Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft
File:                     YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft (raw, json)
Hash identifier:          qFSdB9aqGO9nRHfSRc7H+Nv6DosVbh4ND4uwfNY3R38=
Subject key identifier:   3B:CB:B5:D0:D3:1F:7E:C3:66:14:F7:2F:51:80:16:68:83:84:AE:01
Authority key identifier: 60:A4:34:FD:6B:FF:8B:6F:BB:0D:52:F8:DA:42:E9:1F:8A:5A:29:2F
Certificate issuer:       /CN=60a434fd6bff8b6fbb0d52f8da42e91f8a5a292f
Certificate serial:       019D37C0AD69D9CB62ED0B8A87B15E50B653
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YKQ0_Wv_i2-7DVL42kLpH4paKS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft
Manifest number:          0A28
Signing time:             Sun 29 Mar 2026 04:01:07 +0000
Manifest this update:     Sun 29 Mar 2026 04:01:07 +0000
Manifest next update:     Mon 30 Mar 2026 04:01:07 +0000
Files and hashes:         1: YKQ0_Wv_i2-7DVL42kLpH4paKS8.crl (hash: MG0X6NjKQyDaGYz9xCvyWMn6l0RE5gF+ImsWUot6qMQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YKQ0_Wv_i2-7DVL42kLpH4paKS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 04:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:37:c0:ad:69:d9:cb:62:ed:0b:8a:87:b1:5e:50:b6:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60a434fd6bff8b6fbb0d52f8da42e91f8a5a292f
        Validity
            Not Before: Mar 29 04:01:07 2026 GMT
            Not After : Mar 30 04:01:07 2026 GMT
        Subject: CN=3bcbb5d0d31f7ec36614f72f518016688384ae01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a7:f5:86:6a:18:c8:c7:eb:42:f5:f9:d9:17:
                    0b:d5:d3:03:b6:c4:51:ba:67:f5:5b:4c:ae:b6:d2:
                    6a:6e:b8:5d:f2:49:80:c8:7f:3e:8d:73:f6:ff:0b:
                    59:dc:f0:cb:dd:88:da:83:b5:0e:15:61:07:32:ec:
                    4c:2b:ab:d3:0d:5d:64:22:2a:0f:6b:13:ac:80:1a:
                    34:57:ba:8b:3c:01:81:f1:99:59:f5:66:ff:26:a1:
                    ee:f9:46:c6:ab:b6:53:c0:05:d6:ae:2b:f2:c5:48:
                    c1:59:f1:c3:7d:ba:11:59:0e:bd:d5:d3:a0:39:97:
                    9e:df:4b:2d:54:0c:8e:ba:ac:b8:5e:9d:77:eb:96:
                    22:68:cf:d2:00:f9:8f:4c:09:a2:20:8b:fb:77:81:
                    d6:31:ad:8b:f1:95:23:bb:03:7a:cf:5f:54:0b:81:
                    b6:56:95:e3:82:9f:ae:52:90:50:ae:1f:ad:0b:ce:
                    65:40:f5:68:f7:f3:f7:bb:04:d4:ab:1d:b8:be:b0:
                    1e:3c:6a:66:ea:b3:ce:00:81:28:fa:2b:64:10:50:
                    59:d3:d4:dc:9a:a4:6e:a7:7d:40:1a:52:81:4e:e3:
                    53:7b:a8:54:64:c0:d3:68:c1:25:7f:cc:22:df:81:
                    97:d9:97:d2:b6:f7:ea:cc:78:de:b6:41:38:a0:87:
                    3c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CB:B5:D0:D3:1F:7E:C3:66:14:F7:2F:51:80:16:68:83:84:AE:01
            X509v3 Authority Key Identifier:
                keyid:60:A4:34:FD:6B:FF:8B:6F:BB:0D:52:F8:DA:42:E9:1F:8A:5A:29:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKQ0_Wv_i2-7DVL42kLpH4paKS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         77:99:79:1e:73:d9:c5:ff:96:7e:95:66:c3:f2:2d:d0:10:6d:
         62:90:e2:a2:52:ca:9e:29:22:b9:e9:51:aa:58:d4:a9:db:cd:
         57:b5:49:d7:dd:67:09:8b:a4:fc:85:7c:b3:bd:f6:91:db:59:
         f7:32:de:87:4d:81:9d:80:3d:09:82:ff:29:d8:b8:01:46:31:
         ec:e6:14:1e:99:58:b3:09:bf:25:06:99:48:68:b2:8b:a3:f2:
         a2:35:79:83:d9:e5:1e:cc:12:57:4d:94:26:35:54:74:9f:f1:
         42:63:14:55:2c:72:b9:b2:10:b6:43:3d:7c:91:2a:d7:9e:1d:
         fc:51:94:3c:f3:c9:e9:87:54:18:fa:75:d9:e3:99:46:f7:b5:
         81:ec:60:70:2e:93:a9:d3:ad:bb:a4:62:17:50:1c:af:f3:6f:
         90:66:09:7e:1a:96:6f:49:9c:5c:d3:24:b6:01:30:08:f9:8d:
         a2:75:85:19:0c:72:d5:44:9c:b3:41:40:c6:0e:40:91:a3:61:
         d2:df:07:db:04:60:76:fe:93:65:f8:1d:08:98:55:9c:82:6b:
         dd:80:58:96:e7:5a:20:da:95:c2:28:ca:42:9b:a5:94:be:93:
         98:ab:a3:4e:f3:3f:6f:e6:50:e8:d6:01:ea:86:dd:7f:70:3a:
         fb:63:e5:f3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ03wK1p2cti7QuKh7FeULZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYTQzNGZkNmJmZjhiNmZiYjBkNTJmOGRhNDJlOTFmOGE1
YTI5MmYwHhcNMjYwMzI5MDQwMTA3WhcNMjYwMzMwMDQwMTA3WjAzMTEwLwYDVQQD
EygzYmNiYjVkMGQzMWY3ZWMzNjYxNGY3MmY1MTgwMTY2ODgzODRhZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaf1hmoYyMfrQvX52RcL1dMDtsRR
umf1W0yuttJqbrhd8kmAyH8+jXP2/wtZ3PDL3Yjag7UOFWEHMuxMK6vTDV1kIioP
axOsgBo0V7qLPAGB8ZlZ9Wb/JqHu+UbGq7ZTwAXWrivyxUjBWfHDfboRWQ691dOg
OZee30stVAyOuqy4Xp1365YiaM/SAPmPTAmiIIv7d4HWMa2L8ZUjuwN6z19UC4G2
VpXjgp+uUpBQrh+tC85lQPVo9/P3uwTUqx24vrAePGpm6rPOAIEo+itkEFBZ09Tc
mqRup31AGlKBTuNTe6hUZMDTaMElf8wi34GX2ZfStvfqzHjetkE4oIc8BQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDvLtdDTH37DZhT3L1GAFmiDhK4BMB8GA1UdIwQY
MBaAFGCkNP1r/4tvuw1S+NpC6R+KWikvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUtRMF9Xdl9pMi03RFZMNDJrTHBINHBhS1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82ODAxYzktZGQxNy00ZGNhLTgxMDAt
NmEzZjAxZDljYjUwLzEvWUtRMF9Xdl9pMi03RFZMNDJrTHBINHBhS1M4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82ODAxYzktZGQxNy00ZGNhLTgxMDAtNmEzZjAxZDljYjUw
LzEvWUtRMF9Xdl9pMi03RFZMNDJrTHBINHBhS1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAd5l5HnPZ
xf+WfpVmw/It0BBtYpDiolLKnikiuelRqljUqdvNV7VJ191nCYuk/IV8s732kdtZ
9zLeh02BnYA9CYL/Kdi4AUYx7OYUHplYswm/JQaZSGiyi6PyojV5g9nlHswSV02U
JjVUdJ/xQmMUVSxyubIQtkM9fJEq154d/FGUPPPJ6YdUGPp12eOZRve1gexgcC6T
qdOtu6RiF1Acr/NvkGYJfhqWb0mcXNMktgEwCPmNonWFGQxy1UScs0FAxg5AkaNh
0t8H2wRgdv6TZfgdCJhVnIJr3YBYludaINqVwijKQpullL6TmKujTvM/b+ZQ6NYB
6obdf3A6+2Pl8w==
-----END CERTIFICATE-----