Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
File:                     XeHEMjIqoQWMPm_lf2N0qSlgacE.mft (raw, json)
Hash identifier:          ZGemRulWFTWi6O28s8picmmtQl2JwnQ7id0aHA3VC+g=
Subject key identifier:   8E:BA:89:A8:7A:C2:E4:C0:1A:4F:45:9F:06:BF:31:D0:4F:4E:28:09
Authority key identifier: 5D:E1:C4:32:32:2A:A1:05:8C:3E:6F:E5:7F:63:74:A9:29:60:69:C1
Certificate issuer:       /CN=5de1c432322aa1058c3e6fe57f6374a9296069c1
Certificate serial:       019D265F55CFF2CB01C0B8E4BBD331CADF29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
Manifest number:          0D68
Signing time:             Wed 25 Mar 2026 19:01:15 +0000
Manifest this update:     Wed 25 Mar 2026 19:01:15 +0000
Manifest next update:     Thu 26 Mar 2026 19:01:15 +0000
Files and hashes:         1: XeHEMjIqoQWMPm_lf2N0qSlgacE.crl (hash: mBMLpcrn/o9Fe/sGjMT/Wy0lZhVuDTOMcwRhsydYfv0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:26:5f:55:cf:f2:cb:01:c0:b8:e4:bb:d3:31:ca:df:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5de1c432322aa1058c3e6fe57f6374a9296069c1
        Validity
            Not Before: Mar 25 19:01:15 2026 GMT
            Not After : Mar 26 19:01:15 2026 GMT
        Subject: CN=8eba89a87ac2e4c01a4f459f06bf31d04f4e2809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:69:37:e7:08:14:bd:dc:f1:7e:2a:c9:e1:5d:
                    81:14:0e:de:fa:2b:51:95:16:e5:2b:fa:9f:e6:47:
                    7a:31:1e:5f:10:a5:d2:a2:cb:31:de:f1:a3:d7:5b:
                    88:60:1f:af:b5:f1:c0:8e:09:85:12:82:5b:85:35:
                    e5:3d:84:25:01:67:3d:fa:9c:bb:f4:07:d9:ee:ec:
                    9c:b4:1d:77:f5:39:06:dc:c3:58:ab:33:a4:ad:cb:
                    e7:08:9c:3d:f9:fb:3c:bf:81:97:7f:11:2e:08:4a:
                    fb:52:d1:57:ad:aa:da:63:b1:67:4b:13:5e:2f:e6:
                    40:92:39:be:f3:b6:be:53:01:dd:94:55:ac:83:87:
                    da:be:50:c3:38:dc:61:8b:d2:01:20:19:b4:2c:57:
                    ed:c7:3a:08:31:03:7a:77:37:f3:b3:c9:ca:c7:50:
                    d7:13:f9:33:86:7f:08:32:0b:a0:3a:76:b4:43:60:
                    0e:02:70:44:ab:c0:96:a4:f0:03:fd:77:8e:dc:5d:
                    a1:cb:c0:43:f1:93:a8:b7:d0:45:8b:15:1e:08:00:
                    4d:dd:7e:28:9b:f1:97:70:ec:c6:ab:a9:54:2e:f2:
                    67:bd:ed:ec:d7:26:c2:98:5c:25:2d:8f:4f:82:31:
                    cc:7a:38:d7:6d:6d:37:c5:21:bf:32:85:55:cb:70:
                    65:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BA:89:A8:7A:C2:E4:C0:1A:4F:45:9F:06:BF:31:D0:4F:4E:28:09
            X509v3 Authority Key Identifier:
                keyid:5D:E1:C4:32:32:2A:A1:05:8C:3E:6F:E5:7F:63:74:A9:29:60:69:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         44:ff:d9:28:0c:f3:75:d9:07:a6:df:79:6d:ec:0f:9a:af:9c:
         12:11:c1:75:1b:98:bf:f6:c3:fd:a2:ce:81:65:05:a6:26:e8:
         fd:f1:d4:a1:6d:29:42:ff:d9:cf:7a:14:58:f0:6a:db:b2:b2:
         62:6a:b1:f6:7b:a3:a4:6a:a1:27:90:f0:95:89:c6:b0:3a:01:
         1f:d8:ed:4b:67:c7:54:f7:26:ac:13:c6:b5:4a:d2:9b:e2:64:
         79:cb:d7:e4:0e:e4:06:64:0a:6e:41:93:d7:3b:f6:1a:89:76:
         3f:3a:29:fd:f8:7a:5d:d0:47:0b:d8:ac:3b:14:6b:c3:b8:3a:
         f0:9c:71:ad:17:5e:d2:f7:79:ef:ea:e0:89:09:65:c5:b1:e9:
         28:e9:2d:9d:c1:93:d2:83:1c:df:70:11:57:ba:3e:e5:b5:31:
         d1:a2:59:9a:3e:c7:31:27:da:4b:e1:da:a4:1b:81:78:1a:bc:
         44:a0:ed:05:55:6b:21:f7:b6:99:d3:2f:12:2f:b8:c7:b4:4e:
         4a:1e:60:ec:f4:87:04:07:4f:83:89:dc:0e:ba:d2:26:0e:e9:
         bf:ec:15:a2:e7:14:16:0a:60:7e:f3:d8:81:a8:fe:85:cd:48:
         28:97:26:64:69:9f:b1:49:47:8a:c7:6c:db:b0:cf:07:35:d6:
         63:c7:8b:10
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0mX1XP8ssBwLjku9Mxyt8pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZTFjNDMyMzIyYWExMDU4YzNlNmZlNTdmNjM3NGE5Mjk2
MDY5YzEwHhcNMjYwMzI1MTkwMTE1WhcNMjYwMzI2MTkwMTE1WjAzMTEwLwYDVQQD
Eyg4ZWJhODlhODdhYzJlNGMwMWE0ZjQ1OWYwNmJmMzFkMDRmNGUyODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWk35wgUvdzxfirJ4V2BFA7e+itR
lRblK/qf5kd6MR5fEKXSossx3vGj11uIYB+vtfHAjgmFEoJbhTXlPYQlAWc9+py7
9AfZ7uyctB139TkG3MNYqzOkrcvnCJw9+fs8v4GXfxEuCEr7UtFXraraY7FnSxNe
L+ZAkjm+87a+UwHdlFWsg4favlDDONxhi9IBIBm0LFftxzoIMQN6dzfzs8nKx1DX
E/kzhn8IMgugOna0Q2AOAnBEq8CWpPAD/XeO3F2hy8BD8ZOot9BFixUeCABN3X4o
m/GXcOzGq6lULvJnve3s1ybCmFwlLY9PgjHMejjXbW03xSG/MoVVy3Bl4wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFI66iah6wuTAGk9Fnwa/MdBPTigJMB8GA1UdIwQY
MBaAFF3hxDIyKqEFjD5v5X9jdKkpYGnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8zMzc5NmUtN2Q1Zi00NzVjLWI1Njkt
ZDc4YmI2ZjViOGY1LzEvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8zMzc5NmUtN2Q1Zi00NzVjLWI1NjktZDc4YmI2ZjViOGY1
LzEvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEARP/ZKAzz
ddkHpt95bewPmq+cEhHBdRuYv/bD/aLOgWUFpibo/fHUoW0pQv/Zz3oUWPBq27Ky
Ymqx9nujpGqhJ5DwlYnGsDoBH9jtS2fHVPcmrBPGtUrSm+JkecvX5A7kBmQKbkGT
1zv2Gol2Pzop/fh6XdBHC9isOxRrw7g68JxxrRde0vd57+rgiQllxbHpKOktncGT
0oMc33ARV7o+5bUx0aJZmj7HMSfaS+HapBuBeBq8RKDtBVVrIfe2mdMvEi+4x7RO
Sh5g7PSHBAdPg4ncDrrSJg7pv+wVoucUFgpgfvPYgaj+hc1IKJcmZGmfsUlHisds
27DPBzXWY8eLEA==
-----END CERTIFICATE-----