Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft
File:                     BZqsWXzkoNE7edIrO_GKSJnddk8.mft (raw, json)
Hash identifier:          9VxbAtMQ7C6tRNDkPnqqtdKKA92xAdCAmIHUwWUrPkE=
Subject key identifier:   4D:02:82:57:F6:1F:91:51:B1:C7:89:E5:B5:32:03:84:13:47:F4:71
Authority key identifier: 05:9A:AC:59:7C:E4:A0:D1:3B:79:D2:2B:3B:F1:8A:48:99:DD:76:4F
Certificate issuer:       /CN=059aac597ce4a0d13b79d22b3bf18a4899dd764f
Certificate serial:       019D2772E5CCDB1E96C354901D5819E29C18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZqsWXzkoNE7edIrO_GKSJnddk8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft
Manifest number:          0D14
Signing time:             Thu 26 Mar 2026 00:02:14 +0000
Manifest this update:     Thu 26 Mar 2026 00:02:14 +0000
Manifest next update:     Fri 27 Mar 2026 00:02:14 +0000
Files and hashes:         1: BZqsWXzkoNE7edIrO_GKSJnddk8.crl (hash: 1ovoE54yegFuiHv7YJ8MZDqwBR6ZSWiu4QYX7N0+j+o=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZqsWXzkoNE7edIrO_GKSJnddk8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:72:e5:cc:db:1e:96:c3:54:90:1d:58:19:e2:9c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=059aac597ce4a0d13b79d22b3bf18a4899dd764f
        Validity
            Not Before: Mar 26 00:02:14 2026 GMT
            Not After : Mar 27 00:02:14 2026 GMT
        Subject: CN=4d028257f61f9151b1c789e5b53203841347f471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7d:b9:ef:2b:cb:ce:78:10:f8:bb:53:dd:a6:
                    0f:53:58:3d:e8:51:32:6c:28:d8:e4:9c:9e:f7:37:
                    b3:ed:33:9a:56:0b:65:ec:31:9c:0a:a3:45:3b:6b:
                    9a:09:a5:c5:83:ee:91:d2:62:ed:2a:6d:b2:ea:63:
                    6b:6a:db:2b:71:db:30:85:a0:01:41:ed:6c:26:89:
                    fa:fe:1d:99:4c:ce:b3:a6:b6:8e:62:62:c6:0d:a4:
                    06:12:c3:e1:de:34:63:ce:13:88:9e:75:db:46:0f:
                    3d:b8:66:52:4c:f2:c9:8e:da:0d:af:60:f6:80:53:
                    0e:d1:ab:44:e0:71:43:cc:7a:0a:d8:22:44:26:2d:
                    45:4d:67:81:4c:53:29:be:af:af:8f:5f:26:24:d9:
                    bf:1f:cc:40:ba:c2:aa:b1:57:33:9a:3d:dc:94:8c:
                    b2:9c:94:f6:33:c3:99:2c:cf:db:a8:9c:21:1e:cc:
                    bb:f0:5e:32:ac:54:ca:55:8f:c6:39:5e:a3:d9:82:
                    99:7b:e3:4e:52:10:df:86:25:52:cf:64:0a:58:a3:
                    60:06:85:3b:d0:ef:a9:59:41:7c:f9:9e:84:16:e1:
                    b8:1b:a7:59:d5:9c:2c:ff:5d:28:c4:21:ef:54:3c:
                    a8:13:fe:25:54:35:e4:db:f0:a6:5d:94:4e:15:df:
                    c5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:02:82:57:F6:1F:91:51:B1:C7:89:E5:B5:32:03:84:13:47:F4:71
            X509v3 Authority Key Identifier:
                keyid:05:9A:AC:59:7C:E4:A0:D1:3B:79:D2:2B:3B:F1:8A:48:99:DD:76:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZqsWXzkoNE7edIrO_GKSJnddk8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/bab89a-d990-4fc7-86dd-e2c816db81cc/1/BZqsWXzkoNE7edIrO_GKSJnddk8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         21:80:9c:ea:e8:b8:49:f5:92:f1:7f:b9:4b:58:1e:e4:7c:b6:
         ba:68:fb:c6:2a:29:80:4d:0e:bb:9c:87:ac:c1:a5:01:1a:c2:
         3b:f5:5b:5b:ea:30:31:2f:04:c5:be:94:c6:2b:70:ff:ba:7a:
         ec:09:22:d9:8d:9f:2e:24:b6:a8:a2:5b:d6:05:77:b4:01:1a:
         c2:81:a6:9f:d6:45:41:7b:09:9c:13:3d:ce:92:2b:4c:93:6a:
         ec:24:dc:40:60:8c:41:c5:83:21:dc:5e:ff:92:9b:09:39:aa:
         7f:35:82:88:01:22:dc:b2:93:c7:05:48:c6:fe:54:13:a5:a8:
         51:b5:1b:0f:59:54:19:b8:8e:d1:7b:2a:b6:be:bc:c7:5e:80:
         57:8d:d1:39:14:d9:3c:8b:fa:97:c8:b1:2c:86:3c:45:88:73:
         99:cf:8d:ec:02:8e:2e:22:51:83:26:a1:1a:77:8a:1a:8e:39:
         90:75:69:9c:e0:33:21:e5:ba:87:b6:3d:dc:9b:44:3c:38:d2:
         a9:86:ee:f3:52:1b:d7:a7:cf:b5:fd:2d:ce:e3:4e:46:16:54:
         27:ab:12:42:a5:a4:3c:b0:d2:56:86:b5:20:e4:9e:fe:46:09:
         5c:94:ac:b8:47:c4:1a:da:e6:a1:59:ea:59:27:56:a6:fd:84:
         e4:00:fc:f8
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0ncuXM2x6Ww1SQHVgZ4pwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OWFhYzU5N2NlNGEwZDEzYjc5ZDIyYjNiZjE4YTQ4OTlk
ZDc2NGYwHhcNMjYwMzI2MDAwMjE0WhcNMjYwMzI3MDAwMjE0WjAzMTEwLwYDVQQD
Eyg0ZDAyODI1N2Y2MWY5MTUxYjFjNzg5ZTViNTMyMDM4NDEzNDdmNDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxn257yvLzngQ+LtT3aYPU1g96FEy
bCjY5Jye9zez7TOaVgtl7DGcCqNFO2uaCaXFg+6R0mLtKm2y6mNratsrcdswhaAB
Qe1sJon6/h2ZTM6zpraOYmLGDaQGEsPh3jRjzhOInnXbRg89uGZSTPLJjtoNr2D2
gFMO0atE4HFDzHoK2CJEJi1FTWeBTFMpvq+vj18mJNm/H8xAusKqsVczmj3clIyy
nJT2M8OZLM/bqJwhHsy78F4yrFTKVY/GOV6j2YKZe+NOUhDfhiVSz2QKWKNgBoU7
0O+pWUF8+Z6EFuG4G6dZ1Zws/10oxCHvVDyoE/4lVDXk2/CmXZROFd/FeQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFE0Cglf2H5FRsceJ5bUyA4QTR/RxMB8GA1UdIwQY
MBaAFAWarFl85KDRO3nSKzvxikiZ3XZPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpxc1dYemtvTkU3ZWRJck9fR0tTSm5kZGs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9iYWI4OWEtZDk5MC00ZmM3LTg2ZGQt
ZTJjODE2ZGI4MWNjLzEvQlpxc1dYemtvTkU3ZWRJck9fR0tTSm5kZGs4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9iYWI4OWEtZDk5MC00ZmM3LTg2ZGQtZTJjODE2ZGI4MWNj
LzEvQlpxc1dYemtvTkU3ZWRJck9fR0tTSm5kZGs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIYCc6ui4
SfWS8X+5S1ge5Hy2umj7xiopgE0Ou5yHrMGlARrCO/VbW+owMS8Exb6Uxitw/7p6
7Aki2Y2fLiS2qKJb1gV3tAEawoGmn9ZFQXsJnBM9zpIrTJNq7CTcQGCMQcWDIdxe
/5KbCTmqfzWCiAEi3LKTxwVIxv5UE6WoUbUbD1lUGbiO0Xsqtr68x16AV43RORTZ
PIv6l8ixLIY8RYhzmc+N7AKOLiJRgyahGneKGo45kHVpnOAzIeW6h7Y93JtEPDjS
qYbu81Ib16fPtf0tzuNORhZUJ6sSQqWkPLDSVoa1IOSe/kYJXJSsuEfEGtrmoVnq
WSdWpv2E5AD8+A==
-----END CERTIFICATE-----