Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft
File:                     PNQrfxakRkXr2PObog8ZBxOxs7w.mft (raw, json)
Hash identifier:          Xqp1H2PbTAjvK/pYK40dSoDekvyCMFUB5+APsUYNH9o=
Subject key identifier:   CA:28:CA:BC:4D:17:D6:FD:CC:31:1C:44:F3:11:32:D2:8D:91:F1:97
Authority key identifier: 3C:D4:2B:7F:16:A4:46:45:EB:D8:F3:9B:A2:0F:19:07:13:B1:B3:BC
Certificate issuer:       /CN=3cd42b7f16a44645ebd8f39ba20f190713b1b3bc
Certificate serial:       019D2AE00689DAF83916FF7578C0F5A8C677
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNQrfxakRkXr2PObog8ZBxOxs7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft
Manifest number:          1886
Signing time:             Thu 26 Mar 2026 16:00:17 +0000
Manifest this update:     Thu 26 Mar 2026 16:00:17 +0000
Manifest next update:     Fri 27 Mar 2026 16:00:17 +0000
Files and hashes:         1: PNQrfxakRkXr2PObog8ZBxOxs7w.crl (hash: meF5+OR2ImqAOxgNiJQSkg5N9GH5itBI73yBO9Setcw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNQrfxakRkXr2PObog8ZBxOxs7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2a:e0:06:89:da:f8:39:16:ff:75:78:c0:f5:a8:c6:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd42b7f16a44645ebd8f39ba20f190713b1b3bc
        Validity
            Not Before: Mar 26 16:00:17 2026 GMT
            Not After : Mar 27 16:00:17 2026 GMT
        Subject: CN=ca28cabc4d17d6fdcc311c44f31132d28d91f197
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:4c:a5:05:82:ca:0e:ca:cb:3e:da:40:e0:03:
                    7a:d0:b9:75:56:41:9b:d3:fd:27:42:3c:52:11:dc:
                    f2:05:63:7c:09:62:f4:0d:82:b5:5c:ca:55:00:bd:
                    06:6d:7d:e7:56:d4:17:c7:b4:58:51:b0:9a:c7:e1:
                    ec:9c:07:dd:76:07:a8:d8:77:78:01:2d:6a:73:71:
                    67:7a:e0:ea:ab:0e:d7:ad:4e:f9:e4:c7:5e:45:ce:
                    90:e7:71:f8:ec:fe:64:88:70:4f:be:b1:b5:19:79:
                    5a:97:ae:2c:17:1c:6a:f4:fa:47:f0:6e:e0:8b:c3:
                    c9:68:12:3d:0b:51:8d:d2:83:5b:76:1f:f7:71:09:
                    72:e8:93:6a:cd:55:14:fc:b2:00:56:fa:9c:e1:04:
                    5c:f5:a8:3b:b3:19:fc:cf:6f:36:c3:72:47:1c:f3:
                    6a:56:37:20:dc:8a:9c:8d:7b:71:61:b0:e8:e0:68:
                    38:32:93:29:a0:3c:cc:d9:0d:06:06:43:ce:94:2a:
                    b7:89:b2:5c:e6:cd:c9:fa:6f:0f:d8:d2:cc:4e:98:
                    a5:09:da:25:9d:9a:fa:79:d6:c7:fa:0c:89:a4:c2:
                    50:08:d5:cc:aa:96:dd:95:9f:0a:dd:22:8c:6c:2e:
                    4d:99:4e:0f:f5:3b:99:3c:da:5e:03:4c:15:8f:aa:
                    be:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:28:CA:BC:4D:17:D6:FD:CC:31:1C:44:F3:11:32:D2:8D:91:F1:97
            X509v3 Authority Key Identifier:
                keyid:3C:D4:2B:7F:16:A4:46:45:EB:D8:F3:9B:A2:0F:19:07:13:B1:B3:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNQrfxakRkXr2PObog8ZBxOxs7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5d:4d:c8:21:24:06:c3:4c:14:5d:33:2b:c5:f7:8d:5d:0a:4d:
         f1:d3:04:27:89:fe:ce:6b:7b:3a:5c:43:f5:45:38:76:6b:12:
         2c:4f:0e:6a:78:c1:2a:3e:16:98:bc:58:f3:11:95:7e:75:21:
         ad:25:9e:3c:52:d1:95:eb:5c:c1:0e:9f:26:58:68:d6:28:72:
         d3:88:3c:88:93:87:ba:2e:36:ad:e2:eb:9d:7a:ac:fa:a8:97:
         ab:b2:04:48:ea:0c:6d:da:cf:18:f8:14:55:e8:26:fe:e6:01:
         b0:6d:81:ec:b5:4d:20:e5:52:a9:34:1b:45:78:70:da:30:8d:
         f3:58:a2:a5:c7:65:3c:05:ad:76:75:c7:9a:c6:27:9c:70:be:
         60:28:33:2c:6e:eb:54:be:d6:77:a7:ee:93:d0:b9:5e:14:a9:
         9f:62:75:35:ae:c0:a6:08:f6:cf:da:e6:45:ed:79:8e:e1:cd:
         57:17:97:99:2c:04:2c:f5:6a:33:ac:b4:b7:b8:77:cc:5c:54:
         11:5a:63:ae:8e:a5:90:65:25:e3:09:50:7a:c3:85:35:ba:45:
         16:29:35:71:ba:ed:5d:6e:67:fc:9c:75:e8:87:01:89:7a:05:
         f3:18:c8:be:56:59:24:8e:fc:15:13:66:97:83:c7:ff:ed:b4:
         23:4e:d1:3f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0q4AaJ2vg5Fv91eMD1qMZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDQyYjdmMTZhNDQ2NDVlYmQ4ZjM5YmEyMGYxOTA3MTNi
MWIzYmMwHhcNMjYwMzI2MTYwMDE3WhcNMjYwMzI3MTYwMDE3WjAzMTEwLwYDVQQD
EyhjYTI4Y2FiYzRkMTdkNmZkY2MzMTFjNDRmMzExMzJkMjhkOTFmMTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUylBYLKDsrLPtpA4AN60Ll1VkGb
0/0nQjxSEdzyBWN8CWL0DYK1XMpVAL0GbX3nVtQXx7RYUbCax+HsnAfddgeo2Hd4
AS1qc3FneuDqqw7XrU755MdeRc6Q53H47P5kiHBPvrG1GXlal64sFxxq9PpH8G7g
i8PJaBI9C1GN0oNbdh/3cQly6JNqzVUU/LIAVvqc4QRc9ag7sxn8z282w3JHHPNq
Vjcg3IqcjXtxYbDo4Gg4MpMpoDzM2Q0GBkPOlCq3ibJc5s3J+m8P2NLMTpilCdol
nZr6edbH+gyJpMJQCNXMqpbdlZ8K3SKMbC5NmU4P9TuZPNpeA0wVj6q+3wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMooyrxNF9b9zDEcRPMRMtKNkfGXMB8GA1UdIwQY
MBaAFDzUK38WpEZF69jzm6IPGQcTsbO8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5RcmZ4YWtSa1hyMlBPYm9nOFpCeE94czd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8yYWNiNzEtM2MzYi00YTY2LTk3MDAt
Y2QyNzI2MTE0ODQ2LzEvUE5RcmZ4YWtSa1hyMlBPYm9nOFpCeE94czd3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8yYWNiNzEtM2MzYi00YTY2LTk3MDAtY2QyNzI2MTE0ODQ2
LzEvUE5RcmZ4YWtSa1hyMlBPYm9nOFpCeE94czd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAXU3IISQG
w0wUXTMrxfeNXQpN8dMEJ4n+zmt7OlxD9UU4dmsSLE8OanjBKj4WmLxY8xGVfnUh
rSWePFLRletcwQ6fJlho1ihy04g8iJOHui42reLrnXqs+qiXq7IESOoMbdrPGPgU
Vegm/uYBsG2B7LVNIOVSqTQbRXhw2jCN81iipcdlPAWtdnXHmsYnnHC+YCgzLG7r
VL7Wd6fuk9C5XhSpn2J1Na7Apgj2z9rmRe15juHNVxeXmSwELPVqM6y0t7h3zFxU
EVpjro6lkGUl4wlQesOFNbpFFik1cbrtXW5n/Jx16IcBiXoF8xjIvlZZJI78FRNm
l4PH/+20I07RPw==
-----END CERTIFICATE-----