Manifest

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
File:                     DC780D9935DABC701A4C4832B16C11D7743C399A.mft (raw, json)
Hash identifier:          LGbwxDcO7/pmI14xMzJCd7/OAL+0I9YAt4R23u2vxyc=
Subject key identifier:   B4:25:CB:E1:11:09:8C:82:40:97:97:5A:25:C0:27:D2:C0:4C:59:94
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       601A33D055A40524079A55A13F7D2D7591B0A503
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
Manifest number:          01C1
Signing time:             Tue 30 Jun 2026 20:20:10 +0000
Manifest this update:     Tue 30 Jun 2026 20:15:10 +0000
Manifest next update:     Wed 01 Jul 2026 23:40:10 +0000
Files and hashes:         1: 326130343a623930323a3a2f34382d3438203d3e20323131333231.roa (hash: qdL0+PphZnX4cdypWsOWZjkH1FNw49MUNv/FrNDrY3s=)
                          2: 326130343a623930353a3a2f34382d3438203d3e203136353039.roa (hash: 2WLi+yTCoT6MxCiLFaQP7kK5t5x+CtSSj0mzxVLx03Y=)
                          3: 326130343a623930373a3a2f34372d3437203d3e20323131333231.roa (hash: eSgn8pAntXBevn2NWK+HjwLFj3TRH0aVr1zTI6ST4E0=)
                          4: 3138352e34392e3134322e302f32342d3234203d3e2030.roa (hash: OFYzxf950q78iFTJtOczlCYpNOX+DOEpFZuRWUO9N6w=)
                          5: 326130343a623930343a373230303a3a2f34302d3430203d3e20323131333231.roa (hash: refEY6cMSdDY7cBVUX5w6R5vf51PxokJ+N8DMMimo3o=)
                          6: 326130343a623930373a3a2f34382d3438203d3e2030.roa (hash: /xnxiOeZe4RUPZsXL0vjp7QXRGVs8BxZ08hPmiOocY8=)
                          7: 326130343a623930343a3a2f34382d3438203d3e20323131333231.roa (hash: XACd90ki63AXfGn+taSfXn0bg5k/VvTu6qRBsyyOiUc=)
                          8: 326130343a623930363a3a2f34382d3438203d3e2030.roa (hash: rzyLuLQB2r5jFPz4ER372UgwfaN2meO05T5dDI5hqUg=)
                          9: 326130343a623930303a3a2f33302d3330203d3e2038353837.roa (hash: gYkRIFE7UL0cJEwnwxVcLo1Ut87kd9a2aqmOVqa5baI=)
                          10: DC780D9935DABC701A4C4832B16C11D7743C399A.crl (hash: ktIQKSwRC+NJM7DHYsIoagUA9numwCCjSq723RpWnzg=)
                          11: 3138352e34392e3134302e302f32332d3233203d3e2038353837.roa (hash: bG62lXPn1Km32GF1V4Mpr+78+uhtW45az4faRRcPToY=)
                          12: C8623AA6C30FA8E058243708F5672D7960E52389.cer (hash: qDS/meVpMF7qgfPtayVFbWOCnAfvA9XikJALxZNw670=)
                          13: 326130343a623930303a3a2f33302d3332203d3e2038353837.roa (hash: YouEGWqx2GG1gNyKDzMvqaRmGag9lv2eJQyjBwSYn9Y=)
                          14: 3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa (hash: UL7yBA1F7ergECjM7xK45EYvQh4BIa6w098X6gj/00E=)
                          15: 3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa (hash: jR+qYDFgs1RFLmTf7rqpUDak54gW5tVDwGwUk/IhO4s=)
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 23:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:1a:33:d0:55:a4:05:24:07:9a:55:a1:3f:7d:2d:75:91:b0:a5:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Jun 30 20:15:10 2026 GMT
            Not After : Jul  1 23:40:10 2026 GMT
        Subject: CN=B425CBE111098C824097975A25C027D2C04C5994
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5d:05:e7:47:9e:44:1a:e3:35:23:99:fd:fe:
                    b0:29:d0:61:77:6c:1d:40:fc:e7:0f:71:e8:b2:ba:
                    a4:b5:40:39:cb:86:b6:c9:c6:91:82:17:aa:2c:14:
                    f9:49:fd:88:55:ea:05:c2:9b:a1:3d:c9:73:9b:71:
                    e4:25:a8:47:3b:ec:7f:1a:dc:55:80:79:ff:a1:7a:
                    bf:fc:04:86:7e:58:fe:a6:a0:c6:e4:7e:90:42:b1:
                    b3:d3:10:b4:79:cc:ac:f7:6b:41:2a:fa:2f:a5:a3:
                    4a:a5:b7:96:0c:32:a8:a0:cb:c3:f0:c0:b6:4c:a4:
                    23:d7:1a:40:3f:7a:1e:a4:66:b8:64:c8:52:ba:dc:
                    cd:38:6f:c9:9b:cb:47:56:cc:ca:d5:24:81:0f:09:
                    9b:89:0d:e6:84:ad:ac:b9:43:8e:50:27:ef:1e:d8:
                    05:b8:fa:2d:ff:66:92:37:c1:ea:21:df:cc:a7:04:
                    1e:67:11:1b:98:3c:92:f3:1c:5e:e3:4b:34:ad:33:
                    0e:71:a2:35:70:d4:03:fc:ac:fb:b4:33:f2:e8:63:
                    53:10:9c:06:2c:7c:7b:df:95:fa:25:8e:62:89:b7:
                    84:11:65:cb:6d:82:d4:27:74:7e:19:b1:78:96:7b:
                    86:b0:20:34:1d:b4:bd:44:b5:e8:c0:85:94:52:61:
                    97:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:25:CB:E1:11:09:8C:82:40:97:97:5A:25:C0:27:D2:C0:4C:59:94
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         ba:db:e6:cf:9c:47:14:a0:80:66:5c:1e:26:ed:1e:58:bc:66:
         b0:ff:8e:9a:27:15:46:b3:c2:43:52:4f:61:8d:b3:71:d3:a1:
         4b:8c:99:09:08:9a:6a:d7:d2:c7:85:87:a6:df:8e:b2:91:63:
         8b:17:f8:3c:97:b7:1b:e4:76:7f:e2:fc:c7:97:09:9f:0e:53:
         d7:89:9b:e5:2c:a0:a4:5b:71:f3:f5:84:9d:ee:ff:47:ee:5e:
         4a:64:30:d5:e1:63:06:c0:83:12:73:9b:0e:ae:ef:85:86:45:
         1e:0b:2d:23:c3:37:22:46:13:8f:95:7c:66:4b:49:b8:79:f3:
         f0:1a:1e:4f:cb:ee:a3:67:f2:dc:4f:ab:57:d6:6b:57:2a:80:
         8c:d1:ef:9b:33:ba:99:d7:ab:69:df:4f:f5:b0:89:df:e6:8c:
         63:e1:10:45:28:9d:49:97:c5:d1:ad:7e:3c:b8:fc:71:37:0e:
         57:ad:75:6d:42:34:69:18:97:84:f5:fd:c1:67:88:3c:d4:92:
         ec:e9:74:8d:44:7b:9b:31:54:d4:3d:ab:19:3b:f0:b5:5c:03:
         e4:52:01:26:4b:d3:ad:4b:72:1c:76:60:e5:ef:aa:48:1d:c5:
         09:2e:96:91:d9:18:c1:db:74:a7:d2:68:02:e5:7d:0f:d2:64:
         90:da:d2:ce
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUYBoz0FWkBSQHmlWhP30tdZGwpQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNjA2MzAyMDE1MTBaFw0yNjA3MDEyMzQwMTBaMDMxMTAvBgNV
BAMTKEI0MjVDQkUxMTEwOThDODI0MDk3OTc1QTI1QzAyN0QyQzA0QzU5OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnXQXnR55EGuM1I5n9/rAp0GF3
bB1A/OcPceiyuqS1QDnLhrbJxpGCF6osFPlJ/YhV6gXCm6E9yXObceQlqEc77H8a
3FWAef+her/8BIZ+WP6moMbkfpBCsbPTELR5zKz3a0Eq+i+lo0qlt5YMMqigy8Pw
wLZMpCPXGkA/eh6kZrhkyFK63M04b8mby0dWzMrVJIEPCZuJDeaEray5Q45QJ+8e
2AW4+i3/ZpI3weoh38ynBB5nERuYPJLzHF7jSzStMw5xojVw1AP8rPu0M/LoY1MQ
nAYsfHvflfoljmKJt4QRZcttgtQndH4ZsXiWe4awIDQdtL1EtejAhZRSYZdDAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQUtCXL4REJjIJAl5daJcAn0sBMWZQwHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5y
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
L0RDNzgwRDk5MzVEQUJDNzAxQTRDNDgzMkIxNkMxMUQ3NzQzQzM5OUEubWZ0MBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMAYEAgAB
BQAwBgQCAAIFADAVBggrBgEFBQcBCAEB/wQGMASgAgUAMA0GCSqGSIb3DQEBCwUA
A4IBAQC62+bPnEcUoIBmXB4m7R5YvGaw/46aJxVGs8JDUk9hjbNx06FLjJkJCJpq
19LHhYem346ykWOLF/g8l7cb5HZ/4vzHlwmfDlPXiZvlLKCkW3Hz9YSd7v9H7l5K
ZDDV4WMGwIMSc5sOru+FhkUeCy0jwzciRhOPlXxmS0m4efPwGh5Py+6jZ/LcT6tX
1mtXKoCM0e+bM7qZ16tp30/1sInf5oxj4RBFKJ1Jl8XRrX48uPxxNw5XrXVtQjRp
GJeE9f3BZ4g81JLs6XSNRHubMVTUPasZO/C1XAPkUgEmS9OtS3IcdmDl76pIHcUJ
LpaR2RjB23Sn0mgC5X0P0mSQ2tLO
-----END CERTIFICATE-----
Generated at Wed Jul 1 10:33:59 2026 by rpki-client