Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft
File:                     NDLzVG3kPONceHHFVLizDvY1wlE.mft (raw, json)
Hash identifier:          5F60iz6q+RpmaPwP2FHhunXxvNl76YBRs707WLTeX8o=
Subject key identifier:   0D:D8:E5:D8:F9:70:AB:DF:17:BF:B4:29:5C:05:92:A6:10:6F:13:73
Authority key identifier: 34:32:F3:54:6D:E4:3C:E3:5C:78:71:C5:54:B8:B3:0E:F6:35:C2:51
Certificate issuer:       /CN=3432f3546de43ce35c7871c554b8b30ef635c251
Certificate serial:       019D2771D4ECEEB109A202EBE224624DAC76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDLzVG3kPONceHHFVLizDvY1wlE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft
Manifest number:          042D
Signing time:             Thu 26 Mar 2026 00:01:04 +0000
Manifest this update:     Thu 26 Mar 2026 00:01:04 +0000
Manifest next update:     Fri 27 Mar 2026 00:01:04 +0000
Files and hashes:         1: NDLzVG3kPONceHHFVLizDvY1wlE.crl (hash: ZCyLgIHxnQxgoA1kAmb40GOyu6vcm7L7lsLDU/yO4+M=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NDLzVG3kPONceHHFVLizDvY1wlE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:71:d4:ec:ee:b1:09:a2:02:eb:e2:24:62:4d:ac:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3432f3546de43ce35c7871c554b8b30ef635c251
        Validity
            Not Before: Mar 26 00:01:04 2026 GMT
            Not After : Mar 27 00:01:04 2026 GMT
        Subject: CN=0dd8e5d8f970abdf17bfb4295c0592a6106f1373
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:95:04:66:2d:d9:1e:4c:fe:e5:72:85:41:38:
                    60:af:62:f2:3f:9b:33:24:2c:83:ad:29:11:f0:8f:
                    9c:1e:eb:b2:52:76:6c:00:15:fe:9b:a1:67:4d:cb:
                    47:bd:c7:49:c4:36:dc:64:00:5c:d7:21:69:bb:0d:
                    cd:29:2c:6f:3e:96:01:3d:1d:24:41:f6:16:41:1a:
                    5c:80:ee:3a:a1:ec:1b:da:b6:a3:ad:b3:c2:fa:88:
                    72:9d:54:4d:a5:2e:42:93:83:ba:7b:86:13:c0:7e:
                    72:69:56:b0:94:30:3b:97:a4:0a:83:c1:76:1c:93:
                    cb:c1:5b:7e:b0:47:92:52:41:51:d6:84:a0:00:bb:
                    c6:1b:48:b2:76:15:c1:e0:fe:0f:91:65:5c:bd:10:
                    01:f5:42:07:db:e7:94:0d:19:55:70:af:4c:4b:fc:
                    3c:51:fe:d9:2a:21:23:70:c0:bb:fc:af:2d:80:d5:
                    5c:1b:20:2b:59:9a:73:40:6f:41:25:2f:85:8f:3d:
                    51:39:65:e9:1c:af:db:a2:e6:7c:3a:fe:19:0a:fc:
                    59:f9:d0:34:8d:2a:86:cb:1d:79:d7:5d:c9:29:cb:
                    32:2b:50:fa:f3:00:ca:9a:83:17:e9:e0:f1:8a:54:
                    6c:8a:3e:09:54:2b:15:91:24:7f:d9:a0:a2:3b:1d:
                    d7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D8:E5:D8:F9:70:AB:DF:17:BF:B4:29:5C:05:92:A6:10:6F:13:73
            X509v3 Authority Key Identifier:
                keyid:34:32:F3:54:6D:E4:3C:E3:5C:78:71:C5:54:B8:B3:0E:F6:35:C2:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDLzVG3kPONceHHFVLizDvY1wlE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         20:37:68:63:48:02:22:f7:88:3e:de:5e:58:ea:5b:dd:3b:2d:
         6c:98:ba:67:b4:eb:a6:ad:8c:cf:1a:b8:a5:66:14:e3:e9:d6:
         97:86:5f:e7:3e:37:d7:12:dc:b2:2e:ce:a5:65:bd:f5:1a:7f:
         be:69:01:b7:3d:c8:73:2b:1b:d5:5d:da:35:c6:a6:81:66:0d:
         64:0c:04:35:74:62:28:7a:48:96:32:21:65:9e:d7:bc:ad:da:
         37:b7:20:e8:f8:df:5a:59:60:a5:e9:00:95:0b:f9:6b:f5:ec:
         f0:ef:d0:44:17:82:c1:45:44:2a:a7:07:af:7d:db:34:3d:e8:
         08:c1:f9:66:72:34:75:1a:dc:2a:d5:34:e1:31:f3:67:fe:5a:
         05:89:de:ce:e8:b1:57:b4:6c:cf:11:1e:eb:ea:b3:68:13:55:
         8e:82:2d:74:3f:0a:85:6f:ed:65:24:39:87:1f:2d:85:86:a1:
         53:64:dd:4a:12:c0:ef:9e:79:14:b3:0e:fd:70:37:66:77:c3:
         6b:ae:15:72:d6:e9:0b:16:4d:7c:26:af:04:2d:27:8c:b7:3b:
         d5:7c:46:9f:cd:d0:f0:93:7e:ba:3f:27:45:bb:b8:7f:47:a0:
         01:b2:a0:0f:0e:d1:45:2b:f0:d9:7d:fa:25:19:37:1d:1b:ec:
         41:96:a7:10
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0ncdTs7rEJogLr4iRiTax2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzJmMzU0NmRlNDNjZTM1Yzc4NzFjNTU0YjhiMzBlZjYz
NWMyNTEwHhcNMjYwMzI2MDAwMTA0WhcNMjYwMzI3MDAwMTA0WjAzMTEwLwYDVQQD
EygwZGQ4ZTVkOGY5NzBhYmRmMTdiZmI0Mjk1YzA1OTJhNjEwNmYxMzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZUEZi3ZHkz+5XKFQThgr2LyP5sz
JCyDrSkR8I+cHuuyUnZsABX+m6FnTctHvcdJxDbcZABc1yFpuw3NKSxvPpYBPR0k
QfYWQRpcgO46oewb2rajrbPC+ohynVRNpS5Ck4O6e4YTwH5yaVawlDA7l6QKg8F2
HJPLwVt+sEeSUkFR1oSgALvGG0iydhXB4P4PkWVcvRAB9UIH2+eUDRlVcK9MS/w8
Uf7ZKiEjcMC7/K8tgNVcGyArWZpzQG9BJS+Fjz1ROWXpHK/bouZ8Ov4ZCvxZ+dA0
jSqGyx15113JKcsyK1D68wDKmoMX6eDxilRsij4JVCsVkSR/2aCiOx3X3wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFA3Y5dj5cKvfF7+0KVwFkqYQbxNzMB8GA1UdIwQY
MBaAFDQy81Rt5DzjXHhxxVS4sw72NcJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRMelZHM2tQT05jZUhIRlZMaXpEdlkxd2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9kZTc3YWUtMjllMy00YTA0LWEwMjct
NjYzOGMzZWI0MDI3LzEvTkRMelZHM2tQT05jZUhIRlZMaXpEdlkxd2xFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9kZTc3YWUtMjllMy00YTA0LWEwMjctNjYzOGMzZWI0MDI3
LzEvTkRMelZHM2tQT05jZUhIRlZMaXpEdlkxd2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIDdoY0gC
IveIPt5eWOpb3TstbJi6Z7Trpq2Mzxq4pWYU4+nWl4Zf5z431xLcsi7OpWW99Rp/
vmkBtz3Icysb1V3aNcamgWYNZAwENXRiKHpIljIhZZ7XvK3aN7cg6PjfWllgpekA
lQv5a/Xs8O/QRBeCwUVEKqcHr33bND3oCMH5ZnI0dRrcKtU04THzZ/5aBYnezuix
V7RszxEe6+qzaBNVjoItdD8KhW/tZSQ5hx8thYahU2TdShLA7555FLMO/XA3ZnfD
a64VctbpCxZNfCavBC0njLc71XxGn83Q8JN+uj8nRbu4f0egAbKgDw7RRSvw2X36
JRk3HRvsQZanEA==
-----END CERTIFICATE-----