Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/402eea-4814-4877-8d7a-3ca2f796b596/1/YsuMEjOwFrHwSBCJc9asPnYvY-0.mft
File:                     YsuMEjOwFrHwSBCJc9asPnYvY-0.mft (raw, json)
Hash identifier:          eaV1xOEMeZXvk6SFUTMiMF3puyZySg0In1LKdLI1d24=
Subject key identifier:   DC:BF:09:FF:8A:02:F8:4D:58:B7:0A:C3:F3:68:6E:6E:5A:B1:61:CB
Authority key identifier: 62:CB:8C:12:33:B0:16:B1:F0:48:10:89:73:D6:AC:3E:76:2F:63:ED
Certificate issuer:       /CN=62cb8c1233b016b1f048108973d6ac3e762f63ed
Certificate serial:       019D38D3A22188D7FCC5C56E0E90D1DDBE45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YsuMEjOwFrHwSBCJc9asPnYvY-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/402eea-4814-4877-8d7a-3ca2f796b596/1/YsuMEjOwFrHwSBCJc9asPnYvY-0.mft
Manifest number:          1437
Signing time:             Sun 29 Mar 2026 09:01:26 +0000
Manifest this update:     Sun 29 Mar 2026 09:01:26 +0000
Manifest next update:     Mon 30 Mar 2026 09:01:26 +0000
Files and hashes:         1: YsuMEjOwFrHwSBCJc9asPnYvY-0.crl (hash: QHpRCwA6FJ+g1lt+NrfQ3hzk6SDl9XtjePx3B9gVUJ4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/402eea-4814-4877-8d7a-3ca2f796b596/1/YsuMEjOwFrHwSBCJc9asPnYvY-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/402eea-4814-4877-8d7a-3ca2f796b596/1/YsuMEjOwFrHwSBCJc9asPnYvY-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YsuMEjOwFrHwSBCJc9asPnYvY-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:38:d3:a2:21:88:d7:fc:c5:c5:6e:0e:90:d1:dd:be:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62cb8c1233b016b1f048108973d6ac3e762f63ed
        Validity
            Not Before: Mar 29 09:01:26 2026 GMT
            Not After : Mar 30 09:01:26 2026 GMT
        Subject: CN=dcbf09ff8a02f84d58b70ac3f3686e6e5ab161cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d5:92:19:29:08:31:93:2e:4c:b4:de:9d:d4:
                    0b:1e:07:4e:b1:3f:c7:80:41:65:9d:93:46:c6:04:
                    2d:49:e9:1e:fa:c9:65:f8:82:e5:7c:13:62:da:a6:
                    81:bd:b9:ef:fc:c5:56:f3:b5:91:08:34:ad:a9:4f:
                    76:cb:7d:27:43:2b:3e:6c:e3:30:17:cc:31:7d:ef:
                    e3:a1:95:d8:40:5e:c5:06:94:12:d9:e3:dd:c6:8f:
                    92:16:85:df:90:9c:3f:f1:10:08:1b:3c:8d:14:c8:
                    88:57:c9:dc:83:5a:02:c9:f3:54:f6:6e:97:c5:02:
                    bb:37:21:69:62:cf:0a:63:b7:0b:1b:6f:f2:d1:d5:
                    3d:6e:f4:02:1d:48:ab:82:7f:38:91:92:fc:d1:21:
                    cb:ba:0f:68:08:2d:6e:02:04:d9:06:4e:f0:61:9c:
                    c0:ac:9b:01:d5:64:82:b4:6b:2f:fd:b4:81:b2:42:
                    6b:1b:73:55:44:46:3e:c1:c0:28:64:e9:a1:3c:79:
                    1d:14:83:c8:d2:a0:c6:13:34:ed:96:a5:b0:e2:d8:
                    d0:f8:de:d1:23:08:77:73:65:fa:54:94:ef:66:a1:
                    e4:83:c1:a2:7d:08:ac:98:26:fb:22:ca:db:4c:61:
                    54:0c:61:2b:ab:46:62:b4:12:57:26:a8:d1:32:21:
                    c3:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BF:09:FF:8A:02:F8:4D:58:B7:0A:C3:F3:68:6E:6E:5A:B1:61:CB
            X509v3 Authority Key Identifier:
                keyid:62:CB:8C:12:33:B0:16:B1:F0:48:10:89:73:D6:AC:3E:76:2F:63:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YsuMEjOwFrHwSBCJc9asPnYvY-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/402eea-4814-4877-8d7a-3ca2f796b596/1/YsuMEjOwFrHwSBCJc9asPnYvY-0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/402eea-4814-4877-8d7a-3ca2f796b596/1/YsuMEjOwFrHwSBCJc9asPnYvY-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         54:ae:80:6c:85:49:55:5a:07:bc:8e:45:03:42:99:b3:fe:13:
         7a:9d:1e:e8:a4:1a:ba:2f:ef:ac:50:82:60:85:21:b7:db:60:
         97:ee:3e:91:e6:37:e0:a5:7b:76:5a:65:07:95:54:f2:5e:a4:
         bf:ce:a5:81:25:c6:9d:63:2f:13:36:3d:54:e7:6a:cd:00:09:
         1b:39:03:58:c0:2c:5b:eb:70:0e:ce:df:8b:b9:fa:ac:3b:17:
         c6:60:76:88:8c:e5:5b:ca:f1:e7:44:61:28:0e:79:ee:2c:d4:
         ca:1c:14:92:59:95:28:89:e2:6d:5b:e2:6a:e6:53:e3:55:84:
         d4:8b:4d:31:a6:35:fb:2b:7d:fc:65:83:bc:4e:75:a7:28:88:
         ae:28:06:84:ab:b2:18:ac:e5:c0:0f:a8:8c:98:15:a8:39:95:
         86:48:30:5d:07:6a:a9:69:29:a4:a6:7e:9f:a1:dc:cf:0d:6d:
         1f:53:5a:51:2f:c1:80:a4:b2:f9:45:02:de:5b:45:0d:ef:44:
         4e:22:2c:94:e2:a2:ad:cc:a9:d7:09:f5:20:2b:c6:ba:71:3e:
         43:81:e4:e6:69:0d:2f:41:23:ed:cf:41:19:7a:47:94:9b:1c:
         ee:58:6a:94:d0:13:e9:e3:a6:8c:b5:04:6b:6f:9d:bd:76:a2:
         00:8c:4f:36
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0406IhiNf8xcVuDpDR3b5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyY2I4YzEyMzNiMDE2YjFmMDQ4MTA4OTczZDZhYzNlNzYy
ZjYzZWQwHhcNMjYwMzI5MDkwMTI2WhcNMjYwMzMwMDkwMTI2WjAzMTEwLwYDVQQD
EyhkY2JmMDlmZjhhMDJmODRkNThiNzBhYzNmMzY4NmU2ZTVhYjE2MWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdWSGSkIMZMuTLTendQLHgdOsT/H
gEFlnZNGxgQtSeke+sll+ILlfBNi2qaBvbnv/MVW87WRCDStqU92y30nQys+bOMw
F8wxfe/joZXYQF7FBpQS2ePdxo+SFoXfkJw/8RAIGzyNFMiIV8ncg1oCyfNU9m6X
xQK7NyFpYs8KY7cLG2/y0dU9bvQCHUirgn84kZL80SHLug9oCC1uAgTZBk7wYZzA
rJsB1WSCtGsv/bSBskJrG3NVREY+wcAoZOmhPHkdFIPI0qDGEzTtlqWw4tjQ+N7R
Iwh3c2X6VJTvZqHkg8GifQismCb7IsrbTGFUDGErq0ZitBJXJqjRMiHDbQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNy/Cf+KAvhNWLcKw/Nobm5asWHLMB8GA1UdIwQY
MBaAFGLLjBIzsBax8EgQiXPWrD52L2PtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXN1TUVqT3dGckh3U0JDSmM5YXNQbll2WS0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80MDJlZWEtNDgxNC00ODc3LThkN2Et
M2NhMmY3OTZiNTk2LzEvWXN1TUVqT3dGckh3U0JDSmM5YXNQbll2WS0wLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80MDJlZWEtNDgxNC00ODc3LThkN2EtM2NhMmY3OTZiNTk2
LzEvWXN1TUVqT3dGckh3U0JDSmM5YXNQbll2WS0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAVK6AbIVJ
VVoHvI5FA0KZs/4Tep0e6KQaui/vrFCCYIUht9tgl+4+keY34KV7dlplB5VU8l6k
v86lgSXGnWMvEzY9VOdqzQAJGzkDWMAsW+twDs7fi7n6rDsXxmB2iIzlW8rx50Rh
KA557izUyhwUklmVKInibVviauZT41WE1ItNMaY1+yt9/GWDvE51pyiIrigGhKuy
GKzlwA+ojJgVqDmVhkgwXQdqqWkppKZ+n6Hczw1tH1NaUS/BgKSy+UUC3ltFDe9E
TiIslOKircyp1wn1ICvGunE+Q4Hk5mkNL0Ej7c9BGXpHlJsc7lhqlNAT6eOmjLUE
a2+dvXaiAIxPNg==
-----END CERTIFICATE-----