Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          QXZ0DCiDcOWgK6qchgSEOHP9VqyyvSXxglQkdd5y3Cw=
Subject key identifier:   DB:A2:C9:A3:77:13:D5:3C:71:79:5B:32:62:D9:31:2B:13:B5:56:3B
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       019E1C46F008DBC0E973C138A0B244922A2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          1901
Signing time:             Tue 12 May 2026 13:01:11 +0000
Manifest this update:     Tue 12 May 2026 13:01:11 +0000
Manifest next update:     Wed 13 May 2026 13:01:11 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: iJBcpiamj+LGH3xCIvmgRTm92czWCjS+JM0mXhyimiw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:46:f0:08:db:c0:e9:73:c1:38:a0:b2:44:92:2a:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: May 12 13:01:11 2026 GMT
            Not After : May 13 13:01:11 2026 GMT
        Subject: CN=dba2c9a37713d53c71795b3262d9312b13b5563b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9b:c7:32:db:cc:c7:66:f8:f1:98:96:ab:92:
                    ff:b6:c3:9f:52:6d:6e:b8:a2:2c:a0:a3:36:e5:52:
                    9a:15:1b:0d:fa:77:ba:ef:77:24:fa:51:7c:ff:2a:
                    ea:d4:0a:6f:06:6f:83:b5:91:0b:28:1e:12:4c:6e:
                    70:ce:64:c5:f6:5f:d4:04:16:4c:b1:a7:8e:37:6e:
                    b1:01:04:b2:9e:8c:3d:88:a0:24:8b:43:e4:88:bf:
                    48:44:d5:e9:96:98:12:87:82:29:32:c2:1c:91:10:
                    f9:5b:b2:15:35:3f:59:a0:70:f9:47:e8:f0:6a:96:
                    61:a4:2c:af:f5:d7:e2:26:37:9c:b0:22:46:75:ee:
                    55:c9:c8:54:0a:2a:92:33:a6:35:48:23:1c:a2:19:
                    0f:56:d9:50:47:04:be:61:c9:e8:b0:bc:9c:02:a0:
                    b5:72:d4:b7:70:39:ab:cb:90:86:06:d9:2a:09:d9:
                    18:f2:67:3d:b1:d4:4f:f0:ae:31:9b:89:05:05:3a:
                    25:d6:c2:72:6c:47:7f:d2:9c:32:0b:e9:82:e1:37:
                    9f:f7:c1:ae:d8:9f:2f:11:d9:cb:d9:cc:82:30:a1:
                    7e:55:6b:c9:ea:21:6b:1f:91:78:e4:0d:13:18:1c:
                    67:26:9d:82:f2:92:3d:a9:95:37:69:b4:52:70:47:
                    90:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:A2:C9:A3:77:13:D5:3C:71:79:5B:32:62:D9:31:2B:13:B5:56:3B
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         51:07:6a:90:61:2e:09:73:9c:25:03:13:24:fb:ba:1e:87:48:
         e0:28:a1:b8:50:f7:8b:75:82:63:26:05:45:cf:72:06:7a:9f:
         59:f4:f8:d3:28:1b:49:23:e3:2e:f0:80:4e:20:6a:0f:b8:fa:
         65:28:4b:76:c8:85:94:f2:35:e1:e1:3f:90:26:cd:7d:b5:df:
         9a:a5:52:1c:0f:a2:af:be:a7:c7:78:14:15:72:00:ad:84:95:
         d7:70:de:b4:6e:09:07:c9:36:f6:d4:63:64:ea:83:71:12:0f:
         78:24:50:9e:c7:40:9c:dd:b4:97:28:dd:a1:01:3a:0c:01:88:
         c2:2e:3b:99:0c:8e:d2:75:49:4e:23:2f:bd:06:8d:93:0b:7a:
         4b:56:ea:08:04:71:29:4e:01:07:6a:8c:97:cf:df:36:43:a2:
         25:f9:ef:a5:2d:f3:33:60:3a:93:30:70:a4:3c:8e:89:59:e1:
         11:36:5b:21:aa:ed:b3:ae:61:0d:64:a2:0e:65:4e:04:d8:4d:
         d7:bf:82:9c:82:8c:6b:06:e0:54:e9:c1:80:68:e7:7c:36:83:
         10:f8:7f:d4:4b:e7:39:5a:e3:e0:3b:bb:a1:52:a9:ed:61:4d:
         1d:f1:3d:7c:71:c4:b1:71:fb:7d:41:9c:3f:48:89:a3:d5:eb:
         2c:d6:4d:35
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ4cRvAI28Dpc8E4oLJEkiouMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjYwNTEyMTMwMTExWhcNMjYwNTEzMTMwMTExWjAzMTEwLwYDVQQD
EyhkYmEyYzlhMzc3MTNkNTNjNzE3OTViMzI2MmQ5MzEyYjEzYjU1NjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJvHMtvMx2b48ZiWq5L/tsOfUm1u
uKIsoKM25VKaFRsN+ne673ck+lF8/yrq1ApvBm+DtZELKB4STG5wzmTF9l/UBBZM
saeON26xAQSynow9iKAki0PkiL9IRNXplpgSh4IpMsIckRD5W7IVNT9ZoHD5R+jw
apZhpCyv9dfiJjecsCJGde5VychUCiqSM6Y1SCMcohkPVtlQRwS+YcnosLycAqC1
ctS3cDmry5CGBtkqCdkY8mc9sdRP8K4xm4kFBTol1sJybEd/0pwyC+mC4Tef98Gu
2J8vEdnL2cyCMKF+VWvJ6iFrH5F45A0TGBxnJp2C8pI9qZU3abRScEeQNQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNuiyaN3E9U8cXlbMmLZMSsTtVY7MB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAUQdqkGEu
CXOcJQMTJPu6HodI4CihuFD3i3WCYyYFRc9yBnqfWfT40ygbSSPjLvCATiBqD7j6
ZShLdsiFlPI14eE/kCbNfbXfmqVSHA+ir76nx3gUFXIArYSV13DetG4JB8k29tRj
ZOqDcRIPeCRQnsdAnN20lyjdoQE6DAGIwi47mQyO0nVJTiMvvQaNkwt6S1bqCARx
KU4BB2qMl8/fNkOiJfnvpS3zM2A6kzBwpDyOiVnhETZbIarts65hDWSiDmVOBNhN
17+CnIKMawbgVOnBgGjnfDaDEPh/1EvnOVrj4Du7oVKp7WFNHfE9fHHEsXH7fUGc
P0iJo9XrLNZNNQ==
-----END CERTIFICATE-----