Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/404c04-a7f5-4cdf-8e97-18d33beb7c31/1/OneLgrqpeIoayvLsNothmB71HfI.mft
File:                     OneLgrqpeIoayvLsNothmB71HfI.mft (raw, json)
Hash identifier:          DAnMq5uttDvzwgooxSpJNr+PO2vCsFXayjvb22pxijY=
Subject key identifier:   A7:A3:05:D8:84:BD:EB:A8:05:03:99:F0:E4:8D:A8:43:04:C3:2A:43
Authority key identifier: 3A:77:8B:82:BA:A9:78:8A:1A:CA:F2:EC:36:8B:61:98:1E:F5:1D:F2
Certificate issuer:       /CN=3a778b82baa9788a1acaf2ec368b61981ef51df2
Certificate serial:       019D3909E36E5835DF71D7C9599CD33729D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OneLgrqpeIoayvLsNothmB71HfI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/404c04-a7f5-4cdf-8e97-18d33beb7c31/1/OneLgrqpeIoayvLsNothmB71HfI.mft
Manifest number:          1895
Signing time:             Sun 29 Mar 2026 10:00:42 +0000
Manifest this update:     Sun 29 Mar 2026 10:00:42 +0000
Manifest next update:     Mon 30 Mar 2026 10:00:42 +0000
Files and hashes:         1: OneLgrqpeIoayvLsNothmB71HfI.crl (hash: ogfl4C+YzBsZwJU8U+vOLaCasxv0Gut2iHS4iYfOClE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/404c04-a7f5-4cdf-8e97-18d33beb7c31/1/OneLgrqpeIoayvLsNothmB71HfI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/404c04-a7f5-4cdf-8e97-18d33beb7c31/1/OneLgrqpeIoayvLsNothmB71HfI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OneLgrqpeIoayvLsNothmB71HfI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:09:e3:6e:58:35:df:71:d7:c9:59:9c:d3:37:29:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a778b82baa9788a1acaf2ec368b61981ef51df2
        Validity
            Not Before: Mar 29 10:00:42 2026 GMT
            Not After : Mar 30 10:00:42 2026 GMT
        Subject: CN=a7a305d884bdeba8050399f0e48da84304c32a43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ac:f8:a8:c5:cc:03:2f:60:cd:55:e2:59:b6:
                    43:e6:14:70:d3:2b:23:a4:58:77:c2:0e:0a:b7:d9:
                    00:2f:e4:d5:8e:d7:79:88:5b:ca:41:f8:84:92:ba:
                    90:ef:b8:e4:71:5f:63:ce:70:03:b0:d9:c3:40:0a:
                    07:9b:b1:3b:7b:ac:82:7b:93:b8:6f:a3:88:17:68:
                    2c:bf:86:91:8e:6b:b0:5b:e3:03:1b:bc:66:a0:c1:
                    8b:aa:06:f3:05:c0:11:da:f6:c2:5a:75:e7:f5:04:
                    94:5e:8c:eb:84:5d:d4:5f:43:b1:ad:6b:45:3e:39:
                    24:0d:1d:ba:54:af:b6:74:f4:fe:be:ed:fb:73:e4:
                    72:d5:ae:57:a0:e9:08:6b:f6:2b:ab:1b:18:2a:3f:
                    85:f4:e5:1c:49:f4:49:7d:21:74:fe:19:d8:41:bc:
                    47:aa:33:70:0e:3f:8a:52:06:04:ac:c9:19:42:b7:
                    aa:03:96:46:2c:2a:d5:34:94:b0:de:e1:c1:e8:3f:
                    c2:a3:d2:54:59:20:f3:2a:db:f1:b2:6b:d6:0f:ba:
                    49:cd:e0:07:f8:96:78:c7:54:65:0e:24:6a:e5:10:
                    ef:f7:e8:12:7f:5c:d2:e2:5d:90:fe:b9:ee:ad:cd:
                    0c:bf:43:9c:83:01:ca:6c:df:06:e0:11:6f:1a:e7:
                    bb:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A3:05:D8:84:BD:EB:A8:05:03:99:F0:E4:8D:A8:43:04:C3:2A:43
            X509v3 Authority Key Identifier:
                keyid:3A:77:8B:82:BA:A9:78:8A:1A:CA:F2:EC:36:8B:61:98:1E:F5:1D:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OneLgrqpeIoayvLsNothmB71HfI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/404c04-a7f5-4cdf-8e97-18d33beb7c31/1/OneLgrqpeIoayvLsNothmB71HfI.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/404c04-a7f5-4cdf-8e97-18d33beb7c31/1/OneLgrqpeIoayvLsNothmB71HfI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6c:d7:cb:a3:a1:18:2c:bd:86:1b:09:29:c6:69:e0:5f:12:15:
         59:67:67:d6:04:c5:2a:23:68:6d:a6:63:49:d6:cc:fb:07:67:
         f9:d8:59:56:d2:c1:97:7f:93:c7:d3:9f:84:eb:78:0e:7f:60:
         c4:c1:6f:c8:ca:2f:4a:5f:c2:c4:24:0a:b8:55:e1:00:fa:f5:
         8f:35:a6:72:70:71:a8:10:5b:17:31:46:88:d0:7a:d9:53:f7:
         ba:30:0c:7d:fa:aa:d2:00:92:30:83:13:61:90:60:c2:53:65:
         03:01:87:91:79:a7:97:67:b4:58:ac:b2:2f:de:7e:e4:21:ec:
         d0:c1:17:cd:7e:b3:ce:da:91:2e:b5:71:f4:ea:68:3b:ab:6a:
         bf:bc:64:79:44:dc:35:15:32:84:82:c5:2a:73:ea:69:8b:02:
         51:4e:a4:b7:17:1a:20:9d:0d:df:91:e6:b6:58:38:9f:b6:d1:
         98:cb:69:32:1e:b1:93:89:23:c3:a1:6c:c6:db:c9:f4:3f:7a:
         25:48:22:87:08:86:d4:10:d9:6f:43:b0:c7:1e:7f:03:2c:c9:
         97:81:02:0d:2a:70:79:14:b8:31:72:75:75:b3:89:dc:b6:8f:
         ec:e2:12:38:ed:2a:48:db:f9:2f:47:30:73:02:68:19:39:bd:
         05:8c:9e:99
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ05CeNuWDXfcdfJWZzTNynYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNzc4YjgyYmFhOTc4OGExYWNhZjJlYzM2OGI2MTk4MWVm
NTFkZjIwHhcNMjYwMzI5MTAwMDQyWhcNMjYwMzMwMTAwMDQyWjAzMTEwLwYDVQQD
EyhhN2EzMDVkODg0YmRlYmE4MDUwMzk5ZjBlNDhkYTg0MzA0YzMyYTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqz4qMXMAy9gzVXiWbZD5hRw0ysj
pFh3wg4Kt9kAL+TVjtd5iFvKQfiEkrqQ77jkcV9jznADsNnDQAoHm7E7e6yCe5O4
b6OIF2gsv4aRjmuwW+MDG7xmoMGLqgbzBcAR2vbCWnXn9QSUXozrhF3UX0OxrWtF
PjkkDR26VK+2dPT+vu37c+Ry1a5XoOkIa/YrqxsYKj+F9OUcSfRJfSF0/hnYQbxH
qjNwDj+KUgYErMkZQreqA5ZGLCrVNJSw3uHB6D/Co9JUWSDzKtvxsmvWD7pJzeAH
+JZ4x1RlDiRq5RDv9+gSf1zS4l2Q/rnurc0Mv0OcgwHKbN8G4BFvGue71QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKejBdiEveuoBQOZ8OSNqEMEwypDMB8GA1UdIwQY
MBaAFDp3i4K6qXiKGsry7DaLYZge9R3yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25lTGdycXBlSW9heXZMc05vdGhtQjcxSGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC80MDRjMDQtYTdmNS00Y2RmLThlOTct
MThkMzNiZWI3YzMxLzEvT25lTGdycXBlSW9heXZMc05vdGhtQjcxSGZJLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC80MDRjMDQtYTdmNS00Y2RmLThlOTctMThkMzNiZWI3YzMx
LzEvT25lTGdycXBlSW9heXZMc05vdGhtQjcxSGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAbNfLo6EY
LL2GGwkpxmngXxIVWWdn1gTFKiNobaZjSdbM+wdn+dhZVtLBl3+Tx9OfhOt4Dn9g
xMFvyMovSl/CxCQKuFXhAPr1jzWmcnBxqBBbFzFGiNB62VP3ujAMffqq0gCSMIMT
YZBgwlNlAwGHkXmnl2e0WKyyL95+5CHs0MEXzX6zztqRLrVx9OpoO6tqv7xkeUTc
NRUyhILFKnPqaYsCUU6ktxcaIJ0N35Hmtlg4n7bRmMtpMh6xk4kjw6FsxtvJ9D96
JUgihwiG1BDZb0Owxx5/AyzJl4ECDSpweRS4MXJ1dbOJ3LaP7OISOO0qSNv5L0cw
cwJoGTm9BYyemQ==
-----END CERTIFICATE-----