Manifest

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
File:                     DC780D9935DABC701A4C4832B16C11D7743C399A.mft (raw, json)
Hash identifier:          hafjNoc0W/fHGGPW/hdDRT7WlyfaXtpQOX1mgOzuG1Y=
Subject key identifier:   6A:21:F6:29:6F:F9:E9:CF:35:94:63:29:8F:D8:6B:4F:FC:B1:B1:10
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       464EA061D28D31CA873586DD9E15B311366E8ACA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
Manifest number:          0145
Signing time:             Sun 29 Mar 2026 09:17:50 +0000
Manifest this update:     Sun 29 Mar 2026 09:12:50 +0000
Manifest next update:     Mon 30 Mar 2026 12:09:50 +0000
Files and hashes:         1: 326130343a623930363a3a2f34382d3438203d3e2030.roa (hash: rzyLuLQB2r5jFPz4ER372UgwfaN2meO05T5dDI5hqUg=)
                          2: DC780D9935DABC701A4C4832B16C11D7743C399A.crl (hash: imnUk4n6OZU32mBstqOGpMNfGnzlRuIuKem2jH2579I=)
                          3: C8623AA6C30FA8E058243708F5672D7960E52389.cer (hash: qDS/meVpMF7qgfPtayVFbWOCnAfvA9XikJALxZNw670=)
                          4: 3138352e34392e3134302e302f32332d3233203d3e2038353837.roa (hash: bG62lXPn1Km32GF1V4Mpr+78+uhtW45az4faRRcPToY=)
                          5: 3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa (hash: jR+qYDFgs1RFLmTf7rqpUDak54gW5tVDwGwUk/IhO4s=)
                          6: 326130343a623930303a3a2f33302d3332203d3e2038353837.roa (hash: YouEGWqx2GG1gNyKDzMvqaRmGag9lv2eJQyjBwSYn9Y=)
                          7: 3138352e34392e3134322e302f32342d3234203d3e2030.roa (hash: OFYzxf950q78iFTJtOczlCYpNOX+DOEpFZuRWUO9N6w=)
                          8: 3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa (hash: UL7yBA1F7ergECjM7xK45EYvQh4BIa6w098X6gj/00E=)
                          9: 326130343a623930343a373230303a3a2f34302d3430203d3e20323131333231.roa (hash: refEY6cMSdDY7cBVUX5w6R5vf51PxokJ+N8DMMimo3o=)
                          10: 326130343a623930343a3a2f34382d3438203d3e20323131333231.roa (hash: XACd90ki63AXfGn+taSfXn0bg5k/VvTu6qRBsyyOiUc=)
                          11: 326130343a623930353a3a2f34382d3438203d3e203136353039.roa (hash: 2WLi+yTCoT6MxCiLFaQP7kK5t5x+CtSSj0mzxVLx03Y=)
                          12: 326130343a623930373a3a2f34382d3438203d3e2030.roa (hash: /xnxiOeZe4RUPZsXL0vjp7QXRGVs8BxZ08hPmiOocY8=)
                          13: 326130343a623930303a3a2f33302d3330203d3e2038353837.roa (hash: gYkRIFE7UL0cJEwnwxVcLo1Ut87kd9a2aqmOVqa5baI=)
                          14: 326130343a623930323a3a2f34382d3438203d3e20323131333231.roa (hash: qdL0+PphZnX4cdypWsOWZjkH1FNw49MUNv/FrNDrY3s=)
                          15: 326130343a623930373a3a2f34372d3437203d3e20323131333231.roa (hash: eSgn8pAntXBevn2NWK+HjwLFj3TRH0aVr1zTI6ST4E0=)
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:4e:a0:61:d2:8d:31:ca:87:35:86:dd:9e:15:b3:11:36:6e:8a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Mar 29 09:12:50 2026 GMT
            Not After : Mar 30 12:09:50 2026 GMT
        Subject: CN=6A21F6296FF9E9CF359463298FD86B4FFCB1B110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e7:33:d2:97:cb:65:68:55:08:7c:5b:11:97:
                    98:a6:43:74:83:91:df:ef:85:6b:00:9c:90:82:76:
                    05:25:21:8a:f8:83:9f:3c:5b:60:0b:4d:86:f6:1b:
                    3c:17:43:64:e2:85:a6:90:c4:8a:8e:2c:3d:2a:08:
                    05:1d:23:f7:b5:95:ed:22:dd:33:b3:69:59:b2:ad:
                    6f:fa:cf:af:46:d9:dc:1d:7b:db:77:82:cd:1a:29:
                    b9:16:d5:fc:f0:18:22:0b:55:92:d2:46:cf:35:b3:
                    cc:59:93:a3:25:7c:72:d4:87:62:cb:f7:9f:28:89:
                    33:59:2c:46:d2:70:d9:32:2e:c8:b4:1c:70:3d:0d:
                    ea:cb:5e:25:42:1a:20:87:40:fe:55:8b:83:ad:b5:
                    33:2d:d1:f0:e7:2e:9b:96:ed:7f:f8:0d:ee:b4:21:
                    ab:c0:8e:00:51:0b:5d:80:fd:d6:9f:a0:3b:f1:0a:
                    e4:d9:7a:04:34:b6:72:8d:aa:91:42:2a:b5:c4:64:
                    82:e6:b7:a1:8b:0e:cd:e6:81:bf:9c:c8:d0:23:fb:
                    23:e4:dd:00:61:83:fd:11:d2:00:78:3c:f1:94:de:
                    29:d5:f5:07:ee:95:4e:2e:01:54:26:46:db:26:d6:
                    27:43:b8:53:d9:b6:45:71:ed:5c:9d:78:d1:47:9c:
                    43:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:21:F6:29:6F:F9:E9:CF:35:94:63:29:8F:D8:6B:4F:FC:B1:B1:10
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         b7:d2:79:65:f7:bd:1a:a9:90:27:56:60:7e:e7:71:6a:6c:e6:
         95:69:6e:45:57:07:87:68:2b:6b:b5:e3:5d:ee:bb:4d:20:34:
         c4:9c:1c:47:f9:ca:4f:65:5c:c1:ff:b5:1c:be:fb:22:8e:a2:
         f0:9c:52:f2:b3:44:96:ad:54:8f:d1:da:2e:2f:3e:05:1a:3f:
         f0:61:ee:52:28:7b:7a:1f:a9:12:82:ca:b6:1d:28:24:6a:3b:
         35:26:4f:4a:56:b0:27:00:95:1d:1c:02:3f:b4:56:7f:a1:13:
         78:c4:33:29:85:18:6f:4e:41:52:9b:b5:35:85:bf:be:d8:d9:
         cc:e0:37:fd:c7:49:08:2b:aa:16:3c:af:cb:de:0f:a5:ad:00:
         38:46:88:c6:8e:f8:6d:6f:87:a8:1f:e3:ec:5f:0b:22:52:2a:
         ec:2b:a0:54:8e:a0:7b:2c:d1:83:af:77:9c:2c:c0:61:e2:ea:
         0f:d5:22:08:81:60:30:05:b4:d7:18:13:c8:0d:8b:a2:8c:11:
         56:93:bc:41:ad:0d:8b:73:63:2d:13:05:5e:3e:57:22:fe:d0:
         30:b6:1f:8c:b0:85:0d:d9:50:89:8a:d8:94:1e:4d:ec:7f:72:
         50:3b:fb:31:33:0b:15:18:64:b3:f9:d0:af:60:4b:c1:bb:24:
         44:18:57:c9
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIURk6gYdKNMcqHNYbdnhWzETZuisowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNjAzMjkwOTEyNTBaFw0yNjAzMzAxMjA5NTBaMDMxMTAvBgNV
BAMTKDZBMjFGNjI5NkZGOUU5Q0YzNTk0NjMyOThGRDg2QjRGRkNCMUIxMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCr5zPSl8tlaFUIfFsRl5imQ3SD
kd/vhWsAnJCCdgUlIYr4g588W2ALTYb2GzwXQ2TihaaQxIqOLD0qCAUdI/e1le0i
3TOzaVmyrW/6z69G2dwde9t3gs0aKbkW1fzwGCILVZLSRs81s8xZk6MlfHLUh2LL
958oiTNZLEbScNkyLsi0HHA9DerLXiVCGiCHQP5Vi4OttTMt0fDnLpuW7X/4De60
IavAjgBRC12A/dafoDvxCuTZegQ0tnKNqpFCKrXEZILmt6GLDs3mgb+cyNAj+yPk
3QBhg/0R0gB4PPGU3inV9QfulU4uAVQmRtsm1idDuFPZtkVx7VydeNFHnEPBAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUaiH2KW/56c81lGMpj9hrT/yxsRAwHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5y
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
L0RDNzgwRDk5MzVEQUJDNzAxQTRDNDgzMkIxNkMxMUQ3NzQzQzM5OUEubWZ0MBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMAYEAgAB
BQAwBgQCAAIFADAVBggrBgEFBQcBCAEB/wQGMASgAgUAMA0GCSqGSIb3DQEBCwUA
A4IBAQC30nll970aqZAnVmB+53FqbOaVaW5FVweHaCtrteNd7rtNIDTEnBxH+cpP
ZVzB/7UcvvsijqLwnFLys0SWrVSP0douLz4FGj/wYe5SKHt6H6kSgsq2HSgkajs1
Jk9KVrAnAJUdHAI/tFZ/oRN4xDMphRhvTkFSm7U1hb++2NnM4Df9x0kIK6oWPK/L
3g+lrQA4RojGjvhtb4eoH+PsXwsiUirsK6BUjqB7LNGDr3ecLMBh4uoP1SIIgWAw
BbTXGBPIDYuijBFWk7xBrQ2Lc2MtEwVePlci/tAwth+MsIUN2VCJitiUHk3sf3JQ
O/sxMwsVGGSz+dCvYEvBuyREGFfJ
-----END CERTIFICATE-----