Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/640370-e21b-408e-8935-27891484d985/1/KH97Jo822TFYldOyCDdzEHGanUE.mft
File:                     KH97Jo822TFYldOyCDdzEHGanUE.mft (raw, json)
Hash identifier:          1jsUtuYWGd17QZPN9xjg/DtxzoQ8NdigIRbOzl2PLv4=
Subject key identifier:   72:02:71:48:23:6D:79:DE:0B:9D:66:57:F8:78:C4:49:51:AC:96:23
Authority key identifier: 28:7F:7B:26:8F:36:D9:31:58:95:D3:B2:08:37:73:10:71:9A:9D:41
Certificate issuer:       /CN=287f7b268f36d9315895d3b208377310719a9d41
Certificate serial:       019D25F1433D5962ED70C1471D2B4F6C28AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KH97Jo822TFYldOyCDdzEHGanUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/640370-e21b-408e-8935-27891484d985/1/KH97Jo822TFYldOyCDdzEHGanUE.mft
Manifest number:          0FDE
Signing time:             Wed 25 Mar 2026 17:01:01 +0000
Manifest this update:     Wed 25 Mar 2026 17:01:01 +0000
Manifest next update:     Thu 26 Mar 2026 17:01:01 +0000
Files and hashes:         1: KH97Jo822TFYldOyCDdzEHGanUE.crl (hash: 7HeIBU/PTDmV+AzZKpY+ptnzxsL7toMPlORqnZy1wjU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/640370-e21b-408e-8935-27891484d985/1/KH97Jo822TFYldOyCDdzEHGanUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/640370-e21b-408e-8935-27891484d985/1/KH97Jo822TFYldOyCDdzEHGanUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KH97Jo822TFYldOyCDdzEHGanUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:f1:43:3d:59:62:ed:70:c1:47:1d:2b:4f:6c:28:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=287f7b268f36d9315895d3b208377310719a9d41
        Validity
            Not Before: Mar 25 17:01:01 2026 GMT
            Not After : Mar 26 17:01:01 2026 GMT
        Subject: CN=72027148236d79de0b9d6657f878c44951ac9623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:31:14:6c:cc:d9:61:19:49:c3:f2:81:6e:6a:
                    39:9e:e3:c5:d7:e4:a4:c6:6c:aa:06:c4:57:be:65:
                    02:91:10:22:de:f2:74:bf:8f:b0:65:2e:e4:d5:e4:
                    1b:65:13:ea:fc:fb:2b:fd:3f:95:f5:48:9d:d2:1e:
                    9d:fc:ee:28:43:e0:2c:17:77:4a:d7:8c:ab:b9:f4:
                    47:b6:eb:39:89:55:ca:0c:d4:0c:0e:d1:dc:50:1f:
                    02:7c:d3:c7:67:a6:73:00:6b:3b:97:38:dd:77:08:
                    0c:48:01:8d:1f:6e:5f:46:04:e6:eb:1b:1f:bd:ec:
                    3f:93:60:96:2a:de:b6:53:45:9b:23:d2:a6:17:2a:
                    24:94:e9:92:fd:5d:06:6e:ce:09:14:c7:6e:08:51:
                    ed:b4:55:19:d6:bb:c0:bf:4d:7b:75:74:86:80:2c:
                    69:80:3b:5f:cc:b5:8b:d1:3b:15:c0:25:a0:90:f8:
                    c6:55:2a:fe:bf:45:5c:3b:8a:88:1e:7b:67:cc:91:
                    c9:fe:09:be:51:ab:39:2e:b6:03:d3:22:60:9a:1f:
                    f0:62:3b:d4:b1:f0:16:47:e6:7c:fc:67:5d:b6:58:
                    bf:b5:35:82:c8:cb:36:e9:20:77:66:52:a8:d4:ad:
                    af:f1:7b:91:bc:e1:de:f4:2f:40:b8:62:dc:58:9f:
                    10:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:02:71:48:23:6D:79:DE:0B:9D:66:57:F8:78:C4:49:51:AC:96:23
            X509v3 Authority Key Identifier:
                keyid:28:7F:7B:26:8F:36:D9:31:58:95:D3:B2:08:37:73:10:71:9A:9D:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KH97Jo822TFYldOyCDdzEHGanUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/640370-e21b-408e-8935-27891484d985/1/KH97Jo822TFYldOyCDdzEHGanUE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/640370-e21b-408e-8935-27891484d985/1/KH97Jo822TFYldOyCDdzEHGanUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         3d:76:0d:e8:3a:93:97:87:0a:12:b0:7d:c3:15:a4:39:78:5a:
         83:89:80:83:7a:88:43:74:cc:ca:93:9f:aa:67:f5:0c:aa:0d:
         3f:c5:c4:b8:02:4b:f3:e6:ab:ab:c8:43:8d:9f:c1:89:6e:54:
         60:13:30:5b:65:d2:99:48:23:47:ba:e2:1e:49:22:8c:13:8a:
         71:e4:2b:e3:99:10:df:03:40:5f:2f:bf:54:a6:2c:6a:4d:4f:
         d5:63:2a:62:76:55:ab:fc:e1:7f:5e:8b:a4:dd:f2:d0:e3:62:
         d7:29:ae:83:d2:aa:12:64:cc:1c:74:bf:5d:21:b2:f0:e7:3c:
         d8:2f:06:87:de:88:e8:57:0a:c4:f1:c8:2f:f8:1e:3d:4a:86:
         42:7e:e8:b1:ed:c2:63:b2:41:52:d3:e4:35:87:1b:7f:10:a4:
         fe:b5:ce:78:a1:08:85:23:9e:76:58:b5:fc:b0:3c:43:5a:b9:
         fb:41:02:6a:79:ca:5b:c9:31:45:d0:e4:b2:49:5f:ee:6e:55:
         80:bc:67:52:2e:e4:93:11:ea:e3:b5:b6:69:6c:fc:a3:93:fd:
         0c:74:45:e0:78:ce:2f:18:6c:9b:93:aa:85:bd:af:34:a0:23:
         26:5c:54:60:c7:0a:c8:e0:35:de:3c:f3:6c:fc:04:1a:58:3e:
         7b:0b:d7:fe
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0l8UM9WWLtcMFHHStPbCivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4N2Y3YjI2OGYzNmQ5MzE1ODk1ZDNiMjA4Mzc3MzEwNzE5
YTlkNDEwHhcNMjYwMzI1MTcwMTAxWhcNMjYwMzI2MTcwMTAxWjAzMTEwLwYDVQQD
Eyg3MjAyNzE0ODIzNmQ3OWRlMGI5ZDY2NTdmODc4YzQ0OTUxYWM5NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DEUbMzZYRlJw/KBbmo5nuPF1+Sk
xmyqBsRXvmUCkRAi3vJ0v4+wZS7k1eQbZRPq/Psr/T+V9Uid0h6d/O4oQ+AsF3dK
14yrufRHtus5iVXKDNQMDtHcUB8CfNPHZ6ZzAGs7lzjddwgMSAGNH25fRgTm6xsf
vew/k2CWKt62U0WbI9KmFyoklOmS/V0Gbs4JFMduCFHttFUZ1rvAv017dXSGgCxp
gDtfzLWL0TsVwCWgkPjGVSr+v0VcO4qIHntnzJHJ/gm+Uas5LrYD0yJgmh/wYjvU
sfAWR+Z8/Gddtli/tTWCyMs26SB3ZlKo1K2v8XuRvOHe9C9AuGLcWJ8Q2wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHICcUgjbXneC51mV/h4xElRrJYjMB8GA1UdIwQY
MBaAFCh/eyaPNtkxWJXTsgg3cxBxmp1BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0g5N0pvODIyVEZZbGRPeUNEZHpFSEdhblVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS82NDAzNzAtZTIxYi00MDhlLTg5MzUt
Mjc4OTE0ODRkOTg1LzEvS0g5N0pvODIyVEZZbGRPeUNEZHpFSEdhblVFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS82NDAzNzAtZTIxYi00MDhlLTg5MzUtMjc4OTE0ODRkOTg1
LzEvS0g5N0pvODIyVEZZbGRPeUNEZHpFSEdhblVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAPXYN6DqT
l4cKErB9wxWkOXhag4mAg3qIQ3TMypOfqmf1DKoNP8XEuAJL8+arq8hDjZ/BiW5U
YBMwW2XSmUgjR7riHkkijBOKceQr45kQ3wNAXy+/VKYsak1P1WMqYnZVq/zhf16L
pN3y0ONi1ymug9KqEmTMHHS/XSGy8Oc82C8Gh96I6FcKxPHIL/gePUqGQn7ose3C
Y7JBUtPkNYcbfxCk/rXOeKEIhSOedli1/LA8Q1q5+0ECannKW8kxRdDksklf7m5V
gLxnUi7kkxHq47W2aWz8o5P9DHRF4HjOLxhsm5Oqhb2vNKAjJlxUYMcKyOA13jzz
bPwEGlg+ewvX/g==
-----END CERTIFICATE-----