Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/af6421-299c-4fd5-8acb-271a923c9ece/1/3aYlyUiBFZZabdCk8ILfO0LZSUg.mft
File:                     3aYlyUiBFZZabdCk8ILfO0LZSUg.mft (raw, json)
Hash identifier:          t1zyep+Qd6rprEtQ+TnRsK/TgrlANLLY1eF0CA/qDbw=
Subject key identifier:   10:17:0B:86:E5:ED:EB:66:59:A3:B1:E4:D4:F9:8E:1E:8B:9E:2E:A7
Authority key identifier: DD:A6:25:C9:48:81:15:96:5A:6D:D0:A4:F0:82:DF:3B:42:D9:49:48
Certificate issuer:       /CN=dda625c9488115965a6dd0a4f082df3b42d94948
Certificate serial:       019D333E9605338364FE8E169950F942E0D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3aYlyUiBFZZabdCk8ILfO0LZSUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/af6421-299c-4fd5-8acb-271a923c9ece/1/3aYlyUiBFZZabdCk8ILfO0LZSUg.mft
Manifest number:          53
Signing time:             Sat 28 Mar 2026 07:00:32 +0000
Manifest this update:     Sat 28 Mar 2026 07:00:32 +0000
Manifest next update:     Sun 29 Mar 2026 07:00:32 +0000
Files and hashes:         1: 3aYlyUiBFZZabdCk8ILfO0LZSUg.crl (hash: WgVuOVdCB4r5uE9N3EX2ykjRqCFED5I9dXhwDsIu1Zk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/af6421-299c-4fd5-8acb-271a923c9ece/1/3aYlyUiBFZZabdCk8ILfO0LZSUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/af6421-299c-4fd5-8acb-271a923c9ece/1/3aYlyUiBFZZabdCk8ILfO0LZSUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3aYlyUiBFZZabdCk8ILfO0LZSUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:3e:96:05:33:83:64:fe:8e:16:99:50:f9:42:e0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dda625c9488115965a6dd0a4f082df3b42d94948
        Validity
            Not Before: Mar 28 07:00:32 2026 GMT
            Not After : Mar 29 07:00:32 2026 GMT
        Subject: CN=10170b86e5edeb6659a3b1e4d4f98e1e8b9e2ea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a4:d6:e5:3a:72:3c:56:49:5d:e6:4b:99:b8:
                    db:28:4a:33:ea:7f:e5:dc:07:3e:f6:4e:bf:e8:e9:
                    35:e6:c4:94:90:1a:9c:aa:97:32:1d:17:e6:bf:23:
                    8a:06:a8:7e:c7:ec:81:56:79:50:cb:b7:0a:cd:06:
                    06:5e:a9:2c:2f:8c:f0:00:b2:47:48:08:58:25:a3:
                    11:e7:d1:80:8c:f9:1f:13:82:90:1b:24:18:fb:f1:
                    f4:0a:f5:76:61:50:8e:40:c7:14:91:43:1b:c3:11:
                    0b:7f:1e:7d:1c:35:0a:ce:be:a4:2d:37:53:99:06:
                    3a:99:84:15:3f:23:32:3f:f7:a4:ff:16:21:77:cb:
                    08:d5:67:35:27:e3:b2:c8:16:41:a2:8f:1a:d3:14:
                    5f:42:9b:a3:85:61:e4:f4:cb:68:e8:20:dd:1b:c0:
                    0b:01:78:37:ea:fa:8d:f9:1b:bb:14:64:4c:c8:ca:
                    89:d7:f4:ee:7b:83:85:92:8f:75:87:2b:5a:75:51:
                    b3:74:a8:61:f7:f3:93:70:ee:38:59:c6:62:fd:8c:
                    d4:0c:8a:a6:a0:d8:ea:ac:4a:7c:d2:1d:db:4f:35:
                    26:39:ee:9d:c1:59:47:06:8a:d8:b4:a1:c2:b0:db:
                    bb:b1:58:1e:90:cf:f3:c0:52:ed:60:bf:2f:49:fb:
                    a9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:17:0B:86:E5:ED:EB:66:59:A3:B1:E4:D4:F9:8E:1E:8B:9E:2E:A7
            X509v3 Authority Key Identifier:
                keyid:DD:A6:25:C9:48:81:15:96:5A:6D:D0:A4:F0:82:DF:3B:42:D9:49:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3aYlyUiBFZZabdCk8ILfO0LZSUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/af6421-299c-4fd5-8acb-271a923c9ece/1/3aYlyUiBFZZabdCk8ILfO0LZSUg.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/af6421-299c-4fd5-8acb-271a923c9ece/1/3aYlyUiBFZZabdCk8ILfO0LZSUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         67:cf:cf:2a:ae:d6:45:9b:f4:2d:84:f0:60:2d:d0:aa:33:86:
         1b:eb:b5:8b:a2:28:57:f9:7e:b2:15:cc:df:52:ba:94:7c:43:
         6f:25:38:82:c5:3c:4f:b0:f3:ee:6e:03:93:e8:43:97:5a:6f:
         05:87:2a:8c:8c:28:3e:d6:ce:f1:10:48:2c:12:fa:8b:3e:52:
         37:44:e6:63:52:b8:44:d1:9f:d4:4e:e1:ed:e0:55:f9:aa:0a:
         74:f8:91:b8:ca:33:75:99:47:d7:e8:8e:35:fe:a0:50:4f:e3:
         55:6d:2f:ea:56:68:f5:10:b1:1b:4a:cf:4e:f5:5d:ec:99:31:
         69:cd:ff:66:80:41:2c:eb:ff:aa:d2:5e:de:a9:14:be:96:59:
         56:a5:de:de:d6:9d:2f:23:da:2b:e7:51:86:23:b1:eb:e4:6e:
         bb:31:62:02:c1:e5:7a:a5:7b:02:41:61:bc:6b:fc:d7:74:ad:
         17:49:f5:7d:3d:69:1f:04:5e:5c:df:e6:b6:17:1e:2b:5e:0b:
         50:d8:59:1b:1f:7e:c5:79:75:cc:a6:b2:d5:b5:4e:ae:42:a2:
         83:6f:74:13:fa:ea:f0:c2:1f:3c:95:75:d2:db:9d:00:e6:24:
         34:ac:5e:d2:6c:b3:5d:ec:94:3f:70:75:de:ac:e3:ad:c5:5b:
         58:35:5a:20
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0zPpYFM4Nk/o4WmVD5QuDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYTYyNWM5NDg4MTE1OTY1YTZkZDBhNGYwODJkZjNiNDJk
OTQ5NDgwHhcNMjYwMzI4MDcwMDMyWhcNMjYwMzI5MDcwMDMyWjAzMTEwLwYDVQQD
EygxMDE3MGI4NmU1ZWRlYjY2NTlhM2IxZTRkNGY5OGUxZThiOWUyZWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qTW5TpyPFZJXeZLmbjbKEoz6n/l
3Ac+9k6/6Ok15sSUkBqcqpcyHRfmvyOKBqh+x+yBVnlQy7cKzQYGXqksL4zwALJH
SAhYJaMR59GAjPkfE4KQGyQY+/H0CvV2YVCOQMcUkUMbwxELfx59HDUKzr6kLTdT
mQY6mYQVPyMyP/ek/xYhd8sI1Wc1J+OyyBZBoo8a0xRfQpujhWHk9Mto6CDdG8AL
AXg36vqN+Ru7FGRMyMqJ1/Tue4OFko91hytadVGzdKhh9/OTcO44WcZi/YzUDIqm
oNjqrEp80h3bTzUmOe6dwVlHBorYtKHCsNu7sVgekM/zwFLtYL8vSfuppQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBAXC4bl7etmWaOx5NT5jh6Lni6nMB8GA1UdIwQY
MBaAFN2mJclIgRWWWm3QpPCC3ztC2UlIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2FZbHlVaUJGWlphYmRDazhJTGZPMExaU1VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hZjY0MjEtMjk5Yy00ZmQ1LThhY2It
MjcxYTkyM2M5ZWNlLzEvM2FZbHlVaUJGWlphYmRDazhJTGZPMExaU1VnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hZjY0MjEtMjk5Yy00ZmQ1LThhY2ItMjcxYTkyM2M5ZWNl
LzEvM2FZbHlVaUJGWlphYmRDazhJTGZPMExaU1VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZ8/PKq7W
RZv0LYTwYC3QqjOGG+u1i6IoV/l+shXM31K6lHxDbyU4gsU8T7Dz7m4Dk+hDl1pv
BYcqjIwoPtbO8RBILBL6iz5SN0TmY1K4RNGf1E7h7eBV+aoKdPiRuMozdZlH1+iO
Nf6gUE/jVW0v6lZo9RCxG0rPTvVd7Jkxac3/ZoBBLOv/qtJe3qkUvpZZVqXe3tad
LyPaK+dRhiOx6+RuuzFiAsHleqV7AkFhvGv813StF0n1fT1pHwReXN/mthceK14L
UNhZGx9+xXl1zKay1bVOrkKig290E/rq8MIfPJV10tudAOYkNKxe0myzXeyUP3B1
3qzjrcVbWDVaIA==
-----END CERTIFICATE-----