Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/d60291-d840-4901-a85d-c685fa916b07/1/xndznw-VRrTwJXcsXCsXl4WSOFI.mft
File:                     xndznw-VRrTwJXcsXCsXl4WSOFI.mft (raw, json)
Hash identifier:          2nd0G6DAYAZXgMBDryeHsHSfVl7/RN6dKuOPcxXmflU=
Subject key identifier:   3C:60:C6:66:C4:5D:0A:87:A6:EA:5C:64:B7:92:6A:2E:16:24:6E:2F
Authority key identifier: C6:77:73:9F:0F:95:46:B4:F0:25:77:2C:5C:2B:17:97:85:92:38:52
Certificate issuer:       /CN=c677739f0f9546b4f025772c5c2b179785923852
Certificate serial:       019D39099739A17D3131F608DB466E5B0958
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xndznw-VRrTwJXcsXCsXl4WSOFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/d60291-d840-4901-a85d-c685fa916b07/1/xndznw-VRrTwJXcsXCsXl4WSOFI.mft
Manifest number:          16A1
Signing time:             Sun 29 Mar 2026 10:00:22 +0000
Manifest this update:     Sun 29 Mar 2026 10:00:22 +0000
Manifest next update:     Mon 30 Mar 2026 10:00:22 +0000
Files and hashes:         1: xndznw-VRrTwJXcsXCsXl4WSOFI.crl (hash: 0UrXpk1gbZhd/BgCSg628WTnu97kGc4tsAMb+T1TXmM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/d60291-d840-4901-a85d-c685fa916b07/1/xndznw-VRrTwJXcsXCsXl4WSOFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/d60291-d840-4901-a85d-c685fa916b07/1/xndznw-VRrTwJXcsXCsXl4WSOFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xndznw-VRrTwJXcsXCsXl4WSOFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 10:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:09:97:39:a1:7d:31:31:f6:08:db:46:6e:5b:09:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c677739f0f9546b4f025772c5c2b179785923852
        Validity
            Not Before: Mar 29 10:00:22 2026 GMT
            Not After : Mar 30 10:00:22 2026 GMT
        Subject: CN=3c60c666c45d0a87a6ea5c64b7926a2e16246e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:83:53:0d:4e:65:da:b2:f8:c7:a3:9c:6c:c3:
                    2b:7f:5b:8d:17:56:3d:dd:fc:e8:f2:58:26:4b:32:
                    76:49:32:a3:2c:d5:e3:5c:50:fc:b1:2d:80:1b:ec:
                    30:12:78:e1:22:e5:89:e8:fc:0e:25:48:af:8b:bf:
                    14:2a:43:44:a3:12:e7:d3:62:55:2c:47:df:ac:58:
                    a8:d9:c0:10:23:e9:04:90:ab:6d:15:e6:f3:8c:58:
                    8d:cc:f9:2c:50:bd:7c:f7:ee:c8:bb:5d:3c:e1:ab:
                    53:fa:18:af:f5:61:34:26:c1:35:44:ec:1a:fa:64:
                    a7:cb:80:fa:fe:f4:5d:27:e6:7f:66:15:07:5c:9f:
                    e9:bb:15:09:a3:7b:aa:0c:8d:2e:2d:83:7e:a6:91:
                    67:ac:65:55:b5:17:73:fb:82:68:6c:fe:cc:02:14:
                    43:9a:fa:83:91:af:04:66:98:8e:d4:52:c0:0c:6a:
                    81:98:0c:14:d0:32:c3:e2:c7:62:3a:cf:24:6e:d1:
                    67:d1:1a:e5:16:e2:ca:f1:35:cb:98:54:cf:6a:09:
                    b3:9a:17:c4:7d:41:4e:c1:4b:47:b3:17:c9:42:ee:
                    c3:44:eb:8f:da:1e:84:97:fc:a0:61:dc:78:1b:7b:
                    62:c7:ae:56:4f:87:2e:1e:97:c5:4c:13:bd:6e:b7:
                    ef:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:60:C6:66:C4:5D:0A:87:A6:EA:5C:64:B7:92:6A:2E:16:24:6E:2F
            X509v3 Authority Key Identifier:
                keyid:C6:77:73:9F:0F:95:46:B4:F0:25:77:2C:5C:2B:17:97:85:92:38:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xndznw-VRrTwJXcsXCsXl4WSOFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d60291-d840-4901-a85d-c685fa916b07/1/xndznw-VRrTwJXcsXCsXl4WSOFI.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d60291-d840-4901-a85d-c685fa916b07/1/xndznw-VRrTwJXcsXCsXl4WSOFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         7e:c6:a6:f1:13:dd:cd:26:91:65:90:24:38:37:d6:2b:ed:63:
         ac:3e:72:96:11:9a:68:6d:9f:2a:b6:e3:62:b4:f5:15:69:01:
         cd:29:bc:f9:c9:b3:89:2c:26:15:35:e6:ab:85:41:92:0c:64:
         63:33:1c:ca:e7:6e:0c:f8:08:82:b7:d0:e5:65:1f:d1:6d:0b:
         4f:2c:dd:01:1d:65:82:cd:91:19:f5:1e:54:44:05:3f:54:73:
         ab:7c:56:ec:bb:78:42:f1:03:68:3c:79:95:73:fd:ae:0b:4c:
         6a:bb:4f:35:25:88:d3:8a:bb:a2:bd:5b:54:e8:f2:06:35:33:
         fb:25:69:13:c7:ca:55:65:b4:eb:3d:de:65:07:c9:17:bb:67:
         a0:e5:d2:3b:78:fb:59:be:db:21:07:e4:f4:3f:9b:07:86:7f:
         7d:af:2d:b3:03:e4:37:f0:1e:39:c0:fa:59:c8:f1:76:08:7d:
         ba:f5:71:6c:36:de:aa:21:0b:1b:af:63:64:39:85:39:84:a0:
         21:47:e5:7c:f3:ff:0d:e1:90:1a:84:fa:26:1f:1b:26:bf:05:
         a5:01:a8:11:c6:43:b7:f6:06:87:10:e0:ff:92:c4:db:14:b3:
         0e:33:fc:8d:ac:f4:51:3f:00:58:9a:62:59:1c:b1:a8:d0:df:
         c6:8c:46:9b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05CZc5oX0xMfYI20ZuWwlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Nzc3MzlmMGY5NTQ2YjRmMDI1NzcyYzVjMmIxNzk3ODU5
MjM4NTIwHhcNMjYwMzI5MTAwMDIyWhcNMjYwMzMwMTAwMDIyWjAzMTEwLwYDVQQD
EygzYzYwYzY2NmM0NWQwYTg3YTZlYTVjNjRiNzkyNmEyZTE2MjQ2ZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloNTDU5l2rL4x6OcbMMrf1uNF1Y9
3fzo8lgmSzJ2STKjLNXjXFD8sS2AG+wwEnjhIuWJ6PwOJUivi78UKkNEoxLn02JV
LEffrFio2cAQI+kEkKttFebzjFiNzPksUL189+7Iu1084atT+hiv9WE0JsE1ROwa
+mSny4D6/vRdJ+Z/ZhUHXJ/puxUJo3uqDI0uLYN+ppFnrGVVtRdz+4JobP7MAhRD
mvqDka8EZpiO1FLADGqBmAwU0DLD4sdiOs8kbtFn0RrlFuLK8TXLmFTPagmzmhfE
fUFOwUtHsxfJQu7DROuP2h6El/ygYdx4G3tix65WT4cuHpfFTBO9brfvXQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDxgxmbEXQqHpupcZLeSai4WJG4vMB8GA1UdIwQY
MBaAFMZ3c58PlUa08CV3LFwrF5eFkjhSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG5kem53LVZSclR3Slhjc1hDc1hsNFdTT0ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9kNjAyOTEtZDg0MC00OTAxLWE4NWQt
YzY4NWZhOTE2YjA3LzEveG5kem53LVZSclR3Slhjc1hDc1hsNFdTT0ZJLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9kNjAyOTEtZDg0MC00OTAxLWE4NWQtYzY4NWZhOTE2YjA3
LzEveG5kem53LVZSclR3Slhjc1hDc1hsNFdTT0ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAfsam8RPd
zSaRZZAkODfWK+1jrD5ylhGaaG2fKrbjYrT1FWkBzSm8+cmziSwmFTXmq4VBkgxk
YzMcyuduDPgIgrfQ5WUf0W0LTyzdAR1lgs2RGfUeVEQFP1Rzq3xW7Lt4QvEDaDx5
lXP9rgtMartPNSWI04q7or1bVOjyBjUz+yVpE8fKVWW06z3eZQfJF7tnoOXSO3j7
Wb7bIQfk9D+bB4Z/fa8tswPkN/AeOcD6Wcjxdgh9uvVxbDbeqiELG69jZDmFOYSg
IUflfPP/DeGQGoT6Jh8bJr8FpQGoEcZDt/YGhxDg/5LE2xSzDjP8jaz0UT8AWJpi
WRyxqNDfxoxGmw==
-----END CERTIFICATE-----