Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
File:                     hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft (raw, json)
Hash identifier:          s8MCGymRzw1QfxRbBZUAbx6phfUffItXAYXoytmUIEA=
Subject key identifier:   58:FF:07:21:9A:9F:0C:77:22:5C:DF:76:FB:2A:FD:67:DB:3F:3D:99
Authority key identifier: 85:FB:BE:85:49:4A:0A:F0:CC:1E:82:12:FB:84:10:E4:F6:70:B2:66
Certificate issuer:       /CN=85fbbe85494a0af0cc1e8212fb8410e4f670b266
Certificate serial:       019D386569F35786124A46A125C348318247
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
Manifest number:          1289
Signing time:             Sun 29 Mar 2026 07:01:03 +0000
Manifest this update:     Sun 29 Mar 2026 07:01:03 +0000
Manifest next update:     Mon 30 Mar 2026 07:01:03 +0000
Files and hashes:         1: hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl (hash: R+j8gwmG3SJA5qKFC7AbIu6Y1uUa+PLJpB7zs77IGLg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:65:69:f3:57:86:12:4a:46:a1:25:c3:48:31:82:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85fbbe85494a0af0cc1e8212fb8410e4f670b266
        Validity
            Not Before: Mar 29 07:01:03 2026 GMT
            Not After : Mar 30 07:01:03 2026 GMT
        Subject: CN=58ff07219a9f0c77225cdf76fb2afd67db3f3d99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b9:01:9f:cb:b0:37:1c:be:22:cf:66:4e:0b:
                    13:f5:4c:e5:57:9c:91:20:ed:4d:98:bd:28:4c:30:
                    38:c0:94:55:2e:bf:37:71:9d:06:e7:31:4e:79:5b:
                    f0:86:9c:e5:e4:62:c6:62:dd:15:c0:b7:ba:6b:2f:
                    44:9d:08:5c:62:56:85:81:1a:e9:45:e8:1e:5b:db:
                    8a:b6:46:60:e2:d5:9b:28:d2:13:24:8b:21:0d:39:
                    12:3a:95:07:cb:36:cc:85:7f:10:fd:5f:6d:53:70:
                    b4:be:df:12:f5:08:ef:e8:6a:2e:af:62:2a:16:fb:
                    47:0e:ed:89:a2:cc:a9:44:79:fd:cc:e0:9a:46:92:
                    12:1b:23:b8:00:9c:d5:b9:04:24:63:d1:8b:60:4b:
                    ae:a2:ec:09:c9:ea:3c:bb:cf:c0:86:16:71:ed:c1:
                    27:ac:47:11:ad:6f:c7:7a:59:d4:61:de:f8:21:40:
                    92:85:50:c3:9a:5f:3f:f0:92:65:16:ea:d5:5b:1f:
                    7b:57:53:a7:6e:55:b9:90:bc:cc:fc:88:4e:2b:c2:
                    47:7b:12:10:d2:3c:c2:7a:f0:a7:f0:1c:81:31:43:
                    e3:f2:6e:4f:5d:3b:0f:cc:db:b5:e7:68:d0:d3:60:
                    7d:f2:57:a7:90:72:8f:c8:4f:3f:ea:56:17:d3:2b:
                    40:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FF:07:21:9A:9F:0C:77:22:5C:DF:76:FB:2A:FD:67:DB:3F:3D:99
            X509v3 Authority Key Identifier:
                keyid:85:FB:BE:85:49:4A:0A:F0:CC:1E:82:12:FB:84:10:E4:F6:70:B2:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         01:3d:46:52:c1:11:86:67:ea:5f:ee:53:25:ef:0e:3f:1d:24:
         3c:91:e9:c5:ab:4a:ca:1d:cb:60:8d:9f:aa:a7:77:7a:7e:aa:
         1b:04:23:73:bf:95:f2:1a:82:8d:34:46:a8:02:65:0c:01:6e:
         31:61:55:37:f1:9f:3b:3a:cf:59:40:ae:98:52:1e:cd:fd:cf:
         8c:25:3a:ca:88:03:b6:55:27:7a:e6:89:5e:dc:6a:1b:d1:a8:
         e6:58:de:b9:ea:b9:83:1e:4b:5b:32:eb:9f:36:63:f7:b4:af:
         ff:52:2c:81:14:ed:7a:39:d7:78:07:ad:e5:96:14:40:d5:ee:
         e1:28:18:a1:81:8d:15:91:0e:28:8e:f7:a8:99:16:76:88:11:
         d9:d0:ef:32:2e:2a:27:ff:f5:59:ce:44:75:84:53:48:8c:88:
         d7:9a:26:72:89:5e:bd:4d:9f:03:56:53:68:b5:f9:21:a2:23:
         32:b1:28:01:b4:1c:ea:c9:77:ad:56:fe:ce:3f:be:06:43:ed:
         d9:16:c7:01:ac:8a:e7:c3:34:1f:89:0e:82:b2:ba:87:eb:15:
         2a:7c:53:ee:cc:c4:55:a7:33:78:92:b1:e0:48:9b:1a:13:58:
         bd:54:55:2b:8c:cf:0f:44:b6:4d:e5:00:96:10:05:65:48:02:
         82:22:6b:a3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04ZWnzV4YSSkahJcNIMYJHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZmJiZTg1NDk0YTBhZjBjYzFlODIxMmZiODQxMGU0ZjY3
MGIyNjYwHhcNMjYwMzI5MDcwMTAzWhcNMjYwMzMwMDcwMTAzWjAzMTEwLwYDVQQD
Eyg1OGZmMDcyMTlhOWYwYzc3MjI1Y2RmNzZmYjJhZmQ2N2RiM2YzZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLkBn8uwNxy+Is9mTgsT9UzlV5yR
IO1NmL0oTDA4wJRVLr83cZ0G5zFOeVvwhpzl5GLGYt0VwLe6ay9EnQhcYlaFgRrp
RegeW9uKtkZg4tWbKNITJIshDTkSOpUHyzbMhX8Q/V9tU3C0vt8S9Qjv6Gour2Iq
FvtHDu2JosypRHn9zOCaRpISGyO4AJzVuQQkY9GLYEuuouwJyeo8u8/AhhZx7cEn
rEcRrW/HelnUYd74IUCShVDDml8/8JJlFurVWx97V1OnblW5kLzM/IhOK8JHexIQ
0jzCevCn8ByBMUPj8m5PXTsPzNu152jQ02B98lenkHKPyE8/6lYX0ytAQQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFj/ByGanwx3Ilzfdvsq/WfbPz2ZMB8GA1UdIwQY
MBaAFIX7voVJSgrwzB6CEvuEEOT2cLJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iMTJhMzUtMDVjMS00MGI5LWI2NTEt
MjM2ODgzYjJjZjk3LzEvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iMTJhMzUtMDVjMS00MGI5LWI2NTEtMjM2ODgzYjJjZjk3
LzEvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAAT1GUsER
hmfqX+5TJe8OPx0kPJHpxatKyh3LYI2fqqd3en6qGwQjc7+V8hqCjTRGqAJlDAFu
MWFVN/GfOzrPWUCumFIezf3PjCU6yogDtlUneuaJXtxqG9Go5ljeueq5gx5LWzLr
nzZj97Sv/1IsgRTtejnXeAet5ZYUQNXu4SgYoYGNFZEOKI73qJkWdogR2dDvMi4q
J//1Wc5EdYRTSIyI15omcolevU2fA1ZTaLX5IaIjMrEoAbQc6sl3rVb+zj++BkPt
2RbHAayK58M0H4kOgrK6h+sVKnxT7szEVaczeJKx4EibGhNYvVRVK4zPD0S2TeUA
lhAFZUgCgiJrow==
-----END CERTIFICATE-----