Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          mWN6Qp21Ng/j+aewyYta2zL2qKjfFN79eRchwR8k+Lo=
Subject key identifier:   47:C3:71:2B:4B:E7:82:CC:12:3E:07:C7:4A:7A:16:BC:2A:E3:84:DE
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       019D270418693F84B7ACE7A70ABEF59FBEB7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          1882
Signing time:             Wed 25 Mar 2026 22:01:12 +0000
Manifest this update:     Wed 25 Mar 2026 22:01:12 +0000
Manifest next update:     Thu 26 Mar 2026 22:01:12 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: HqMMpS5mw3ibb/W7pWZjxlf30HZm/C04E89zVeNqLB0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:04:18:69:3f:84:b7:ac:e7:a7:0a:be:f5:9f:be:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Mar 25 22:01:12 2026 GMT
            Not After : Mar 26 22:01:12 2026 GMT
        Subject: CN=47c3712b4be782cc123e07c74a7a16bc2ae384de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a2:67:87:88:0e:3f:35:90:f8:28:18:a9:b4:
                    8e:fa:81:ee:66:aa:62:51:8a:93:89:90:34:71:3d:
                    22:61:47:2b:03:b7:d5:18:f5:2f:cb:84:aa:36:22:
                    79:50:eb:12:17:2a:ea:0b:83:f7:98:7b:06:b6:bf:
                    ed:f2:5a:e1:76:2e:5c:75:57:6d:8d:27:bb:1b:90:
                    eb:a3:a3:69:f8:76:ba:0d:0f:63:cb:e2:24:de:b7:
                    06:2d:6c:c4:ef:0e:ac:fd:a4:49:0b:e0:c4:75:12:
                    5e:a3:cb:96:ef:ef:2f:0e:11:d1:79:7d:cb:f3:65:
                    1c:98:82:b3:b7:71:cf:1f:b3:2b:c0:d6:f3:72:d5:
                    e1:fb:c6:2b:26:c2:7c:d7:32:6e:6f:d8:0d:90:07:
                    d9:49:20:e2:85:2e:1c:b4:29:2f:bf:27:a0:d0:b2:
                    59:41:44:94:6c:05:3f:65:cf:51:40:0f:ae:37:c3:
                    ca:2b:be:70:a3:1a:ee:cc:20:3c:d1:1b:c6:77:a5:
                    4c:03:8e:35:83:e3:23:4a:9a:5b:ed:0a:d6:b5:7a:
                    76:1f:20:c3:1d:c5:e9:13:db:e2:8d:ef:cd:82:d8:
                    30:a9:f9:d4:5d:08:c0:3c:97:20:12:9d:7a:81:7c:
                    30:31:41:ae:28:4e:af:33:4c:f5:d8:fb:5a:76:21:
                    88:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C3:71:2B:4B:E7:82:CC:12:3E:07:C7:4A:7A:16:BC:2A:E3:84:DE
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         bc:19:31:58:55:26:22:d6:93:42:c8:93:c9:b4:4d:30:04:72:
         76:ec:7d:22:70:84:e6:69:29:f5:02:2e:7c:de:b7:08:18:e1:
         ae:2f:6b:cd:87:a7:f2:fb:51:21:ca:75:ec:5e:84:1d:21:4c:
         60:e5:f3:87:80:0c:0d:00:03:00:f6:f7:cc:c4:31:66:bd:54:
         a9:bd:f0:7b:5d:4b:dc:06:16:df:d2:62:16:09:6c:6f:33:b7:
         cd:00:8d:8c:e0:59:0c:9a:5a:07:25:4d:50:1f:23:29:ec:08:
         51:32:f8:27:23:64:3e:ba:78:c9:cb:b6:2e:81:04:ec:2b:a3:
         de:9e:87:ca:6f:b1:76:25:a8:10:4c:ca:a4:ef:bd:d7:61:ae:
         bd:17:df:a2:12:fc:2d:7a:c4:49:d9:94:23:8a:7e:db:cb:d9:
         72:ac:57:90:3a:e0:7d:e2:33:68:c0:56:d4:06:fb:be:d0:50:
         2a:c6:33:87:74:1d:77:03:2f:e3:e6:6e:aa:cf:e4:9c:f9:6e:
         79:ba:5a:44:50:c0:05:d7:5f:51:44:e3:57:1d:ab:67:f7:84:
         c6:55:49:a4:d1:d7:47:99:de:fb:7a:14:b5:b8:95:07:e0:48:
         64:0e:49:93:29:19:0a:c4:8b:e5:e1:15:95:1a:c7:01:27:f1:
         08:63:ba:b4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0nBBhpP4S3rOenCr71n763MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjYwMzI1MjIwMTEyWhcNMjYwMzI2MjIwMTEyWjAzMTEwLwYDVQQD
Eyg0N2MzNzEyYjRiZTc4MmNjMTIzZTA3Yzc0YTdhMTZiYzJhZTM4NGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaJnh4gOPzWQ+CgYqbSO+oHuZqpi
UYqTiZA0cT0iYUcrA7fVGPUvy4SqNiJ5UOsSFyrqC4P3mHsGtr/t8lrhdi5cdVdt
jSe7G5Dro6Np+Ha6DQ9jy+Ik3rcGLWzE7w6s/aRJC+DEdRJeo8uW7+8vDhHReX3L
82UcmIKzt3HPH7MrwNbzctXh+8YrJsJ81zJub9gNkAfZSSDihS4ctCkvvyeg0LJZ
QUSUbAU/Zc9RQA+uN8PKK75woxruzCA80RvGd6VMA441g+MjSppb7QrWtXp2HyDD
HcXpE9vije/NgtgwqfnUXQjAPJcgEp16gXwwMUGuKE6vM0z12PtadiGITQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEfDcStL54LMEj4Hx0p6Frwq44TeMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAvBkxWFUm
ItaTQsiTybRNMARydux9InCE5mkp9QIufN63CBjhri9rzYen8vtRIcp17F6EHSFM
YOXzh4AMDQADAPb3zMQxZr1Uqb3we11L3AYW39JiFglsbzO3zQCNjOBZDJpaByVN
UB8jKewIUTL4JyNkPrp4ycu2LoEE7Cuj3p6Hym+xdiWoEEzKpO+912GuvRffohL8
LXrESdmUI4p+28vZcqxXkDrgfeIzaMBW1Ab7vtBQKsYzh3QddwMv4+Zuqs/knPlu
ebpaRFDABddfUUTjVx2rZ/eExlVJpNHXR5ne+3oUtbiVB+BIZA5JkykZCsSL5eEV
lRrHASfxCGO6tA==
-----END CERTIFICATE-----