Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/85b463-9870-4549-97de-3cabe94b4356/1/spAqmJWp6izi7CS799ryNABY5JQ.mft
File:                     spAqmJWp6izi7CS799ryNABY5JQ.mft (raw, json)
Hash identifier:          qcraYgma140XcyLXHfk85sJ1Xq+34Z/za+Pqns6/144=
Subject key identifier:   A8:89:43:68:3C:A5:F7:BA:1F:3C:D4:0D:B8:A4:48:E3:41:19:DA:5A
Authority key identifier: B2:90:2A:98:95:A9:EA:2C:E2:EC:24:BB:F7:DA:F2:34:00:58:E4:94
Certificate issuer:       /CN=b2902a9895a9ea2ce2ec24bbf7daf2340058e494
Certificate serial:       019D3A1D07D25DE3EB3EF9E98F6C711D8B5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/spAqmJWp6izi7CS799ryNABY5JQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/85b463-9870-4549-97de-3cabe94b4356/1/spAqmJWp6izi7CS799ryNABY5JQ.mft
Manifest number:          0129
Signing time:             Sun 29 Mar 2026 15:01:14 +0000
Manifest this update:     Sun 29 Mar 2026 15:01:14 +0000
Manifest next update:     Mon 30 Mar 2026 15:01:14 +0000
Files and hashes:         1: spAqmJWp6izi7CS799ryNABY5JQ.crl (hash: +D5SFx9vY68EwmJ3tE8TZsHm5pr2Yf7XJ+GVTDegaJU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/85b463-9870-4549-97de-3cabe94b4356/1/spAqmJWp6izi7CS799ryNABY5JQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/85b463-9870-4549-97de-3cabe94b4356/1/spAqmJWp6izi7CS799ryNABY5JQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/spAqmJWp6izi7CS799ryNABY5JQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 15:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3a:1d:07:d2:5d:e3:eb:3e:f9:e9:8f:6c:71:1d:8b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2902a9895a9ea2ce2ec24bbf7daf2340058e494
        Validity
            Not Before: Mar 29 15:01:14 2026 GMT
            Not After : Mar 30 15:01:14 2026 GMT
        Subject: CN=a88943683ca5f7ba1f3cd40db8a448e34119da5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e3:58:77:a3:53:3d:17:cd:8d:9b:3f:bb:0a:
                    dd:41:4a:01:35:72:60:f5:9e:56:4e:bd:18:9c:95:
                    76:8e:44:af:63:cf:e6:f3:a7:07:c2:77:71:07:19:
                    0c:00:e3:c9:25:49:c0:57:f9:85:d3:00:ba:5d:be:
                    c4:7d:06:5f:a0:85:6a:04:35:8a:f3:11:e0:ba:f0:
                    ab:8f:aa:36:8a:57:f5:e6:3d:60:8a:77:f6:75:07:
                    a1:d4:d3:87:f8:cc:e5:cf:a0:f5:1c:c4:73:63:bd:
                    b5:b8:2b:0a:b8:f6:c0:28:3d:ff:e1:b9:22:64:3e:
                    8b:38:35:51:e8:a3:4b:b0:62:ba:81:76:83:e0:8a:
                    f3:a6:56:db:29:75:cf:6a:37:de:88:f7:92:37:97:
                    14:d5:82:66:b0:37:ab:1d:a1:07:46:13:58:3a:fc:
                    c1:d5:9c:37:df:c4:24:3b:90:fc:ea:5e:37:c2:c1:
                    7b:db:6c:48:67:36:37:1b:04:a9:fd:19:2a:f9:68:
                    9b:39:2d:13:6b:fe:f1:34:75:de:ed:66:da:35:c0:
                    5e:dd:e4:a6:f2:48:ab:8e:d2:a0:a8:d8:31:a1:0a:
                    7f:1c:34:c6:07:57:15:b7:e5:c4:8f:1c:74:91:a8:
                    4f:44:b5:53:00:91:60:f1:6f:9c:50:3c:08:66:87:
                    41:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:89:43:68:3C:A5:F7:BA:1F:3C:D4:0D:B8:A4:48:E3:41:19:DA:5A
            X509v3 Authority Key Identifier:
                keyid:B2:90:2A:98:95:A9:EA:2C:E2:EC:24:BB:F7:DA:F2:34:00:58:E4:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/spAqmJWp6izi7CS799ryNABY5JQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/85b463-9870-4549-97de-3cabe94b4356/1/spAqmJWp6izi7CS799ryNABY5JQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/85b463-9870-4549-97de-3cabe94b4356/1/spAqmJWp6izi7CS799ryNABY5JQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         81:11:16:8c:a1:ed:2a:bc:50:64:21:b0:99:c6:f0:10:41:7f:
         fa:fe:ed:09:34:b9:2e:fa:39:a8:5f:be:d0:cf:41:e9:e3:83:
         14:bd:a7:e1:6b:38:fc:6b:69:53:50:9a:02:34:4c:21:f6:18:
         4c:f9:06:f7:c6:62:81:80:0a:d5:2f:3c:97:cc:e6:69:d9:5a:
         61:87:39:48:8d:e6:b9:49:6d:ce:74:06:78:d3:76:72:60:2f:
         5a:48:2a:f0:84:29:f8:50:6d:8a:bc:95:ff:cb:29:81:c6:b1:
         02:8c:b5:12:f1:b1:76:dd:3d:45:b2:3b:d8:c4:35:2b:e2:34:
         f2:28:7a:90:eb:e7:5f:1d:cc:cc:dc:83:31:66:50:a5:de:f7:
         b2:5b:6a:05:a5:b7:a7:7a:7c:57:2d:48:db:42:5b:6b:a2:5f:
         c4:49:a2:af:0b:f9:1c:ea:91:4d:d0:62:0c:3d:44:68:27:4c:
         e5:fa:54:da:b9:82:b2:f0:77:19:3d:5c:b7:5c:bf:db:f2:90:
         26:47:a7:ad:13:15:f3:9c:93:b2:85:34:71:73:d9:6c:88:e8:
         13:32:53:4f:95:58:ce:da:52:d5:c3:73:34:18:53:68:cd:85:
         3d:0f:1a:e8:1c:d8:28:c8:74:71:9e:d2:16:89:1b:3a:78:21:
         4e:35:a5:10
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ06HQfSXePrPvnpj2xxHYtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyOTAyYTk4OTVhOWVhMmNlMmVjMjRiYmY3ZGFmMjM0MDA1
OGU0OTQwHhcNMjYwMzI5MTUwMTE0WhcNMjYwMzMwMTUwMTE0WjAzMTEwLwYDVQQD
EyhhODg5NDM2ODNjYTVmN2JhMWYzY2Q0MGRiOGE0NDhlMzQxMTlkYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eNYd6NTPRfNjZs/uwrdQUoBNXJg
9Z5WTr0YnJV2jkSvY8/m86cHwndxBxkMAOPJJUnAV/mF0wC6Xb7EfQZfoIVqBDWK
8xHguvCrj6o2ilf15j1ginf2dQeh1NOH+Mzlz6D1HMRzY721uCsKuPbAKD3/4bki
ZD6LODVR6KNLsGK6gXaD4IrzplbbKXXPajfeiPeSN5cU1YJmsDerHaEHRhNYOvzB
1Zw338QkO5D86l43wsF722xIZzY3GwSp/Rkq+WibOS0Ta/7xNHXe7WbaNcBe3eSm
8kirjtKgqNgxoQp/HDTGB1cVt+XEjxx0kahPRLVTAJFg8W+cUDwIZodBgwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKiJQ2g8pfe6HzzUDbikSONBGdpaMB8GA1UdIwQY
MBaAFLKQKpiVqeos4uwku/fa8jQAWOSUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3BBcW1KV3A2aXppN0NTNzk5cnlOQUJZNUpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84NWI0NjMtOTg3MC00NTQ5LTk3ZGUt
M2NhYmU5NGI0MzU2LzEvc3BBcW1KV3A2aXppN0NTNzk5cnlOQUJZNUpRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84NWI0NjMtOTg3MC00NTQ5LTk3ZGUtM2NhYmU5NGI0MzU2
LzEvc3BBcW1KV3A2aXppN0NTNzk5cnlOQUJZNUpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAgREWjKHt
KrxQZCGwmcbwEEF/+v7tCTS5Lvo5qF++0M9B6eODFL2n4Ws4/GtpU1CaAjRMIfYY
TPkG98ZigYAK1S88l8zmadlaYYc5SI3muUltznQGeNN2cmAvWkgq8IQp+FBtiryV
/8spgcaxAoy1EvGxdt09RbI72MQ1K+I08ih6kOvnXx3MzNyDMWZQpd73sltqBaW3
p3p8Vy1I20Jba6JfxEmirwv5HOqRTdBiDD1EaCdM5fpU2rmCsvB3GT1ct1y/2/KQ
JkenrRMV85yTsoU0cXPZbIjoEzJTT5VYztpS1cNzNBhTaM2FPQ8a6BzYKMh0cZ7S
FokbOnghTjWlEA==
-----END CERTIFICATE-----