Manifest
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.mft
File: zo2SrOCAEcTQrsjyKGVxW9kaASI.mft (raw, json)
Hash identifier: X0+ROJ7a7skpkn1/niYNQCxX4I3JVk3b/S+jN0DnFw0=
Subject key identifier: 14:87:D2:3E:76:34:80:B4:5F:CC:E6:96:74:5B:B7:29:A1:95:41:5D
Authority key identifier: CE:8D:92:AC:E0:80:11:C4:D0:AE:C8:F2:28:65:71:5B:D9:1A:01:22
Certificate issuer: /CN=ce8d92ace08011c4d0aec8f22865715bd91a0122
Certificate serial: 019A72CAB7145625410AB5B15A4B83133FB1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zo2SrOCAEcTQrsjyKGVxW9kaASI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.mft
Manifest number: 1720
Signing time: Tue 11 Nov 2025 12:01:19 +0000
Manifest this update: Tue 11 Nov 2025 12:01:19 +0000
Manifest next update: Wed 12 Nov 2025 12:01:19 +0000
Files and hashes: 1: c9T1Kx5A7nWBX74YKnmxrK2YxWk.roa (hash: z4gK4/Y9ltoru7dKh2/m8n1YWOzp0cICAUx0PffNJmo=)
2: zo2SrOCAEcTQrsjyKGVxW9kaASI.crl (hash: TVqqiP5FPd+IOEuuXpDZueF4xlwg2/EIZycoV0wtvY8=)
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.crl
rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.mft
rsync://rpki.ripe.net/repository/DEFAULT/zo2SrOCAEcTQrsjyKGVxW9kaASI.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:72:ca:b7:14:56:25:41:0a:b5:b1:5a:4b:83:13:3f:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ce8d92ace08011c4d0aec8f22865715bd91a0122
Validity
Not Before: Nov 11 12:01:19 2025 GMT
Not After : Nov 12 12:01:19 2025 GMT
Subject: CN=1487d23e763480b45fcce696745bb729a195415d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:0d:34:15:d5:6c:3b:0f:e7:e3:cf:f6:59:30:
50:8d:87:98:81:8f:2a:4c:ac:81:a4:d6:a8:23:ea:
d1:ac:b3:bd:61:73:f3:d8:3f:60:2e:bb:34:47:f4:
16:3f:82:b6:82:e9:6c:49:62:d2:ae:97:da:68:0d:
63:26:68:03:df:07:f4:f1:67:21:bb:3b:f0:3a:f0:
55:82:77:99:4e:82:72:61:c8:2c:b0:7f:25:3b:60:
72:23:a3:8a:c7:8d:3c:0d:ec:d6:ac:6c:12:52:32:
dd:30:88:80:a4:12:0c:b1:bd:cb:8b:7f:38:02:8e:
8f:63:31:f3:76:38:29:a2:5a:e6:f6:02:6f:17:4b:
4a:74:21:d8:b2:5a:d4:c9:7f:57:69:74:fc:a0:c9:
92:9a:c4:bc:5f:72:5e:fe:52:ba:ba:9b:5f:54:b6:
34:37:57:1e:35:0e:5d:00:fe:85:84:b4:31:34:b6:
cf:8d:f4:ba:96:11:88:4c:00:cd:b5:52:e7:40:27:
88:00:1f:83:74:80:e8:03:fe:a0:71:ee:51:ea:be:
c1:14:33:ce:48:b3:b8:42:14:13:b0:1d:54:b3:df:
ef:11:d3:e9:68:1c:ca:c5:7d:8a:ec:9a:ac:35:09:
1c:ee:6d:d9:ce:e8:a7:e0:5c:9b:20:4d:da:43:cf:
57:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:87:D2:3E:76:34:80:B4:5F:CC:E6:96:74:5B:B7:29:A1:95:41:5D
X509v3 Authority Key Identifier:
keyid:CE:8D:92:AC:E0:80:11:C4:D0:AE:C8:F2:28:65:71:5B:D9:1A:01:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zo2SrOCAEcTQrsjyKGVxW9kaASI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.mft
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4: inherit
IPv6: inherit
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
inherit
Signature Algorithm: sha256WithRSAEncryption
93:b8:64:78:b0:cd:a7:8e:51:21:83:29:4c:18:74:e4:98:bb:
cb:44:d8:52:eb:f5:1a:5a:3d:b9:8b:cb:89:66:b2:b2:36:13:
36:fa:19:c1:ce:b3:08:18:2a:ca:af:b0:1e:c4:8b:31:d9:12:
8b:d6:7d:eb:58:90:3a:aa:3d:1a:bb:d5:bb:a2:89:e2:14:19:
8e:1e:fc:c4:f4:ba:17:49:19:ad:7b:8e:f7:c4:d7:03:87:54:
76:5a:f0:10:15:40:3d:61:8c:90:d7:0b:a8:63:25:0a:29:97:
0d:fb:81:6a:c4:99:45:44:43:36:83:f7:dd:83:f1:fe:b9:5e:
01:f2:13:be:3a:d0:4f:dd:f3:e5:f4:a5:7c:ed:84:7c:6c:8d:
c4:9a:ed:b3:59:ad:09:e6:62:f9:67:74:0a:c7:98:3c:2b:ea:
b2:f2:74:ef:b9:01:48:02:7f:60:18:f9:34:da:8b:8c:73:39:
96:aa:e6:cb:03:2d:61:b1:be:8a:ce:50:27:0f:fc:ec:7a:ef:
4d:11:f1:66:d6:a7:63:7c:60:7d:06:3b:08:fa:57:e4:1a:58:
86:e8:74:ca:50:72:f7:3b:27:7f:17:fd:15:42:ec:c8:53:9d:
5c:64:8b:79:9a:10:ef:f2:bc:e7:d1:07:9d:23:2f:6f:24:35:
a8:76:9c:9f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyyrcUViVBCrWxWkuDEz+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOGQ5MmFjZTA4MDExYzRkMGFlYzhmMjI4NjU3MTViZDkx
YTAxMjIwHhcNMjUxMTExMTIwMTE5WhcNMjUxMTEyMTIwMTE5WjAzMTEwLwYDVQQD
EygxNDg3ZDIzZTc2MzQ4MGI0NWZjY2U2OTY3NDViYjcyOWExOTU0MTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw00FdVsOw/n48/2WTBQjYeYgY8q
TKyBpNaoI+rRrLO9YXPz2D9gLrs0R/QWP4K2gulsSWLSrpfaaA1jJmgD3wf08Wch
uzvwOvBVgneZToJyYcgssH8lO2ByI6OKx408DezWrGwSUjLdMIiApBIMsb3Li384
Ao6PYzHzdjgpolrm9gJvF0tKdCHYslrUyX9XaXT8oMmSmsS8X3Je/lK6uptfVLY0
N1ceNQ5dAP6FhLQxNLbPjfS6lhGITADNtVLnQCeIAB+DdIDoA/6gce5R6r7BFDPO
SLO4QhQTsB1Us9/vEdPpaBzKxX2K7JqsNQkc7m3Zzuin4FybIE3aQ89XvQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBSH0j52NIC0X8zmlnRbtymhlUFdMB8GA1UdIwQY
MBaAFM6NkqzggBHE0K7I8ihlcVvZGgEiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem8yU3JPQ0FFY1RRcnNqeUtHVnhXOWthQVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8xNDNkMGItNzc1NS00MjUwLThhOGMt
NTQ1NDQ5ZTQ5ZjczLzEvem8yU3JPQ0FFY1RRcnNqeUtHVnhXOWthQVNJLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8xNDNkMGItNzc1NS00MjUwLThhOGMtNTQ1NDQ5ZTQ5Zjcz
LzEvem8yU3JPQ0FFY1RRcnNqeUtHVnhXOWthQVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAk7hkeLDN
p45RIYMpTBh05Ji7y0TYUuv1Glo9uYvLiWaysjYTNvoZwc6zCBgqyq+wHsSLMdkS
i9Z961iQOqo9GrvVu6KJ4hQZjh78xPS6F0kZrXuO98TXA4dUdlrwEBVAPWGMkNcL
qGMlCimXDfuBasSZRURDNoP33YPx/rleAfITvjrQT93z5fSlfO2EfGyNxJrts1mt
CeZi+Wd0CseYPCvqsvJ077kBSAJ/YBj5NNqLjHM5lqrmywMtYbG+is5QJw/87Hrv
TRHxZtanY3xgfQY7CPpX5BpYhuh0ylBy9zsnfxf9FULsyFOdXGSLeZoQ7/K859EH
nSMvbyQ1qHacnw==
-----END CERTIFICATE-----
Generated at Tue Nov 11 16:53:05 2025 by rpki-client