Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/9a2b8a-a558-4f43-9adf-67648099d8e1/1/FseIv2PBqcecEUVP45bScWqh03g.mft
File:                     FseIv2PBqcecEUVP45bScWqh03g.mft (raw, json)
Hash identifier:          ediqzOxuToXgJ48BWt74h4T6HpPMRO1kBDAHqydKf7w=
Subject key identifier:   44:25:2A:21:E0:C0:88:3B:79:2B:F0:9D:5A:92:09:C2:B4:B8:B5:0F
Authority key identifier: 16:C7:88:BF:63:C1:A9:C7:9C:11:45:4F:E3:96:D2:71:6A:A1:D3:78
Certificate issuer:       /CN=16c788bf63c1a9c79c11454fe396d2716aa1d378
Certificate serial:       019D33E3DD6695D5F61FF3D4FE9C4970A8D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FseIv2PBqcecEUVP45bScWqh03g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/9a2b8a-a558-4f43-9adf-67648099d8e1/1/FseIv2PBqcecEUVP45bScWqh03g.mft
Manifest number:          3C
Signing time:             Sat 28 Mar 2026 10:01:04 +0000
Manifest this update:     Sat 28 Mar 2026 10:01:04 +0000
Manifest next update:     Sun 29 Mar 2026 10:01:04 +0000
Files and hashes:         1: FseIv2PBqcecEUVP45bScWqh03g.crl (hash: QrptKydBbl3nATQM5o8PeqzOvkS4zdJd6HF1jQIwuwM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/9a2b8a-a558-4f43-9adf-67648099d8e1/1/FseIv2PBqcecEUVP45bScWqh03g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/9a2b8a-a558-4f43-9adf-67648099d8e1/1/FseIv2PBqcecEUVP45bScWqh03g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FseIv2PBqcecEUVP45bScWqh03g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:e3:dd:66:95:d5:f6:1f:f3:d4:fe:9c:49:70:a8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16c788bf63c1a9c79c11454fe396d2716aa1d378
        Validity
            Not Before: Mar 28 10:01:04 2026 GMT
            Not After : Mar 29 10:01:04 2026 GMT
        Subject: CN=44252a21e0c0883b792bf09d5a9209c2b4b8b50f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ef:0a:94:0b:ad:d7:6f:33:38:ae:55:e0:6d:
                    c1:de:a1:c6:38:32:50:ba:41:3b:32:21:79:85:9f:
                    9d:66:5f:db:ae:81:2d:90:05:ad:de:18:bf:49:d5:
                    72:71:51:a9:fe:52:ed:d1:b8:c5:ef:90:b4:ab:53:
                    17:a4:ca:bb:22:42:a7:3c:78:6f:d9:34:7c:e7:6d:
                    37:8c:2f:83:7b:ff:d8:9c:8c:a9:ab:37:8f:2c:aa:
                    1d:bd:f0:ca:96:ed:61:46:c8:e7:a3:41:77:21:26:
                    47:50:cc:5c:a9:f3:b9:b7:97:1f:82:80:73:62:41:
                    e9:c5:cc:17:67:b5:a2:b4:de:08:3e:bc:97:b8:ec:
                    4c:0c:53:a8:a4:53:72:72:76:22:46:58:f3:f4:3c:
                    63:9b:4e:1c:5e:47:d4:b7:b2:9a:73:61:de:0f:1d:
                    3b:69:0e:b8:0d:77:f6:a6:45:e2:60:52:53:48:50:
                    65:3a:89:b7:ff:60:b6:56:20:3f:41:86:97:7b:5a:
                    19:77:50:1e:5a:2f:63:d5:6e:94:ab:69:2f:80:e5:
                    a9:cf:17:92:89:0e:ca:7d:42:3f:fd:7c:01:cf:9e:
                    79:8a:6d:f9:d5:76:04:c1:4a:e0:6c:c3:ce:d8:81:
                    42:82:3e:9b:cd:52:ef:0a:5c:eb:f4:89:0b:27:a9:
                    29:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:25:2A:21:E0:C0:88:3B:79:2B:F0:9D:5A:92:09:C2:B4:B8:B5:0F
            X509v3 Authority Key Identifier:
                keyid:16:C7:88:BF:63:C1:A9:C7:9C:11:45:4F:E3:96:D2:71:6A:A1:D3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FseIv2PBqcecEUVP45bScWqh03g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/9a2b8a-a558-4f43-9adf-67648099d8e1/1/FseIv2PBqcecEUVP45bScWqh03g.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/9a2b8a-a558-4f43-9adf-67648099d8e1/1/FseIv2PBqcecEUVP45bScWqh03g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         86:4e:b5:81:19:4b:e4:3e:7c:11:ab:1f:60:72:27:01:9a:aa:
         74:cd:be:e5:79:bb:b7:a9:fb:db:2b:cd:dc:63:6b:e5:19:4d:
         8f:88:d6:95:65:dd:59:5b:e3:27:24:53:8d:8b:39:2d:22:72:
         2b:47:a1:4f:2f:cd:7d:76:b1:d0:34:e5:b5:f4:75:d1:88:d2:
         35:d2:83:15:c8:f1:7b:d6:26:82:3c:96:5a:4e:1f:c1:cb:2b:
         2d:e0:38:75:96:36:41:24:9b:ba:bd:a9:65:ed:9e:ef:07:22:
         1d:6d:cf:b6:ae:3c:41:96:08:4b:d9:97:ff:d1:77:f3:03:83:
         0b:55:d5:39:57:12:63:62:6c:ca:6d:e0:c0:2a:ef:3d:40:7f:
         ac:e8:cd:4e:72:5d:58:e4:e3:46:4d:67:da:bc:21:a1:43:1e:
         c4:e0:de:c5:61:71:1a:6e:e5:97:74:45:bf:03:be:c6:e0:54:
         64:55:ce:33:ae:92:95:bd:ff:87:5e:92:23:47:52:da:2c:29:
         39:7c:2b:4b:09:26:92:9c:6e:51:45:61:20:eb:93:70:0c:49:
         dd:6d:e2:fb:a8:a7:06:76:49:71:6e:0b:f6:c3:b3:2e:c7:c6:
         3d:43:9e:fe:5a:05:ce:7f:f3:20:2f:54:2e:da:93:b1:bd:0c:
         ab:85:e9:07
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0z491mldX2H/PU/pxJcKjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Yzc4OGJmNjNjMWE5Yzc5YzExNDU0ZmUzOTZkMjcxNmFh
MWQzNzgwHhcNMjYwMzI4MTAwMTA0WhcNMjYwMzI5MTAwMTA0WjAzMTEwLwYDVQQD
Eyg0NDI1MmEyMWUwYzA4ODNiNzkyYmYwOWQ1YTkyMDljMmI0YjhiNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme8KlAut128zOK5V4G3B3qHGODJQ
ukE7MiF5hZ+dZl/broEtkAWt3hi/SdVycVGp/lLt0bjF75C0q1MXpMq7IkKnPHhv
2TR85203jC+De//YnIypqzePLKodvfDKlu1hRsjno0F3ISZHUMxcqfO5t5cfgoBz
YkHpxcwXZ7WitN4IPryXuOxMDFOopFNycnYiRljz9Dxjm04cXkfUt7Kac2HeDx07
aQ64DXf2pkXiYFJTSFBlOom3/2C2ViA/QYaXe1oZd1AeWi9j1W6Uq2kvgOWpzxeS
iQ7KfUI//XwBz555im351XYEwUrgbMPO2IFCgj6bzVLvClzr9IkLJ6kp+QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEQlKiHgwIg7eSvwnVqSCcK0uLUPMB8GA1UdIwQY
MBaAFBbHiL9jwanHnBFFT+OW0nFqodN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnNlSXYyUEJxY2VjRVVWUDQ1YlNjV3FoMDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi85YTJiOGEtYTU1OC00ZjQzLTlhZGYt
Njc2NDgwOTlkOGUxLzEvRnNlSXYyUEJxY2VjRVVWUDQ1YlNjV3FoMDNnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi85YTJiOGEtYTU1OC00ZjQzLTlhZGYtNjc2NDgwOTlkOGUx
LzEvRnNlSXYyUEJxY2VjRVVWUDQ1YlNjV3FoMDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAhk61gRlL
5D58EasfYHInAZqqdM2+5Xm7t6n72yvN3GNr5RlNj4jWlWXdWVvjJyRTjYs5LSJy
K0ehTy/NfXax0DTltfR10YjSNdKDFcjxe9YmgjyWWk4fwcsrLeA4dZY2QSSbur2p
Ze2e7wciHW3Ptq48QZYIS9mX/9F38wODC1XVOVcSY2Jsym3gwCrvPUB/rOjNTnJd
WOTjRk1n2rwhoUMexODexWFxGm7ll3RFvwO+xuBUZFXOM66Slb3/h16SI0dS2iwp
OXwrSwkmkpxuUUVhIOuTcAxJ3W3i+6inBnZJcW4L9sOzLsfGPUOe/loFzn/zIC9U
LtqTsb0Mq4XpBw==
-----END CERTIFICATE-----