:b8:b2:33:3b:59:39:80:24:
                    1f:4f:5d:d3:5a:d9:b4:22:6f:ad:c6:49:c9:24:c4:
                    d8:bd:75:22:03:a5:52:64:01:97:71:ca:96:52:87:
                    86:ac:89:c4:67:98:7b:b3:e3:4e:bd:67:c9:10:db:
                    e1:ab:bf:03:9e:23:66:18:c0:16:02:e5:13:67:55:
                    73:5c:93:6e:90:58:d8:d9:46:af:8c:c0:e9:d6:c2:
                    c1:0b:b5:1c:8d:e5:6b:87:92:56:7f:4e:45:35:35:
                    28:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D4:8E:D2:7B:15:2A:14:23:70:0A:85:B9:A5:1A:89:11:52:7A:D8
            X509v3 Authority Key Identifier:
                keyid:62:17:05:A2:B2:2D:93:81:A8:23:C9:79:C6:F4:E7:73:42:35:23:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhcForItk4GoI8l5xvTnc0I1I20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         b1:ef:9e:ac:58:8c:17:41:8e:f1:9d:17:57:56:71:9d:dd:0a:
         d9:5b:7c:57:ab:54:35:cb:95:50:1f:7e:be:62:e1:e9:59:f9:
         8b:e1:85:6b:d9:f5:be:79:90:3f:1d:e5:30:90:bc:09:61:b3:
         db:6b:72:16:4f:fe:ef:35:a6:1e:23:3c:64:91:15:a3:e1:59:
         04:67:27:a0:b5:5e:f1:06:cd:08:82:ee:f8:9f:a5:00:b9:2f:
         b5:7d:dd:a3:dc:b6:79:7e:9a:30:11:b5:de:33:64:42:cc:ee:
         5b:ce:c6:6c:3a:d1:61:22:ef:a2:00:49:84:6f:d6:4d:1d:4a:
         eb:a9:18:ab:6d:45:0b:9c:f1:5d:b8:23:b7:b3:ef:10:0c:da:
         c0:15:68:05:a1:06:84:98:53:45:f5:06:66:d1:ff:e7:7e:2c:
         58:32:f0:47:b7:91:10:2d:95:e7:9c:ef:8a:d9:59:c5:78:93:
         b1:a5:9e:89:88:42:6d:a3:3a:3b:38:14:49:44:db:05:63:c5:
         bc:5d:3f:b9:ba:8f:41:e3:1f:54:e9:db:15:de:43:bb:62:48:
         dd:64:5e:43:b3:b8:7b:a3:e9:b4:6e:fd:43:4a:e3:37:20:32:
         75:10:3f:63:19:51:7e:e0:3a:88:a5:e7:0d:d9:21:16:6b:ac:
         31:fd:ce:53
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05QH0KG3E7kYnZWszMaUksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTcwNWEyYjIyZDkzODFhODIzYzk3OWM2ZjRlNzczNDIz
NTIzNmQwHhcNMjYwMzI5MTEwMDIwWhcNMjYwMzMwMTEwMDIwWjAzMTEwLwYDVQQD
Eyg2ZmQ0OGVkMjdiMTUyYTE0MjM3MDBhODViOWE1MWE4OTExNTI3YWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmMTj932C/VhP4o9erM7/SvTUE5L
Suo46if+KZl/9ZN02JBk5S09GJmQfIVFU105wzZYaM5qI3RGusPhcCcNACQYvF/j
mSgbLVkAajZpdusPDB+7NqF2L6Wb8k2VMZQoKd+/Jp45BIyzZOtFARmrlA9NFnRz
oF66E9+6Cd9N2B442uP3tgcqsWIV9YR/5kTq8RR5BFj+YSojALOOuLIzO1k5gCQf
T13TWtm0Im+txknJJMTYvXUiA6VSZAGXccqWUoeGrInEZ5h7s+NOvWfJENvhq78D
niNmGMAWAuUTZ1VzXJNukFjY2UavjMDp1sLBC7UcjeVrh5JWf05FNTUofQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFG/UjtJ7FSoUI3AKhbmlGokRUnrYMB8GA1UdIwQY
MBaAFGIXBaKyLZOBqCPJecb053NCNSNtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhjRm9ySXRrNEdvSThsNXh2VG5jMEkxSTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9jOTIzNGQtZTEzMy00MTk0LTg0YWMt
NzFhMzlkYjg4YTIzLzEvWWhjRm9ySXRrNEdvSThsNXh2VG5jMEkxSTIwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9jOTIzNGQtZTEzMy00MTk0LTg0YWMtNzFhMzlkYjg4YTIz
LzEvWWhjRm9ySXRrNEdvSThsNXh2VG5jMEkxSTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAse+erFiM
F0GO8Z0XV1Zxnd0K2Vt8V6tUNcuVUB9+vmLh6Vn5i+GFa9n1vnmQPx3lMJC8CWGz
22tyFk/+7zWmHiM8ZJEVo+FZBGcnoLVe8QbNCILu+J+lALkvtX3do9y2eX6aMBG1
3jNkQszuW87GbDrRYSLvogBJhG/WTR1K66kYq21FC5zxXbgjt7PvEAzawBVoBaEG
hJhTRfUGZtH/534sWDLwR7eREC2V55zvitlZxXiTsaWeiYhCbaM6OzgUSUTbBWPF
vF0/ubqPQeMfVOnbFd5Du2JI3WReQ7O4e6PptG79Q0rjNyAydRA/YxlRfuA6iKXn
DdkhFmusMf3OUw==
-----END CERTIFICATE-----