Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft
File:                     d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft (raw, json)
Hash identifier:          BirFJqp7tcyYhgBK/DHmjj4FrdZIf8obHnmnXGAu4Lk=
Subject key identifier:   B9:90:66:A8:96:F2:68:FB:D7:6E:99:B2:0C:99:42:A6:36:BF:1F:19
Authority key identifier: 77:63:E4:7F:C8:50:AC:C8:FF:DA:06:E3:DA:23:A4:A4:44:C2:D6:FC
Certificate issuer:       /CN=7763e47fc850acc8ffda06e3da23a4a444c2d6fc
Certificate serial:       019D2704396BF94319757A9BC2E572970238
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2Pkf8hQrMj_2gbj2iOkpETC1vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft
Manifest number:          0AAF
Signing time:             Wed 25 Mar 2026 22:01:21 +0000
Manifest this update:     Wed 25 Mar 2026 22:01:21 +0000
Manifest next update:     Thu 26 Mar 2026 22:01:21 +0000
Files and hashes:         1: d2Pkf8hQrMj_2gbj2iOkpETC1vw.crl (hash: VQKFZ/3vB0nDcryetjZDozrRJTYkgxhLthh/TLStEXk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d2Pkf8hQrMj_2gbj2iOkpETC1vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:04:39:6b:f9:43:19:75:7a:9b:c2:e5:72:97:02:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7763e47fc850acc8ffda06e3da23a4a444c2d6fc
        Validity
            Not Before: Mar 25 22:01:21 2026 GMT
            Not After : Mar 26 22:01:21 2026 GMT
        Subject: CN=b99066a896f268fbd76e99b20c9942a636bf1f19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:06:a5:9d:72:d0:14:01:12:90:3f:24:b8:6b:
                    a6:4f:ed:8e:24:5b:79:95:e0:e1:dc:0e:08:d5:4a:
                    68:8d:50:04:7a:dc:1d:77:cc:06:c4:a3:a2:f5:15:
                    c7:72:b3:52:fb:31:db:1e:d1:85:07:2b:f4:e2:7f:
                    63:72:fe:fe:e6:be:23:d7:80:f0:38:8e:b2:7b:23:
                    7a:ac:ed:da:d1:be:23:e5:39:26:7d:cd:2c:96:c8:
                    48:83:08:a0:f5:b3:72:a1:0d:71:e6:43:9b:a6:23:
                    6d:f1:05:d5:fe:4f:64:0d:7f:44:47:1b:4e:ea:3e:
                    82:62:ff:9f:ec:56:f0:bc:a4:f8:11:33:92:be:7a:
                    b5:e8:88:29:fb:eb:8f:e8:12:e8:c5:a3:07:b8:da:
                    45:18:82:76:85:08:a1:a0:0a:64:04:15:64:6d:69:
                    7b:3c:bc:fa:63:15:d4:1f:94:c8:aa:22:6b:65:ab:
                    51:14:6d:d5:6a:25:85:1d:76:ab:47:6d:d3:f8:1f:
                    6b:b7:57:ae:1e:e8:22:76:75:cf:fd:e5:4e:82:00:
                    78:5d:25:79:ad:54:14:fd:53:6c:8e:5b:c4:3f:02:
                    d5:b9:a5:0f:b8:55:59:87:4d:15:ba:88:22:da:82:
                    33:7e:50:05:17:b0:0d:f7:5d:f5:11:18:dd:2e:70:
                    11:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:90:66:A8:96:F2:68:FB:D7:6E:99:B2:0C:99:42:A6:36:BF:1F:19
            X509v3 Authority Key Identifier:
                keyid:77:63:E4:7F:C8:50:AC:C8:FF:DA:06:E3:DA:23:A4:A4:44:C2:D6:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2Pkf8hQrMj_2gbj2iOkpETC1vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         07:58:3f:f7:44:b8:b8:61:80:f0:3e:b5:32:38:ec:8d:74:6f:
         49:3b:35:da:fd:8d:d9:6c:7f:f1:cd:9b:64:33:f0:87:33:7b:
         d0:b9:10:db:b4:57:43:40:6a:66:13:ab:95:81:fb:24:34:1f:
         db:f7:28:c7:a3:72:a3:69:05:91:cd:a1:89:c1:41:28:a6:e4:
         91:86:33:4e:70:16:0e:36:10:18:29:23:a6:23:93:3b:1a:13:
         67:36:cb:fe:b1:4c:f7:bb:aa:d1:3b:3d:fa:4a:42:39:f5:e8:
         6c:7b:3e:b6:e1:20:f5:97:93:8d:17:b2:71:8f:e5:a7:b4:6b:
         61:83:8a:25:dd:c1:f4:57:83:c2:18:55:83:19:f8:6a:28:a9:
         74:ca:06:6e:7c:a6:14:c8:07:9f:a9:86:52:d4:69:59:02:bd:
         59:b4:f1:2b:74:b6:a2:30:87:f8:26:c0:10:0c:ea:e2:e3:50:
         78:4b:c5:20:94:7e:71:4a:bf:04:11:d0:19:7a:7b:ec:37:90:
         21:f0:6a:ac:33:a7:39:c2:99:c1:1e:63:8a:28:7d:56:84:38:
         e7:74:21:6d:f1:ee:ea:c5:14:c6:ad:ad:9a:d6:97:e7:48:87:
         a6:c9:22:ea:58:63:d5:fa:70:5c:cc:9d:68:9c:bc:1e:8c:15:
         2a:1b:30:22
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0nBDlr+UMZdXqbwuVylwI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NjNlNDdmYzg1MGFjYzhmZmRhMDZlM2RhMjNhNGE0NDRj
MmQ2ZmMwHhcNMjYwMzI1MjIwMTIxWhcNMjYwMzI2MjIwMTIxWjAzMTEwLwYDVQQD
EyhiOTkwNjZhODk2ZjI2OGZiZDc2ZTk5YjIwYzk5NDJhNjM2YmYxZjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwalnXLQFAESkD8kuGumT+2OJFt5
leDh3A4I1UpojVAEetwdd8wGxKOi9RXHcrNS+zHbHtGFByv04n9jcv7+5r4j14Dw
OI6yeyN6rO3a0b4j5Tkmfc0slshIgwig9bNyoQ1x5kObpiNt8QXV/k9kDX9ERxtO
6j6CYv+f7FbwvKT4ETOSvnq16Igp++uP6BLoxaMHuNpFGIJ2hQihoApkBBVkbWl7
PLz6YxXUH5TIqiJrZatRFG3VaiWFHXarR23T+B9rt1euHugidnXP/eVOggB4XSV5
rVQU/VNsjlvEPwLVuaUPuFVZh00Vuogi2oIzflAFF7AN9131ERjdLnAReQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFLmQZqiW8mj7126ZsgyZQqY2vx8ZMB8GA1UdIwQY
MBaAFHdj5H/IUKzI/9oG49ojpKREwtb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDJQa2Y4aFFyTWpfMmdiajJpT2twRVRDMXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9hYWJiNWYtNzJmMi00OTI4LTkyYTkt
MmZmOWQ0MmVlMjEzLzEvZDJQa2Y4aFFyTWpfMmdiajJpT2twRVRDMXZ3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9hYWJiNWYtNzJmMi00OTI4LTkyYTktMmZmOWQ0MmVlMjEz
LzEvZDJQa2Y4aFFyTWpfMmdiajJpT2twRVRDMXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAB1g/90S4
uGGA8D61MjjsjXRvSTs12v2N2Wx/8c2bZDPwhzN70LkQ27RXQ0BqZhOrlYH7JDQf
2/cox6Nyo2kFkc2hicFBKKbkkYYzTnAWDjYQGCkjpiOTOxoTZzbL/rFM97uq0Ts9
+kpCOfXobHs+tuEg9ZeTjReycY/lp7RrYYOKJd3B9FeDwhhVgxn4aiipdMoGbnym
FMgHn6mGUtRpWQK9WbTxK3S2ojCH+CbAEAzq4uNQeEvFIJR+cUq/BBHQGXp77DeQ
IfBqrDOnOcKZwR5jiih9VoQ453QhbfHu6sUUxq2tmtaX50iHpski6lhj1fpwXMyd
aJy8HowVKhswIg==
-----END CERTIFICATE-----