Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
File:                     ONY8X84e8J5L8s_JS7JQn9X_UJw.mft (raw, json)
Hash identifier:          9qN4vixJ07Lbs66nm7pjYfnfbWLzAXWizgnKLUmX4rU=
Subject key identifier:   F3:D6:CF:FA:15:C2:AA:93:DC:1A:64:D7:D5:7C:58:4F:8C:9C:73:12
Authority key identifier: 38:D6:3C:5F:CE:1E:F0:9E:4B:F2:CF:C9:4B:B2:50:9F:D5:FF:50:9C
Certificate issuer:       /CN=38d63c5fce1ef09e4bf2cfc94bb2509fd5ff509c
Certificate serial:       019D3789C7BAE30FE2ADEBDB90B9EFE0AE92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
Manifest number:          06C1
Signing time:             Sun 29 Mar 2026 03:01:09 +0000
Manifest this update:     Sun 29 Mar 2026 03:01:09 +0000
Manifest next update:     Mon 30 Mar 2026 03:01:09 +0000
Files and hashes:         1: ONY8X84e8J5L8s_JS7JQn9X_UJw.crl (hash: Q14Rydnu7nyQAvP0Hy8Y+a+MUXHabLVssKDad3iHZFs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:37:89:c7:ba:e3:0f:e2:ad:eb:db:90:b9:ef:e0:ae:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38d63c5fce1ef09e4bf2cfc94bb2509fd5ff509c
        Validity
            Not Before: Mar 29 03:01:09 2026 GMT
            Not After : Mar 30 03:01:09 2026 GMT
        Subject: CN=f3d6cffa15c2aa93dc1a64d7d57c584f8c9c7312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:42:8e:aa:19:80:21:94:a4:fe:f5:cf:21:db:
                    c0:b5:ae:64:0e:4c:7c:0d:f7:ca:7f:a8:0a:b0:e4:
                    ed:e9:ae:bd:13:2d:56:5c:9c:66:60:e3:cb:30:1c:
                    3a:57:0c:fb:66:69:e5:f0:32:40:26:33:eb:42:1b:
                    09:97:a1:f3:67:17:a1:e4:8e:75:02:ae:5e:6f:65:
                    d1:8c:43:9f:c9:a3:11:e6:74:45:03:60:6f:a3:fd:
                    50:ad:67:89:59:fb:7a:08:82:b6:2e:33:8f:e6:2f:
                    a2:b5:63:3c:56:9c:d8:28:98:fe:41:84:9f:4d:28:
                    c1:03:2c:47:08:66:dc:79:f7:f5:9f:1e:47:1f:03:
                    d5:20:d6:f3:19:2c:f4:ff:bc:8d:8d:58:25:45:33:
                    d5:18:db:bc:4d:3e:7a:83:e2:09:4c:5e:09:4a:5f:
                    7f:72:c3:d8:84:b7:05:a9:8d:ce:6f:12:b9:03:34:
                    12:e1:4d:2a:6a:3c:0c:6a:c9:b4:c6:f1:cf:3c:4a:
                    10:94:6e:0b:60:05:1d:e7:e4:f5:91:93:02:76:76:
                    3e:70:7d:45:51:2e:42:24:89:9c:9a:d9:d8:35:24:
                    d2:db:a1:17:64:6f:af:7f:01:59:ba:5e:89:d4:94:
                    d3:8b:ad:01:f7:5e:7d:ad:76:01:e5:d1:4c:e4:25:
                    5f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D6:CF:FA:15:C2:AA:93:DC:1A:64:D7:D5:7C:58:4F:8C:9C:73:12
            X509v3 Authority Key Identifier:
                keyid:38:D6:3C:5F:CE:1E:F0:9E:4B:F2:CF:C9:4B:B2:50:9F:D5:FF:50:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         ac:1d:09:64:ab:1b:ba:b6:fe:5f:29:80:31:64:2b:ec:d5:43:
         ed:d8:e5:6d:ea:aa:87:a7:79:a2:eb:c7:31:56:87:c0:ea:e8:
         b2:b3:ee:57:33:6f:ce:6a:e4:43:a8:a2:3a:3e:e1:42:76:b4:
         bc:28:bc:39:8e:b0:85:5d:22:7a:37:5c:68:21:45:22:a0:b5:
         28:bd:ac:ec:43:12:ee:cf:ca:bc:5f:1e:c3:b0:8c:d9:43:79:
         60:f8:16:b1:cb:b2:5f:51:87:1c:24:ee:1a:0c:cc:03:2a:d8:
         f3:b2:74:9d:0a:43:4d:47:f7:11:b1:96:d1:8d:52:ac:88:da:
         27:f6:33:0e:8f:b1:ba:f6:d5:c9:c2:e4:b5:3c:43:69:a5:0a:
         8f:8d:3d:5e:6a:d3:29:cc:fc:c6:0e:97:96:94:c5:15:3a:a0:
         70:77:cf:4f:49:80:e8:0a:67:22:c0:37:75:3e:0e:f2:26:77:
         30:75:37:4b:3f:f8:65:72:2d:c2:d0:fa:33:29:11:81:6a:0b:
         09:1e:63:b4:a6:b2:29:d2:55:39:32:03:9c:61:10:bf:f7:a1:
         c8:b0:f2:e8:21:32:af:69:9e:6f:a8:6b:7d:bb:82:87:62:ca:
         3d:ed:3e:d7:d9:c7:c4:bd:e9:63:ed:2d:05:50:e4:86:50:01:
         8a:9c:1a:8d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ03ice64w/irevbkLnv4K6SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZDYzYzVmY2UxZWYwOWU0YmYyY2ZjOTRiYjI1MDlmZDVm
ZjUwOWMwHhcNMjYwMzI5MDMwMTA5WhcNMjYwMzMwMDMwMTA5WjAzMTEwLwYDVQQD
EyhmM2Q2Y2ZmYTE1YzJhYTkzZGMxYTY0ZDdkNTdjNTg0ZjhjOWM3MzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkKOqhmAIZSk/vXPIdvAta5kDkx8
DffKf6gKsOTt6a69Ey1WXJxmYOPLMBw6Vwz7Zmnl8DJAJjPrQhsJl6HzZxeh5I51
Aq5eb2XRjEOfyaMR5nRFA2Bvo/1QrWeJWft6CIK2LjOP5i+itWM8VpzYKJj+QYSf
TSjBAyxHCGbceff1nx5HHwPVINbzGSz0/7yNjVglRTPVGNu8TT56g+IJTF4JSl9/
csPYhLcFqY3ObxK5AzQS4U0qajwMasm0xvHPPEoQlG4LYAUd5+T1kZMCdnY+cH1F
US5CJImcmtnYNSTS26EXZG+vfwFZul6J1JTTi60B9159rXYB5dFM5CVfKQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPPWz/oVwqqT3Bpk19V8WE+MnHMSMB8GA1UdIwQY
MBaAFDjWPF/OHvCeS/LPyUuyUJ/V/1CcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9lZTNkNzMtOTcyOS00ZGE0LThiYzct
NjdjNDQyZDZhODUwLzEvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9lZTNkNzMtOTcyOS00ZGE0LThiYzctNjdjNDQyZDZhODUw
LzEvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEArB0JZKsb
urb+XymAMWQr7NVD7djlbeqqh6d5ouvHMVaHwOrosrPuVzNvzmrkQ6iiOj7hQna0
vCi8OY6whV0iejdcaCFFIqC1KL2s7EMS7s/KvF8ew7CM2UN5YPgWscuyX1GHHCTu
GgzMAyrY87J0nQpDTUf3EbGW0Y1SrIjaJ/YzDo+xuvbVycLktTxDaaUKj409XmrT
Kcz8xg6XlpTFFTqgcHfPT0mA6ApnIsA3dT4O8iZ3MHU3Sz/4ZXItwtD6MykRgWoL
CR5jtKayKdJVOTIDnGEQv/ehyLDy6CEyr2meb6hrfbuCh2LKPe0+19nHxL3pY+0t
BVDkhlABipwajQ==
-----END CERTIFICATE-----