Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/625d78-019c-4301-ba78-70c0c15bc80a/1/q7lESdTSRidxdzvAimJFB9pRKw0.mft
File:                     q7lESdTSRidxdzvAimJFB9pRKw0.mft (raw, json)
Hash identifier:          Ct/OL52Yf701fHLeqEj/uF7b+c4g1jPL+wq2dSgJNW8=
Subject key identifier:   86:6A:71:A6:F5:38:1E:06:CF:D5:59:63:76:8E:B6:BD:EC:DC:F3:CC
Authority key identifier: AB:B9:44:49:D4:D2:46:27:71:77:3B:C0:8A:62:45:07:DA:51:2B:0D
Certificate issuer:       /CN=abb94449d4d2462771773bc08a624507da512b0d
Certificate serial:       019D29CE29CB0B51A47E3DE7EF5DED3A7377
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q7lESdTSRidxdzvAimJFB9pRKw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/625d78-019c-4301-ba78-70c0c15bc80a/1/q7lESdTSRidxdzvAimJFB9pRKw0.mft
Manifest number:          096C
Signing time:             Thu 26 Mar 2026 11:01:10 +0000
Manifest this update:     Thu 26 Mar 2026 11:01:10 +0000
Manifest next update:     Fri 27 Mar 2026 11:01:10 +0000
Files and hashes:         1: q7lESdTSRidxdzvAimJFB9pRKw0.crl (hash: QNHHGEhna+kP9WYrmNzGtHs5IWk9aIp9Wm7V3q29fBw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/625d78-019c-4301-ba78-70c0c15bc80a/1/q7lESdTSRidxdzvAimJFB9pRKw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/625d78-019c-4301-ba78-70c0c15bc80a/1/q7lESdTSRidxdzvAimJFB9pRKw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q7lESdTSRidxdzvAimJFB9pRKw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:ce:29:cb:0b:51:a4:7e:3d:e7:ef:5d:ed:3a:73:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abb94449d4d2462771773bc08a624507da512b0d
        Validity
            Not Before: Mar 26 11:01:10 2026 GMT
            Not After : Mar 27 11:01:10 2026 GMT
        Subject: CN=866a71a6f5381e06cfd55963768eb6bdecdcf3cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:20:c5:38:27:a3:96:13:9a:c4:e1:71:3a:6e:
                    c0:ed:0a:57:57:15:99:17:77:84:84:0d:34:18:74:
                    2d:32:6d:bb:fd:12:cf:b2:dd:32:fa:6d:14:38:28:
                    02:79:49:f4:9e:56:30:1b:23:df:18:16:c5:76:88:
                    2f:4a:ee:e6:28:48:40:dd:5f:a1:f8:8b:34:01:3b:
                    31:df:ff:9a:5e:0f:8a:29:4c:ae:3d:87:3b:cc:e8:
                    7e:93:e4:6b:40:7e:8c:c8:74:a1:b5:0a:59:c1:a3:
                    4d:52:4b:f1:e2:67:e0:2d:d8:02:df:d4:f1:56:d4:
                    ea:90:99:87:01:8e:e6:0f:be:46:8f:22:aa:fe:10:
                    4b:70:cb:b3:5a:22:2d:73:de:f8:27:ea:c0:ab:00:
                    32:f9:b4:c1:98:ab:e5:3a:0b:58:fa:58:13:ca:e2:
                    de:f5:bd:2d:61:05:a3:62:00:8a:ab:6a:c6:6d:d3:
                    aa:b3:f4:75:fa:36:4a:57:8f:c1:f9:ff:bc:07:55:
                    af:da:9f:73:09:bf:64:64:f3:12:f7:98:27:3d:03:
                    12:4d:0a:78:1c:bb:00:c0:64:ce:c6:18:8a:c2:3d:
                    a3:bf:93:8e:60:69:28:07:2e:9a:5e:d6:fd:64:4d:
                    b7:93:36:44:9b:19:f4:96:ab:e0:6a:16:e5:8b:26:
                    81:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:6A:71:A6:F5:38:1E:06:CF:D5:59:63:76:8E:B6:BD:EC:DC:F3:CC
            X509v3 Authority Key Identifier:
                keyid:AB:B9:44:49:D4:D2:46:27:71:77:3B:C0:8A:62:45:07:DA:51:2B:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q7lESdTSRidxdzvAimJFB9pRKw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/625d78-019c-4301-ba78-70c0c15bc80a/1/q7lESdTSRidxdzvAimJFB9pRKw0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/625d78-019c-4301-ba78-70c0c15bc80a/1/q7lESdTSRidxdzvAimJFB9pRKw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a3:26:69:c1:e7:26:17:d7:1a:4b:93:b8:4b:55:be:fe:d6:6f:
         45:ae:b0:1a:4e:65:ba:b6:56:9d:98:0d:b3:89:9c:4c:a3:44:
         69:5a:f2:75:7b:cc:a1:4c:b9:4b:2c:d7:5e:de:7d:63:54:50:
         ba:1e:93:90:2a:80:89:f2:c6:bf:f4:bd:5c:70:c7:51:e8:08:
         6e:c8:c0:37:38:ed:45:1e:99:a7:9e:6c:ed:c1:f7:1e:47:3e:
         98:40:68:4f:2f:e6:ff:a8:39:9d:f4:f5:98:fe:14:ca:e2:c7:
         f4:66:13:91:8e:5d:2d:32:90:17:53:6e:e5:64:e0:c5:5e:70:
         7b:95:48:a5:07:25:41:3a:26:7a:4c:d5:37:66:70:16:0d:a8:
         74:86:04:eb:52:09:f5:41:7c:d8:a7:7a:5d:27:0c:d1:38:e7:
         74:db:2e:5d:1d:1e:4f:2d:91:77:b6:69:34:31:8e:07:02:48:
         5d:27:70:e0:22:12:8e:74:9f:1a:d9:e4:f3:ce:ca:41:12:8c:
         73:6e:78:11:41:9c:9a:6d:1b:02:dc:99:f3:f6:b8:f0:5a:4e:
         57:08:9d:4d:40:02:9d:cd:32:6c:20:42:f8:dc:c5:2d:1f:57:
         75:fe:58:c1:a5:80:5c:73:67:0f:cf:94:36:7d:1d:71:d4:99:
         97:2e:38:1f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0pzinLC1Gkfj3n713tOnN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYjk0NDQ5ZDRkMjQ2Mjc3MTc3M2JjMDhhNjI0NTA3ZGE1
MTJiMGQwHhcNMjYwMzI2MTEwMTEwWhcNMjYwMzI3MTEwMTEwWjAzMTEwLwYDVQQD
Eyg4NjZhNzFhNmY1MzgxZTA2Y2ZkNTU5NjM3NjhlYjZiZGVjZGNmM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiDFOCejlhOaxOFxOm7A7QpXVxWZ
F3eEhA00GHQtMm27/RLPst0y+m0UOCgCeUn0nlYwGyPfGBbFdogvSu7mKEhA3V+h
+Is0ATsx3/+aXg+KKUyuPYc7zOh+k+RrQH6MyHShtQpZwaNNUkvx4mfgLdgC39Tx
VtTqkJmHAY7mD75GjyKq/hBLcMuzWiItc974J+rAqwAy+bTBmKvlOgtY+lgTyuLe
9b0tYQWjYgCKq2rGbdOqs/R1+jZKV4/B+f+8B1Wv2p9zCb9kZPMS95gnPQMSTQp4
HLsAwGTOxhiKwj2jv5OOYGkoBy6aXtb9ZE23kzZEmxn0lqvgahbliyaBqwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIZqcab1OB4Gz9VZY3aOtr3s3PPMMB8GA1UdIwQY
MBaAFKu5REnU0kYncXc7wIpiRQfaUSsNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTdsRVNkVFNSaWR4ZHp2QWltSkZCOXBSS3cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS82MjVkNzgtMDE5Yy00MzAxLWJhNzgt
NzBjMGMxNWJjODBhLzEvcTdsRVNkVFNSaWR4ZHp2QWltSkZCOXBSS3cwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS82MjVkNzgtMDE5Yy00MzAxLWJhNzgtNzBjMGMxNWJjODBh
LzEvcTdsRVNkVFNSaWR4ZHp2QWltSkZCOXBSS3cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAoyZpwecm
F9caS5O4S1W+/tZvRa6wGk5lurZWnZgNs4mcTKNEaVrydXvMoUy5SyzXXt59Y1RQ
uh6TkCqAifLGv/S9XHDHUegIbsjANzjtRR6Zp55s7cH3Hkc+mEBoTy/m/6g5nfT1
mP4UyuLH9GYTkY5dLTKQF1Nu5WTgxV5we5VIpQclQTomekzVN2ZwFg2odIYE61IJ
9UF82Kd6XScM0TjndNsuXR0eTy2Rd7ZpNDGOBwJIXSdw4CISjnSfGtnk887KQRKM
c254EUGcmm0bAtyZ8/a48FpOVwidTUACnc0ybCBC+NzFLR9Xdf5YwaWAXHNnD8+U
Nn0dcdSZly44Hw==
-----END CERTIFICATE-----