Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.mft
File:                     iTbfSsL0Z-pmwRl6hinT9ku1Y_A.mft (raw, json)
Hash identifier:          TdK8MO+arCpr2a9vkt48xjdgSSvAHE61KU26QRw2ShU=
Subject key identifier:   CB:84:8F:7C:BD:C4:D4:F5:F9:4C:09:65:99:BF:7D:5D:72:5E:3F:F8
Authority key identifier: 89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0
Certificate issuer:       /CN=8936df4ac2f467ea66c1197a8629d3f64bb563f0
Certificate serial:       019D3865594C72B764BEF8CFC981FACD914B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.mft
Manifest number:          14D4
Signing time:             Sun 29 Mar 2026 07:00:59 +0000
Manifest this update:     Sun 29 Mar 2026 07:00:59 +0000
Manifest next update:     Mon 30 Mar 2026 07:00:59 +0000
Files and hashes:         1: iTbfSsL0Z-pmwRl6hinT9ku1Y_A.crl (hash: YdH9Y2zGgYIGHJ6OIHq6/Ap4eU0+LKZf3ZehcTcQsHw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:65:59:4c:72:b7:64:be:f8:cf:c9:81:fa:cd:91:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8936df4ac2f467ea66c1197a8629d3f64bb563f0
        Validity
            Not Before: Mar 29 07:00:59 2026 GMT
            Not After : Mar 30 07:00:59 2026 GMT
        Subject: CN=cb848f7cbdc4d4f5f94c096599bf7d5d725e3ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ec:d3:12:73:d1:c9:94:16:ed:8f:f2:0b:ec:
                    da:67:90:cc:1b:4c:da:8d:f6:80:94:eb:f9:fe:01:
                    ba:80:97:44:ae:0f:21:a5:a4:31:2d:43:ba:15:a8:
                    32:09:0b:4e:f0:64:41:19:15:c1:ae:cb:14:b2:fe:
                    22:59:28:48:48:30:27:24:d4:11:56:c9:21:43:14:
                    fc:0b:07:8e:f5:15:83:0e:7e:31:e1:32:9e:0d:55:
                    9e:0d:2f:ea:2f:22:73:da:18:0f:84:db:10:95:30:
                    a0:ce:f8:26:81:40:c3:00:6c:d0:84:72:0b:ac:48:
                    96:97:a8:0f:c5:cb:70:4d:c7:3f:06:ab:d0:bb:2c:
                    19:8f:7d:e5:f8:dd:34:3f:48:4b:d1:a3:c5:7f:fb:
                    ac:2a:3a:27:55:e2:16:b3:b5:0a:0a:e5:1d:17:35:
                    be:29:23:78:4a:08:74:2c:e3:98:56:d3:50:38:a6:
                    35:e8:9b:6b:4d:98:50:3d:be:4c:d6:06:6a:aa:1e:
                    c5:a4:a5:df:6e:2d:d7:66:39:f7:5c:e0:ad:fa:52:
                    fb:2c:fe:a0:a3:38:ef:df:7f:4a:88:9a:24:50:f1:
                    f6:94:e6:15:6a:76:11:d2:ee:f0:e4:20:c9:85:22:
                    65:66:b2:33:4c:3f:0f:3b:69:f1:24:16:2b:61:c9:
                    8a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:84:8F:7C:BD:C4:D4:F5:F9:4C:09:65:99:BF:7D:5D:72:5E:3F:F8
            X509v3 Authority Key Identifier:
                keyid:89:36:DF:4A:C2:F4:67:EA:66:C1:19:7A:86:29:D3:F6:4B:B5:63:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/7895f8-ac31-4798-8404-4e278dd48a3f/1/iTbfSsL0Z-pmwRl6hinT9ku1Y_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a5:94:24:ca:5a:61:9e:ec:54:86:87:8d:6f:98:75:8f:f6:3c:
         db:57:b6:27:d4:b9:58:13:e0:9e:14:7e:d3:01:c6:85:71:af:
         1f:a9:56:45:24:20:34:42:a1:12:c0:06:83:b8:af:48:7b:d7:
         61:f4:37:90:31:fd:a4:28:52:aa:46:2b:a4:55:68:9f:2e:e5:
         44:e9:b8:7b:00:3a:66:f7:45:f9:41:45:03:c0:36:5e:98:86:
         97:01:7b:c8:95:8b:38:21:b9:b0:a6:4d:6f:b6:00:9a:fc:de:
         6e:78:8f:ec:89:98:b5:8a:db:24:a7:c0:36:20:1c:e1:31:60:
         af:b8:20:20:2b:26:db:56:1e:29:63:a4:18:6e:1c:48:cf:ba:
         20:8f:dd:19:66:7c:00:f0:63:cc:1d:8a:fa:05:d9:56:64:13:
         22:a4:82:5f:be:38:a5:73:af:70:46:83:4a:07:29:be:64:2e:
         d5:f9:1c:04:77:90:f8:50:0f:9a:35:04:84:88:9a:ff:c3:45:
         6e:c6:e4:66:06:b3:ca:b4:14:8d:01:07:0b:ef:ab:78:b4:23:
         54:c8:18:90:83:05:29:4d:45:d2:b3:d8:91:71:38:65:7a:c0:
         9e:40:6e:cb:e8:58:34:ee:4c:2a:1e:9e:47:fb:54:57:15:9d:
         f2:7f:a9:71
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04ZVlMcrdkvvjPyYH6zZFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MzZkZjRhYzJmNDY3ZWE2NmMxMTk3YTg2MjlkM2Y2NGJi
NTYzZjAwHhcNMjYwMzI5MDcwMDU5WhcNMjYwMzMwMDcwMDU5WjAzMTEwLwYDVQQD
EyhjYjg0OGY3Y2JkYzRkNGY1Zjk0YzA5NjU5OWJmN2Q1ZDcyNWUzZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuzTEnPRyZQW7Y/yC+zaZ5DMG0za
jfaAlOv5/gG6gJdErg8hpaQxLUO6FagyCQtO8GRBGRXBrssUsv4iWShISDAnJNQR
VskhQxT8CweO9RWDDn4x4TKeDVWeDS/qLyJz2hgPhNsQlTCgzvgmgUDDAGzQhHIL
rEiWl6gPxctwTcc/BqvQuywZj33l+N00P0hL0aPFf/usKjonVeIWs7UKCuUdFzW+
KSN4Sgh0LOOYVtNQOKY16JtrTZhQPb5M1gZqqh7FpKXfbi3XZjn3XOCt+lL7LP6g
ozjv339KiJokUPH2lOYVanYR0u7w5CDJhSJlZrIzTD8PO2nxJBYrYcmKVQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMuEj3y9xNT1+UwJZZm/fV1yXj/4MB8GA1UdIwQY
MBaAFIk230rC9GfqZsEZeoYp0/ZLtWPwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRiZlNzTDBaLXBtd1JsNmhpblQ5a3UxWV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi83ODk1ZjgtYWMzMS00Nzk4LTg0MDQt
NGUyNzhkZDQ4YTNmLzEvaVRiZlNzTDBaLXBtd1JsNmhpblQ5a3UxWV9BLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi83ODk1ZjgtYWMzMS00Nzk4LTg0MDQtNGUyNzhkZDQ4YTNm
LzEvaVRiZlNzTDBaLXBtd1JsNmhpblQ5a3UxWV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEApZQkylph
nuxUhoeNb5h1j/Y821e2J9S5WBPgnhR+0wHGhXGvH6lWRSQgNEKhEsAGg7ivSHvX
YfQ3kDH9pChSqkYrpFVony7lROm4ewA6ZvdF+UFFA8A2XpiGlwF7yJWLOCG5sKZN
b7YAmvzebniP7ImYtYrbJKfANiAc4TFgr7ggICsm21YeKWOkGG4cSM+6II/dGWZ8
APBjzB2K+gXZVmQTIqSCX744pXOvcEaDSgcpvmQu1fkcBHeQ+FAPmjUEhIia/8NF
bsbkZgazyrQUjQEHC++reLQjVMgYkIMFKU1F0rPYkXE4ZXrAnkBuy+hYNO5MKh6e
R/tUVxWd8n+pcQ==
-----END CERTIFICATE-----