Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft
File:                     Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft (raw, json)
Hash identifier:          wlB3XMILl+sZqtCnlH7RkkkUoXLk7uF63wVdow7CO64=
Subject key identifier:   AA:F7:82:BE:79:43:F2:53:46:FC:D6:26:5E:4B:34:E6:B7:FF:CC:69
Authority key identifier: 3A:78:7C:1A:72:39:39:8F:EF:42:FB:F4:E6:B8:BA:67:FB:41:64:7A
Certificate issuer:       /CN=3a787c1a7239398fef42fbf4e6b8ba67fb41647a
Certificate serial:       019D25842EC9E7B212EE3D034ACAB2FED8A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Onh8GnI5OY_vQvv05ri6Z_tBZHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft
Manifest number:          1882
Signing time:             Wed 25 Mar 2026 15:01:52 +0000
Manifest this update:     Wed 25 Mar 2026 15:01:52 +0000
Manifest next update:     Thu 26 Mar 2026 15:01:52 +0000
Files and hashes:         1: Onh8GnI5OY_vQvv05ri6Z_tBZHo.crl (hash: V28IIWzhDMt6QGyTKbCBkAqigfdz+uKKRwmSsqwsnFU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Onh8GnI5OY_vQvv05ri6Z_tBZHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:84:2e:c9:e7:b2:12:ee:3d:03:4a:ca:b2:fe:d8:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a787c1a7239398fef42fbf4e6b8ba67fb41647a
        Validity
            Not Before: Mar 25 15:01:52 2026 GMT
            Not After : Mar 26 15:01:52 2026 GMT
        Subject: CN=aaf782be7943f25346fcd6265e4b34e6b7ffcc69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d5:15:a3:14:c6:bd:0e:42:43:37:9c:25:ef:
                    ae:63:66:36:e7:a1:0f:5f:b8:a2:e4:96:70:5e:5d:
                    86:d3:1e:07:2b:5b:25:24:57:a5:e2:41:86:e6:83:
                    53:06:63:f6:b8:40:23:a5:be:5d:83:63:c9:d4:54:
                    d8:f7:00:91:9d:e7:a2:c3:d4:78:35:59:f1:ac:92:
                    82:3b:57:cb:16:62:7a:1e:db:3e:f5:c3:b0:bd:cc:
                    fc:8f:85:71:4a:f5:81:31:75:77:4a:0e:a6:91:08:
                    0f:33:00:12:bb:45:fb:8d:b8:fa:d5:89:57:0d:77:
                    a8:26:09:29:13:b2:28:6a:43:f7:11:04:c8:e8:89:
                    ef:bb:c3:e2:4c:a6:8d:48:59:b5:d8:56:1a:50:58:
                    2f:16:b6:1f:c7:c1:3d:59:5a:8c:8e:51:73:79:a3:
                    c8:48:9a:e8:f1:24:9c:bd:7f:d3:bc:a3:65:81:aa:
                    58:d5:12:c8:c1:81:7d:d2:78:87:84:93:3c:86:8e:
                    fa:1c:97:bd:2a:54:90:91:ab:07:9e:81:0f:dd:20:
                    7d:20:a7:fa:eb:61:e7:2d:95:90:5e:a7:24:cd:64:
                    9d:6d:7d:05:c0:4f:2e:97:1e:ec:05:60:ab:06:82:
                    12:01:61:14:e0:d2:d8:ee:2d:c1:26:5f:78:82:c7:
                    87:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:F7:82:BE:79:43:F2:53:46:FC:D6:26:5E:4B:34:E6:B7:FF:CC:69
            X509v3 Authority Key Identifier:
                keyid:3A:78:7C:1A:72:39:39:8F:EF:42:FB:F4:E6:B8:BA:67:FB:41:64:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Onh8GnI5OY_vQvv05ri6Z_tBZHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         69:2a:9b:0d:0a:79:d7:07:86:1f:25:c0:df:8a:3b:bd:7a:b8:
         ba:1d:5d:aa:a4:33:20:ed:c3:c0:d0:6d:c1:96:9a:30:2a:b3:
         05:49:ec:9a:8c:11:dc:ec:9b:ba:49:12:fb:55:20:1a:e4:f8:
         ea:57:74:c2:9f:21:b9:55:94:28:33:58:b1:96:a9:fd:c7:6a:
         a3:65:d5:99:4e:6b:02:80:0b:23:20:33:9c:b1:6d:c3:0f:df:
         d9:26:49:ca:35:22:4d:80:ba:cb:89:10:50:7d:ac:b4:8d:98:
         e4:ca:e3:aa:a0:c1:8e:fd:87:16:ab:b5:09:24:77:21:12:5d:
         78:42:0f:21:d6:45:ad:54:6c:ee:97:94:a8:32:6f:fb:b9:d0:
         67:1f:8a:55:37:35:f7:79:24:69:1b:c4:fc:28:07:61:d5:f5:
         03:97:8f:d7:ff:07:ac:10:fe:b6:99:83:21:b1:50:40:d2:b5:
         ba:e5:00:bf:6e:92:14:1e:b9:cd:10:e5:e4:4a:92:a8:23:ea:
         b6:73:e4:62:9b:ea:1e:f6:bf:69:7e:0b:57:26:2e:9b:1d:f6:
         bc:28:31:42:33:78:c9:1e:50:d9:d5:9b:b5:c5:94:23:c1:21:
         2f:73:95:69:7a:2e:bc:50:cb:27:3d:58:cb:f2:d1:1c:84:84:
         07:19:0b:24
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0lhC7J57IS7j0DSsqy/tiiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNzg3YzFhNzIzOTM5OGZlZjQyZmJmNGU2YjhiYTY3ZmI0
MTY0N2EwHhcNMjYwMzI1MTUwMTUyWhcNMjYwMzI2MTUwMTUyWjAzMTEwLwYDVQQD
EyhhYWY3ODJiZTc5NDNmMjUzNDZmY2Q2MjY1ZTRiMzRlNmI3ZmZjYzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9UVoxTGvQ5CQzecJe+uY2Y256EP
X7ii5JZwXl2G0x4HK1slJFel4kGG5oNTBmP2uEAjpb5dg2PJ1FTY9wCRneeiw9R4
NVnxrJKCO1fLFmJ6Hts+9cOwvcz8j4VxSvWBMXV3Sg6mkQgPMwASu0X7jbj61YlX
DXeoJgkpE7IoakP3EQTI6Invu8PiTKaNSFm12FYaUFgvFrYfx8E9WVqMjlFzeaPI
SJro8SScvX/TvKNlgapY1RLIwYF90niHhJM8ho76HJe9KlSQkasHnoEP3SB9IKf6
62HnLZWQXqckzWSdbX0FwE8ulx7sBWCrBoISAWEU4NLY7i3BJl94gseHHQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKr3gr55Q/JTRvzWJl5LNOa3/8xpMB8GA1UdIwQY
MBaAFDp4fBpyOTmP70L79Oa4umf7QWR6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25oOEduSTVPWV92UXZ2MDVyaTZaX3RCWkhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kODA5YjQtMjAyNS00MWVkLWEwYzMt
MzZkNzkyMWU5M2IzLzEvT25oOEduSTVPWV92UXZ2MDVyaTZaX3RCWkhvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kODA5YjQtMjAyNS00MWVkLWEwYzMtMzZkNzkyMWU5M2Iz
LzEvT25oOEduSTVPWV92UXZ2MDVyaTZaX3RCWkhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAaSqbDQp5
1weGHyXA34o7vXq4uh1dqqQzIO3DwNBtwZaaMCqzBUnsmowR3OybukkS+1UgGuT4
6ld0wp8huVWUKDNYsZap/cdqo2XVmU5rAoALIyAznLFtww/f2SZJyjUiTYC6y4kQ
UH2stI2Y5MrjqqDBjv2HFqu1CSR3IRJdeEIPIdZFrVRs7peUqDJv+7nQZx+KVTc1
93kkaRvE/CgHYdX1A5eP1/8HrBD+tpmDIbFQQNK1uuUAv26SFB65zRDl5EqSqCPq
tnPkYpvqHva/aX4LVyYumx32vCgxQjN4yR5Q2dWbtcWUI8EhL3OVaXouvFDLJz1Y
y/LRHISEBxkLJA==
-----END CERTIFICATE-----