Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/806328-9042-4c13-ade0-163d03ea6499/1/oPmMXcc-P6i_3MABQ_A5VVLv78A.mft
File:                     oPmMXcc-P6i_3MABQ_A5VVLv78A.mft (raw, json)
Hash identifier:          INmnRWD+GsPkqH9GqKgJOGu5R5GeUb19lAlH+dxtHsE=
Subject key identifier:   83:67:34:FC:E2:F1:B5:29:86:09:57:A8:BA:88:D5:65:20:61:99:24
Authority key identifier: A0:F9:8C:5D:C7:3E:3F:A8:BF:DC:C0:01:43:F0:39:55:52:EF:EF:C0
Certificate issuer:       /CN=a0f98c5dc73e3fa8bfdcc00143f0395552efefc0
Certificate serial:       019D382E12324DE594EBB9E0F2352EE8E19F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oPmMXcc-P6i_3MABQ_A5VVLv78A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/806328-9042-4c13-ade0-163d03ea6499/1/oPmMXcc-P6i_3MABQ_A5VVLv78A.mft
Manifest number:          CA
Signing time:             Sun 29 Mar 2026 06:00:36 +0000
Manifest this update:     Sun 29 Mar 2026 06:00:36 +0000
Manifest next update:     Mon 30 Mar 2026 06:00:36 +0000
Files and hashes:         1: oPmMXcc-P6i_3MABQ_A5VVLv78A.crl (hash: +hxmPr7sJ8/SqhMDQx7vaPLW00fqzBRLp8GUgNVfH3w=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/806328-9042-4c13-ade0-163d03ea6499/1/oPmMXcc-P6i_3MABQ_A5VVLv78A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/806328-9042-4c13-ade0-163d03ea6499/1/oPmMXcc-P6i_3MABQ_A5VVLv78A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oPmMXcc-P6i_3MABQ_A5VVLv78A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 06:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:2e:12:32:4d:e5:94:eb:b9:e0:f2:35:2e:e8:e1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0f98c5dc73e3fa8bfdcc00143f0395552efefc0
        Validity
            Not Before: Mar 29 06:00:36 2026 GMT
            Not After : Mar 30 06:00:36 2026 GMT
        Subject: CN=836734fce2f1b529860957a8ba88d56520619924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d1:31:41:4d:3b:c9:f0:59:3f:0f:fa:74:05:
                    35:23:1a:90:3d:d0:b5:ef:b6:91:48:92:96:6f:37:
                    8b:6f:30:26:38:66:62:d4:a0:e3:19:cf:4b:7a:ad:
                    34:c2:e9:5c:be:e9:a3:9e:be:d2:f4:98:75:d2:eb:
                    d0:9e:1f:38:b7:f6:16:99:14:68:3e:a4:d7:c3:ad:
                    9f:f2:44:1a:d4:c7:0c:2c:23:80:0f:1f:5d:82:15:
                    dd:38:d7:95:ba:36:06:c1:56:d2:11:bd:5c:f8:b0:
                    e9:75:71:c6:2f:2c:55:d4:f9:9b:8d:ba:9a:9f:58:
                    f0:a4:36:6f:00:9d:c0:ec:37:a0:c4:3d:ed:d0:20:
                    da:a7:5a:28:0c:d4:1b:46:11:b1:0e:7d:86:78:79:
                    df:70:11:eb:d5:54:22:10:7d:40:cb:5b:b8:ec:0e:
                    c4:41:08:1e:b2:3f:d2:a9:c3:68:89:f6:f6:b1:49:
                    77:e7:6a:1c:45:cc:4f:55:32:98:f3:ee:0b:9e:fc:
                    c3:e1:fb:dc:a2:9d:6a:b2:77:f0:92:f4:e5:d4:b8:
                    e0:ad:bf:da:46:f4:16:9f:41:db:54:ff:80:16:bf:
                    9d:2d:3c:bf:28:5f:20:7e:46:79:63:a4:a2:14:bd:
                    d5:be:c7:bc:ca:ae:66:53:17:bc:0b:49:55:7a:80:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:67:34:FC:E2:F1:B5:29:86:09:57:A8:BA:88:D5:65:20:61:99:24
            X509v3 Authority Key Identifier:
                keyid:A0:F9:8C:5D:C7:3E:3F:A8:BF:DC:C0:01:43:F0:39:55:52:EF:EF:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oPmMXcc-P6i_3MABQ_A5VVLv78A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/806328-9042-4c13-ade0-163d03ea6499/1/oPmMXcc-P6i_3MABQ_A5VVLv78A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/806328-9042-4c13-ade0-163d03ea6499/1/oPmMXcc-P6i_3MABQ_A5VVLv78A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         95:c1:00:4a:03:69:ee:e8:6b:e9:78:9c:11:53:07:41:36:7f:
         3d:33:8c:dd:fb:11:23:ed:09:e6:82:81:e8:bf:f2:85:a4:c5:
         8e:61:1d:a6:6f:43:e4:c0:2e:8b:9b:95:c7:e5:6b:5d:b4:6d:
         47:28:c0:98:59:4f:bb:aa:e0:ba:17:03:29:03:4f:94:95:9a:
         b0:4a:e5:40:c7:4f:23:90:35:a0:2c:6c:d7:08:f0:4f:c1:fc:
         0e:8c:bf:8e:98:14:dc:69:57:78:02:88:e5:b3:82:83:d6:2a:
         08:e8:6a:f8:d4:cb:2f:3f:b1:81:70:2a:81:3d:9c:be:8c:01:
         8b:c2:0c:bd:43:e1:ff:32:8f:1a:2e:b8:08:8e:41:a9:23:2d:
         41:91:45:28:ab:8a:f9:ea:a5:39:c1:9a:ac:c7:52:51:e2:fb:
         dd:78:d7:0d:a8:5a:b7:0c:91:ef:68:03:09:a6:6d:b3:5b:bf:
         47:e9:7a:ce:6d:01:af:6a:c0:84:95:a1:1d:31:c7:89:70:a0:
         dd:89:e4:2a:eb:69:6c:24:00:fa:93:9d:62:d6:d9:c2:83:3b:
         2e:5e:08:e5:d4:94:3b:70:84:72:38:1f:d6:c1:f2:31:45:46:
         2f:b5:c9:3d:e0:88:c4:5a:15:ab:c9:ae:ad:41:8b:99:46:9e:
         d0:f3:f9:73
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ04LhIyTeWU67ng8jUu6OGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZjk4YzVkYzczZTNmYThiZmRjYzAwMTQzZjAzOTU1NTJl
ZmVmYzAwHhcNMjYwMzI5MDYwMDM2WhcNMjYwMzMwMDYwMDM2WjAzMTEwLwYDVQQD
Eyg4MzY3MzRmY2UyZjFiNTI5ODYwOTU3YThiYTg4ZDU2NTIwNjE5OTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NExQU07yfBZPw/6dAU1IxqQPdC1
77aRSJKWbzeLbzAmOGZi1KDjGc9Leq00wulcvumjnr7S9Jh10uvQnh84t/YWmRRo
PqTXw62f8kQa1McMLCOADx9dghXdONeVujYGwVbSEb1c+LDpdXHGLyxV1Pmbjbqa
n1jwpDZvAJ3A7DegxD3t0CDap1ooDNQbRhGxDn2GeHnfcBHr1VQiEH1Ay1u47A7E
QQgesj/SqcNoifb2sUl352ocRcxPVTKY8+4LnvzD4fvcop1qsnfwkvTl1Ljgrb/a
RvQWn0HbVP+AFr+dLTy/KF8gfkZ5Y6SiFL3Vvse8yq5mUxe8C0lVeoD5WQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFINnNPzi8bUphglXqLqI1WUgYZkkMB8GA1UdIwQY
MBaAFKD5jF3HPj+ov9zAAUPwOVVS7+/AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1BtTVhjYy1QNmlfM01BQlFfQTVWVkx2NzhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MDYzMjgtOTA0Mi00YzEzLWFkZTAt
MTYzZDAzZWE2NDk5LzEvb1BtTVhjYy1QNmlfM01BQlFfQTVWVkx2NzhBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MDYzMjgtOTA0Mi00YzEzLWFkZTAtMTYzZDAzZWE2NDk5
LzEvb1BtTVhjYy1QNmlfM01BQlFfQTVWVkx2NzhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlcEASgNp
7uhr6XicEVMHQTZ/PTOM3fsRI+0J5oKB6L/yhaTFjmEdpm9D5MAui5uVx+VrXbRt
RyjAmFlPu6rguhcDKQNPlJWasErlQMdPI5A1oCxs1wjwT8H8Doy/jpgU3GlXeAKI
5bOCg9YqCOhq+NTLLz+xgXAqgT2cvowBi8IMvUPh/zKPGi64CI5BqSMtQZFFKKuK
+eqlOcGarMdSUeL73XjXDahatwyR72gDCaZts1u/R+l6zm0Br2rAhJWhHTHHiXCg
3YnkKutpbCQA+pOdYtbZwoM7Ll4I5dSUO3CEcjgf1sHyMUVGL7XJPeCIxFoVq8mu
rUGLmUae0PP5cw==
-----END CERTIFICATE-----