Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
File:                     2bN6OM6IfTdjYEau84ehwjMVLkE.mft (raw, json)
Hash identifier:          PDWFE7gXj+G8zfBA1ilgTELxmWxDe2/sXTC3unf635g=
Subject key identifier:   02:AA:AF:08:08:78:DB:D1:8C:71:5A:2F:98:DA:24:E0:21:87:72:4A
Authority key identifier: D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41
Certificate issuer:       /CN=d9b37a38ce887d37636046aef387a1c233152e41
Certificate serial:       019D270466F47F2587FE8626F7D858B85B01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
Manifest number:          0917
Signing time:             Wed 25 Mar 2026 22:01:32 +0000
Manifest this update:     Wed 25 Mar 2026 22:01:32 +0000
Manifest next update:     Thu 26 Mar 2026 22:01:32 +0000
Files and hashes:         1: 2bN6OM6IfTdjYEau84ehwjMVLkE.crl (hash: e69nI22NbTO7bBUJqUGbhdsI5m6X8eVv25q1C02DIsQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:04:66:f4:7f:25:87:fe:86:26:f7:d8:58:b8:5b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9b37a38ce887d37636046aef387a1c233152e41
        Validity
            Not Before: Mar 25 22:01:32 2026 GMT
            Not After : Mar 26 22:01:32 2026 GMT
        Subject: CN=02aaaf080878dbd18c715a2f98da24e02187724a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:45:bf:9e:17:3b:97:4a:cd:92:0d:90:7e:ee:
                    b1:4d:db:fc:2d:97:34:57:66:39:e6:07:d1:df:a8:
                    88:f1:d1:92:a2:86:d2:4d:39:de:d3:b3:59:a7:40:
                    b2:2f:cd:2a:c5:d5:9c:4c:5a:9f:1b:cc:8e:f2:29:
                    3c:4b:f2:54:c5:83:2c:89:87:98:72:6c:3b:40:b3:
                    57:8a:49:68:32:65:14:13:bf:a4:cb:38:9e:e3:dd:
                    0e:fe:16:70:75:a9:6d:29:c7:d0:ad:85:a0:ad:28:
                    ba:ae:4c:1f:c6:bc:01:04:ad:b4:75:88:21:5c:9f:
                    59:55:9f:28:ec:8f:40:57:77:77:c0:4d:48:ea:23:
                    9e:68:8d:b7:02:b4:10:cc:7b:13:6f:c5:eb:28:11:
                    76:7e:da:b3:0c:41:4e:5c:10:5d:86:e5:ea:54:07:
                    c1:6a:57:a0:b9:36:1a:62:72:bc:bd:04:a2:5f:37:
                    64:81:9c:29:5a:b2:39:80:83:b3:2c:5e:90:af:e1:
                    23:7f:10:e7:0f:61:64:88:6a:a9:22:dc:05:8d:d5:
                    08:39:fc:ed:19:5c:3c:d8:08:e6:be:8e:a8:3b:0d:
                    76:38:41:80:df:22:00:46:1d:86:ad:18:17:22:c5:
                    68:eb:5f:b6:d1:a3:53:3b:45:f3:38:77:68:87:8f:
                    fd:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:AA:AF:08:08:78:DB:D1:8C:71:5A:2F:98:DA:24:E0:21:87:72:4A
            X509v3 Authority Key Identifier:
                keyid:D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         7e:a5:f6:c4:8e:f2:7d:41:c8:61:63:53:19:c3:b7:67:f1:2f:
         2d:f5:2a:04:af:cd:fc:bc:a2:35:cc:6f:05:29:96:58:8f:29:
         da:af:f2:0d:18:4b:61:13:0e:14:a6:71:c6:b0:46:db:51:b2:
         d9:94:f5:f7:8f:72:0f:d7:1e:78:36:ae:b4:76:c3:c6:a7:26:
         1b:af:7a:0d:5e:6f:dc:97:ea:7f:a7:e8:52:75:86:8e:d2:fb:
         50:fb:91:e4:cd:71:08:8e:10:3a:4f:0c:ea:65:5f:24:79:07:
         23:18:e0:b0:a5:98:11:32:c4:07:b2:dd:c4:d2:9e:d5:ad:33:
         84:14:39:f7:15:a5:75:ec:56:c9:58:4a:f8:0d:c8:f2:71:dc:
         7f:64:43:f0:59:eb:e2:e3:01:6f:1a:d7:76:9f:68:fb:36:d9:
         14:7e:f7:4d:44:c0:be:31:e3:96:1c:29:64:3f:53:97:d9:e6:
         af:ba:df:d5:b7:55:ba:4b:56:d3:bc:83:49:8e:56:3e:6f:15:
         1b:99:51:b1:f9:ee:6f:95:6a:44:92:a3:59:ed:28:98:b6:4b:
         0b:57:2d:20:84:2a:d9:37:c4:9b:2a:1a:58:5e:7a:58:ee:c9:
         4d:bc:3d:be:bd:e1:42:cc:c5:7f:ec:ff:05:13:56:0c:5f:c3:
         1e:55:92:70
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0nBGb0fyWH/oYm99hYuFsBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YjM3YTM4Y2U4ODdkMzc2MzYwNDZhZWYzODdhMWMyMzMx
NTJlNDEwHhcNMjYwMzI1MjIwMTMyWhcNMjYwMzI2MjIwMTMyWjAzMTEwLwYDVQQD
EygwMmFhYWYwODA4NzhkYmQxOGM3MTVhMmY5OGRhMjRlMDIxODc3MjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6kW/nhc7l0rNkg2Qfu6xTdv8LZc0
V2Y55gfR36iI8dGSoobSTTne07NZp0CyL80qxdWcTFqfG8yO8ik8S/JUxYMsiYeY
cmw7QLNXikloMmUUE7+kyzie490O/hZwdaltKcfQrYWgrSi6rkwfxrwBBK20dYgh
XJ9ZVZ8o7I9AV3d3wE1I6iOeaI23ArQQzHsTb8XrKBF2ftqzDEFOXBBdhuXqVAfB
aleguTYaYnK8vQSiXzdkgZwpWrI5gIOzLF6Qr+EjfxDnD2FkiGqpItwFjdUIOfzt
GVw82Ajmvo6oOw12OEGA3yIARh2GrRgXIsVo61+20aNTO0XzOHdoh4/9LwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAKqrwgIeNvRjHFaL5jaJOAhh3JKMB8GA1UdIwQY
MBaAFNmzejjOiH03Y2BGrvOHocIzFS5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgt
ZDZhYWM2MTM4MzBiLzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgtZDZhYWM2MTM4MzBi
LzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAfqX2xI7y
fUHIYWNTGcO3Z/EvLfUqBK/N/LyiNcxvBSmWWI8p2q/yDRhLYRMOFKZxxrBG21Gy
2ZT1949yD9ceeDautHbDxqcmG696DV5v3Jfqf6foUnWGjtL7UPuR5M1xCI4QOk8M
6mVfJHkHIxjgsKWYETLEB7LdxNKe1a0zhBQ59xWldexWyVhK+A3I8nHcf2RD8Fnr
4uMBbxrXdp9o+zbZFH73TUTAvjHjlhwpZD9Tl9nmr7rf1bdVuktW07yDSY5WPm8V
G5lRsfnub5VqRJKjWe0omLZLC1ctIIQq2TfEmyoaWF56WO7JTbw9vr3hQszFf+z/
BRNWDF/DHlWScA==
-----END CERTIFICATE-----