Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/5b9709-1108-4d5f-8608-09d560c0043b/1/2h2OAPPwRejexhV_FCYkG18SbQ0.mft
File:                     2h2OAPPwRejexhV_FCYkG18SbQ0.mft (raw, json)
Hash identifier:          lKjOD1R5IipnIQwYl32+C3D+6AZyVTYizJmyic1ScNY=
Subject key identifier:   5F:5A:8B:FE:D0:74:DC:F2:51:36:B8:F4:A8:9B:E3:DF:4F:96:31:0F
Authority key identifier: DA:1D:8E:00:F3:F0:45:E8:DE:C6:15:7F:14:26:24:1B:5F:12:6D:0D
Certificate issuer:       /CN=da1d8e00f3f045e8dec6157f1426241b5f126d0d
Certificate serial:       019D2BBCBB505441798574761B3463C6763F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2h2OAPPwRejexhV_FCYkG18SbQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/5b9709-1108-4d5f-8608-09d560c0043b/1/2h2OAPPwRejexhV_FCYkG18SbQ0.mft
Manifest number:          0C95
Signing time:             Thu 26 Mar 2026 20:01:22 +0000
Manifest this update:     Thu 26 Mar 2026 20:01:22 +0000
Manifest next update:     Fri 27 Mar 2026 20:01:22 +0000
Files and hashes:         1: 2h2OAPPwRejexhV_FCYkG18SbQ0.crl (hash: 8KzO7qDfA68ne1yi0sQLlV7balRGOhOVQVhIdudSQNs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/5b9709-1108-4d5f-8608-09d560c0043b/1/2h2OAPPwRejexhV_FCYkG18SbQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/5b9709-1108-4d5f-8608-09d560c0043b/1/2h2OAPPwRejexhV_FCYkG18SbQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2h2OAPPwRejexhV_FCYkG18SbQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:bc:bb:50:54:41:79:85:74:76:1b:34:63:c6:76:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da1d8e00f3f045e8dec6157f1426241b5f126d0d
        Validity
            Not Before: Mar 26 20:01:22 2026 GMT
            Not After : Mar 27 20:01:22 2026 GMT
        Subject: CN=5f5a8bfed074dcf25136b8f4a89be3df4f96310f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5a:e2:ff:05:a8:be:8e:98:f6:11:b2:40:1c:
                    aa:fd:cc:4d:8c:4d:bc:33:55:84:07:a4:22:68:60:
                    94:4a:92:88:4f:f4:99:b8:a9:60:e8:fe:c1:e8:84:
                    88:77:de:8d:52:a3:63:3a:53:f6:a2:02:9d:2f:50:
                    b3:b7:4a:3b:00:bb:d2:b5:4a:af:5f:e9:1b:4c:36:
                    97:66:75:1f:67:6c:09:c8:59:a1:dc:e6:da:42:88:
                    f1:c5:a8:1e:c5:65:b0:78:c2:b5:b1:cf:41:2e:82:
                    39:9c:b5:72:a2:48:ab:71:dd:42:ec:08:7b:68:10:
                    7b:24:2e:d5:5c:b6:26:48:03:c4:f3:43:41:e9:37:
                    18:dd:15:16:01:ef:2d:34:4a:f8:28:3a:21:79:f1:
                    c5:62:9d:2d:84:e1:94:c0:e0:9d:56:da:24:66:b6:
                    4a:dc:59:ab:17:e2:98:0c:d9:72:2f:b5:ca:53:b8:
                    42:7b:8e:ee:a2:de:9f:7b:28:67:2d:c0:c8:d0:b7:
                    c9:fc:b5:37:28:f2:d5:a7:37:ce:90:ae:45:8d:94:
                    75:10:5d:4d:04:b6:f9:d5:93:15:ec:dd:0d:59:33:
                    84:e4:21:39:d5:22:2e:17:2f:cc:fd:12:b3:9f:ae:
                    04:9f:73:f9:70:84:89:21:74:33:9a:a0:56:bd:e6:
                    c2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:5A:8B:FE:D0:74:DC:F2:51:36:B8:F4:A8:9B:E3:DF:4F:96:31:0F
            X509v3 Authority Key Identifier:
                keyid:DA:1D:8E:00:F3:F0:45:E8:DE:C6:15:7F:14:26:24:1B:5F:12:6D:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2h2OAPPwRejexhV_FCYkG18SbQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5b9709-1108-4d5f-8608-09d560c0043b/1/2h2OAPPwRejexhV_FCYkG18SbQ0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/5b9709-1108-4d5f-8608-09d560c0043b/1/2h2OAPPwRejexhV_FCYkG18SbQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         64:00:94:b8:72:0c:c7:e6:a2:98:6e:93:17:16:9e:c1:d4:21:
         b0:cd:cf:0f:7a:ab:d4:82:30:ec:d6:5e:71:7c:de:95:00:2b:
         b7:d6:9e:be:85:11:09:5c:49:7b:8c:f9:3a:6e:c9:c7:8f:95:
         e1:89:41:9f:cb:ee:1c:14:81:6d:49:c9:49:c2:ae:42:db:9e:
         0f:be:1d:bb:9d:b5:66:e9:6f:b3:53:85:58:9d:c7:45:38:2e:
         de:0d:6b:bc:c7:71:f4:8c:63:8f:a3:8e:a8:c1:86:52:a3:d6:
         96:f3:6b:14:3a:ad:21:c7:af:56:2d:b9:a8:d5:6a:b8:68:0c:
         70:e0:d6:5e:49:9d:4f:5d:38:78:59:8e:e4:4f:24:1a:4e:78:
         25:85:71:a5:30:47:36:e8:42:58:03:90:3c:83:75:16:38:15:
         cb:bf:30:4d:01:dc:18:91:b7:e8:58:0d:32:c5:19:cc:f3:67:
         64:42:af:ab:79:da:e6:df:69:f7:1b:7d:21:05:49:18:f3:15:
         c7:46:5b:23:7e:9c:64:90:1d:76:27:d0:45:94:31:8a:97:54:
         a2:74:5c:00:53:ed:b5:0e:c4:9a:c6:29:c1:50:ef:7c:f8:0d:
         a7:37:03:46:05:49:3f:f9:f3:5e:2a:88:56:5d:c4:49:aa:37:
         70:09:58:5e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0rvLtQVEF5hXR2GzRjxnY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMWQ4ZTAwZjNmMDQ1ZThkZWM2MTU3ZjE0MjYyNDFiNWYx
MjZkMGQwHhcNMjYwMzI2MjAwMTIyWhcNMjYwMzI3MjAwMTIyWjAzMTEwLwYDVQQD
Eyg1ZjVhOGJmZWQwNzRkY2YyNTEzNmI4ZjRhODliZTNkZjRmOTYzMTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVri/wWovo6Y9hGyQByq/cxNjE28
M1WEB6QiaGCUSpKIT/SZuKlg6P7B6ISId96NUqNjOlP2ogKdL1Czt0o7ALvStUqv
X+kbTDaXZnUfZ2wJyFmh3ObaQojxxagexWWweMK1sc9BLoI5nLVyokircd1C7Ah7
aBB7JC7VXLYmSAPE80NB6TcY3RUWAe8tNEr4KDohefHFYp0thOGUwOCdVtokZrZK
3FmrF+KYDNlyL7XKU7hCe47uot6feyhnLcDI0LfJ/LU3KPLVpzfOkK5FjZR1EF1N
BLb51ZMV7N0NWTOE5CE51SIuFy/M/RKzn64En3P5cISJIXQzmqBWvebC9wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFF9ai/7QdNzyUTa49Kib499PljEPMB8GA1UdIwQY
MBaAFNodjgDz8EXo3sYVfxQmJBtfEm0NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmgyT0FQUHdSZWpleGhWX0ZDWWtHMThTYlEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi81Yjk3MDktMTEwOC00ZDVmLTg2MDgt
MDlkNTYwYzAwNDNiLzEvMmgyT0FQUHdSZWpleGhWX0ZDWWtHMThTYlEwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi81Yjk3MDktMTEwOC00ZDVmLTg2MDgtMDlkNTYwYzAwNDNi
LzEvMmgyT0FQUHdSZWpleGhWX0ZDWWtHMThTYlEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZACUuHIM
x+aimG6TFxaewdQhsM3PD3qr1IIw7NZecXzelQArt9aevoURCVxJe4z5Om7Jx4+V
4YlBn8vuHBSBbUnJScKuQtueD74du521Zulvs1OFWJ3HRTgu3g1rvMdx9Ixjj6OO
qMGGUqPWlvNrFDqtIcevVi25qNVquGgMcODWXkmdT104eFmO5E8kGk54JYVxpTBH
NuhCWAOQPIN1FjgVy78wTQHcGJG36FgNMsUZzPNnZEKvq3na5t9p9xt9IQVJGPMV
x0ZbI36cZJAddifQRZQxipdUonRcAFPttQ7EmsYpwVDvfPgNpzcDRgVJP/nzXiqI
Vl3ESao3cAlYXg==
-----END CERTIFICATE-----