Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft
File:                     KhQFaUht0XjbWDoKHklt8iMYXTU.mft (raw, json)
Hash identifier:          NltEN5Rp5z0IxYhhb9qDQ9VTaorRqZpXS7nAVlTfI84=
Subject key identifier:   89:57:88:83:05:7B:67:90:84:93:DD:74:91:34:AD:F7:42:B3:1E:A5
Authority key identifier: 2A:14:05:69:48:6D:D1:78:DB:58:3A:0A:1E:49:6D:F2:23:18:5D:35
Certificate issuer:       /CN=2a140569486dd178db583a0a1e496df223185d35
Certificate serial:       019D2584094AC991BC17723EF90F33D67A55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KhQFaUht0XjbWDoKHklt8iMYXTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft
Manifest number:          0ACB
Signing time:             Wed 25 Mar 2026 15:01:43 +0000
Manifest this update:     Wed 25 Mar 2026 15:01:43 +0000
Manifest next update:     Thu 26 Mar 2026 15:01:43 +0000
Files and hashes:         1: KhQFaUht0XjbWDoKHklt8iMYXTU.crl (hash: AEDU0I+diA9K13I3tbP6s84eRE68OjcdIDNQEPE66Rw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KhQFaUht0XjbWDoKHklt8iMYXTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:84:09:4a:c9:91:bc:17:72:3e:f9:0f:33:d6:7a:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a140569486dd178db583a0a1e496df223185d35
        Validity
            Not Before: Mar 25 15:01:43 2026 GMT
            Not After : Mar 26 15:01:43 2026 GMT
        Subject: CN=89578883057b67908493dd749134adf742b31ea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c8:c3:86:58:92:88:2b:fa:61:e8:20:7e:e0:
                    7a:3a:e4:2f:b7:c6:ce:84:24:61:82:20:2d:85:c9:
                    97:c7:df:a0:c9:54:23:12:ba:ac:ac:3c:44:c3:8c:
                    22:8a:ec:92:66:72:d4:6f:c1:c2:2e:b9:73:eb:d4:
                    1c:8e:37:35:b3:ef:78:15:f7:14:f7:42:87:b3:c1:
                    f6:ab:d0:46:2a:90:7b:50:26:df:47:9b:65:4b:41:
                    b5:d9:bf:25:9b:25:b0:02:19:d3:8d:5c:02:a4:61:
                    b5:54:e7:50:f9:1c:67:a4:da:6e:73:20:95:90:2d:
                    08:27:2b:47:ac:c6:37:8c:f7:75:cc:14:5a:0f:44:
                    1d:5a:70:4b:0a:67:76:c3:c4:ba:6e:1b:94:f8:bc:
                    91:6b:93:b4:37:a2:53:92:66:13:62:5f:7f:f1:d6:
                    db:58:81:d5:e9:6f:57:b1:28:e5:8d:5b:ff:59:fa:
                    af:ab:fd:12:db:ec:52:a0:a5:ca:6f:2b:b5:ef:ed:
                    0b:ee:45:a5:bf:b1:cb:15:04:fe:54:b4:e6:13:56:
                    98:b7:c9:41:af:7a:2c:b6:23:bc:0f:ef:1e:4c:4a:
                    c2:a1:32:20:c6:05:45:cc:ef:f9:4e:8a:10:75:60:
                    39:c9:1d:7d:42:db:02:1f:90:80:45:d6:bd:ff:53:
                    5e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:57:88:83:05:7B:67:90:84:93:DD:74:91:34:AD:F7:42:B3:1E:A5
            X509v3 Authority Key Identifier:
                keyid:2A:14:05:69:48:6D:D1:78:DB:58:3A:0A:1E:49:6D:F2:23:18:5D:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KhQFaUht0XjbWDoKHklt8iMYXTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         68:b0:e8:a8:08:bb:9f:fa:a1:ea:d3:8f:fd:ef:2e:b9:94:23:
         65:56:80:e6:b8:02:40:ba:24:1b:5a:f2:dc:c8:ae:b3:e3:e3:
         b9:16:d3:87:bc:65:0c:b3:4d:4a:b0:c2:7c:2a:90:cf:97:f4:
         4f:c8:0f:27:0a:70:a2:38:1e:9c:d8:ab:95:59:8b:e7:b4:e5:
         ba:54:1a:3b:14:fa:65:6c:78:87:cd:61:85:23:45:8d:53:c5:
         d0:60:d1:61:b3:dc:fa:bc:51:db:b4:d5:14:37:3b:96:12:21:
         3b:55:d8:25:31:6f:1c:2d:34:7c:12:b1:cc:18:de:48:2b:ad:
         d2:26:47:fb:fd:c6:a0:ff:cf:78:2a:28:ad:fa:e0:b3:74:a9:
         ae:c5:5d:17:9b:b7:55:a0:ff:48:29:e3:ee:09:fc:3f:e9:02:
         f9:87:e0:b0:7d:be:f9:59:fe:35:89:f3:25:5d:33:26:b9:64:
         d6:da:06:45:8b:d0:31:c1:ae:e6:e0:45:b7:72:87:7a:72:4d:
         ed:11:85:94:9b:6e:22:38:0a:8d:0a:06:ad:81:52:5b:75:73:
         67:00:d3:ad:4b:62:19:66:a7:1d:54:ca:d9:f5:df:ac:e1:b9:
         13:e2:2e:37:0d:2b:5c:80:01:f1:17:4a:59:53:9a:02:a3:65:
         e1:80:ba:5b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0lhAlKyZG8F3I++Q8z1npVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMTQwNTY5NDg2ZGQxNzhkYjU4M2EwYTFlNDk2ZGYyMjMx
ODVkMzUwHhcNMjYwMzI1MTUwMTQzWhcNMjYwMzI2MTUwMTQzWjAzMTEwLwYDVQQD
Eyg4OTU3ODg4MzA1N2I2NzkwODQ5M2RkNzQ5MTM0YWRmNzQyYjMxZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcjDhliSiCv6YeggfuB6OuQvt8bO
hCRhgiAthcmXx9+gyVQjErqsrDxEw4wiiuySZnLUb8HCLrlz69Qcjjc1s+94FfcU
90KHs8H2q9BGKpB7UCbfR5tlS0G12b8lmyWwAhnTjVwCpGG1VOdQ+RxnpNpucyCV
kC0IJytHrMY3jPd1zBRaD0QdWnBLCmd2w8S6bhuU+LyRa5O0N6JTkmYTYl9/8dbb
WIHV6W9XsSjljVv/Wfqvq/0S2+xSoKXKbyu17+0L7kWlv7HLFQT+VLTmE1aYt8lB
r3ostiO8D+8eTErCoTIgxgVFzO/5TooQdWA5yR19QtsCH5CARda9/1NewwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIlXiIMFe2eQhJPddJE0rfdCsx6lMB8GA1UdIwQY
MBaAFCoUBWlIbdF421g6Ch5JbfIjGF01MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2hRRmFVaHQwWGpiV0RvS0hrbHQ4aU1ZWFRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81Njk1NzQtNDQxZS00MTViLTgwM2Yt
NTRiZDY0OWI0ODUyLzEvS2hRRmFVaHQwWGpiV0RvS0hrbHQ4aU1ZWFRVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81Njk1NzQtNDQxZS00MTViLTgwM2YtNTRiZDY0OWI0ODUy
LzEvS2hRRmFVaHQwWGpiV0RvS0hrbHQ4aU1ZWFRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAaLDoqAi7
n/qh6tOP/e8uuZQjZVaA5rgCQLokG1ry3Mius+PjuRbTh7xlDLNNSrDCfCqQz5f0
T8gPJwpwojgenNirlVmL57TlulQaOxT6ZWx4h81hhSNFjVPF0GDRYbPc+rxR27TV
FDc7lhIhO1XYJTFvHC00fBKxzBjeSCut0iZH+/3GoP/PeCoorfrgs3SprsVdF5u3
VaD/SCnj7gn8P+kC+YfgsH2++Vn+NYnzJV0zJrlk1toGRYvQMcGu5uBFt3KHenJN
7RGFlJtuIjgKjQoGrYFSW3VzZwDTrUtiGWanHVTK2fXfrOG5E+IuNw0rXIAB8RdK
WVOaAqNl4YC6Ww==
-----END CERTIFICATE-----