Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/c77797-0ec7-4a0e-a542-c408576089b1/1/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.mft
File:                     2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.mft (raw, json)
Hash identifier:          XXZ0LfxUQnuWCNm5Hr/PqNE6IC1UipWBnKvNNOrgeag=
Subject key identifier:   2C:18:A9:BF:D9:38:70:F0:32:AA:BA:39:04:32:98:E9:56:AD:46:32
Authority key identifier: D9:91:D6:89:0F:91:FB:2C:D7:79:31:B8:09:BD:B1:EB:05:09:13:49
Certificate issuer:       /CN=d991d6890f91fb2cd77931b809bdb1eb05091349
Certificate serial:       019D2704E1FC6771CDEDD60AA617EB05E0FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/c77797-0ec7-4a0e-a542-c408576089b1/1/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.mft
Manifest number:          1321
Signing time:             Wed 25 Mar 2026 22:02:04 +0000
Manifest this update:     Wed 25 Mar 2026 22:02:04 +0000
Manifest next update:     Thu 26 Mar 2026 22:02:04 +0000
Files and hashes:         1: 2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.crl (hash: 11iVa+t23WN3XUGoPC+SpvUJOg1DWKzG/LYvwZUyo8Y=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/c77797-0ec7-4a0e-a542-c408576089b1/1/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/c77797-0ec7-4a0e-a542-c408576089b1/1/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:04:e1:fc:67:71:cd:ed:d6:0a:a6:17:eb:05:e0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d991d6890f91fb2cd77931b809bdb1eb05091349
        Validity
            Not Before: Mar 25 22:02:04 2026 GMT
            Not After : Mar 26 22:02:04 2026 GMT
        Subject: CN=2c18a9bfd93870f032aaba39043298e956ad4632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ba:d1:60:82:d7:e1:da:f2:4b:49:e8:96:c3:
                    77:bf:81:ac:fa:1c:04:37:04:91:b4:a3:a9:a0:46:
                    c9:25:65:c5:2c:17:21:2c:88:fd:9b:3a:0d:3d:4d:
                    de:72:fe:dc:f9:84:e5:72:d1:1f:ab:5f:91:e2:37:
                    1f:b4:79:23:89:fe:a7:ed:db:d2:2c:12:1d:ec:c2:
                    e8:bc:ff:eb:41:8d:0d:c7:eb:f8:e4:4d:1c:fc:8c:
                    63:10:16:43:84:35:6f:77:3b:8d:c8:eb:dd:31:72:
                    82:43:81:31:e0:73:65:a3:7e:e9:7c:03:8c:59:9f:
                    11:3e:b9:86:98:fd:94:68:22:5d:98:c2:82:84:47:
                    32:31:92:4d:59:c2:b2:4f:fe:c7:12:8e:d1:92:fb:
                    13:bd:04:59:23:f8:12:dc:0c:1e:49:61:ec:cf:3a:
                    85:2a:07:32:fa:be:a3:8a:e5:50:93:f7:95:23:ff:
                    85:5a:a3:b7:1c:0f:41:3d:5b:b8:7d:40:2b:58:47:
                    03:67:49:52:2f:34:f8:37:2a:b2:51:82:6d:48:e0:
                    14:54:17:22:99:26:31:b8:37:6b:4d:e5:18:23:cd:
                    49:d4:f6:96:9c:2f:4b:6a:8a:09:3d:1d:18:f8:99:
                    4d:d3:29:71:eb:95:fe:87:cd:09:5c:42:bc:eb:cc:
                    92:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:18:A9:BF:D9:38:70:F0:32:AA:BA:39:04:32:98:E9:56:AD:46:32
            X509v3 Authority Key Identifier:
                keyid:D9:91:D6:89:0F:91:FB:2C:D7:79:31:B8:09:BD:B1:EB:05:09:13:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c77797-0ec7-4a0e-a542-c408576089b1/1/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c77797-0ec7-4a0e-a542-c408576089b1/1/2ZHWiQ-R-yzXeTG4Cb2x6wUJE0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         58:ce:d7:90:be:e4:dd:38:a7:a8:91:5b:2c:39:23:8e:3e:7e:
         21:4c:66:54:84:0c:1d:cc:4b:d2:fc:f4:89:71:8d:e2:c5:31:
         c9:f5:3f:6e:a1:0a:57:f8:57:30:9e:0a:38:39:70:c4:d3:7e:
         4e:e2:ff:26:88:9b:13:a9:34:6b:a7:e3:df:4e:4d:e4:1c:7f:
         49:e3:fe:3e:9f:12:60:73:ed:a7:28:d9:97:fb:85:d6:62:4d:
         bb:30:a6:81:c9:86:d3:6c:ec:25:0b:23:1d:6f:ed:d9:32:76:
         b9:e6:89:67:7f:ac:a8:0d:2f:39:56:a9:90:13:89:df:a4:8a:
         e3:c1:00:27:c5:da:ac:78:9c:7d:7b:0d:3d:96:ff:1b:67:c3:
         49:d0:74:c3:a9:b9:6d:7b:08:c8:f4:ae:bf:a6:ac:fe:02:91:
         22:26:8e:83:10:e9:87:f8:a3:82:af:40:61:02:0a:2f:58:52:
         83:fe:9c:6d:01:d5:fe:d3:a7:94:90:26:24:d9:de:c1:d1:75:
         7f:b9:03:56:a0:9a:72:08:09:c8:68:02:1c:0a:e0:12:76:45:
         ce:16:57:2f:d3:ee:87:f3:c4:ca:d5:d0:30:07:46:7c:59:fa:
         85:d1:53:0c:76:bf:65:ab:fb:7f:a9:e6:cf:a7:b9:c1:fc:f5:
         35:87:dc:cb
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0nBOH8Z3HN7dYKphfrBeD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5OTFkNjg5MGY5MWZiMmNkNzc5MzFiODA5YmRiMWViMDUw
OTEzNDkwHhcNMjYwMzI1MjIwMjA0WhcNMjYwMzI2MjIwMjA0WjAzMTEwLwYDVQQD
EygyYzE4YTliZmQ5Mzg3MGYwMzJhYWJhMzkwNDMyOThlOTU2YWQ0NjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4brRYILX4dryS0nolsN3v4Gs+hwE
NwSRtKOpoEbJJWXFLBchLIj9mzoNPU3ecv7c+YTlctEfq1+R4jcftHkjif6n7dvS
LBId7MLovP/rQY0Nx+v45E0c/IxjEBZDhDVvdzuNyOvdMXKCQ4Ex4HNlo37pfAOM
WZ8RPrmGmP2UaCJdmMKChEcyMZJNWcKyT/7HEo7RkvsTvQRZI/gS3AweSWHszzqF
Kgcy+r6jiuVQk/eVI/+FWqO3HA9BPVu4fUArWEcDZ0lSLzT4NyqyUYJtSOAUVBci
mSYxuDdrTeUYI81J1PaWnC9LaooJPR0Y+JlN0ylx65X+h80JXEK868ySIwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCwYqb/ZOHDwMqq6OQQymOlWrUYyMB8GA1UdIwQY
MBaAFNmR1okPkfss13kxuAm9sesFCRNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlpIV2lRLVIteXpYZVRHNENiMng2d1VKRTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jNzc3OTctMGVjNy00YTBlLWE1NDIt
YzQwODU3NjA4OWIxLzEvMlpIV2lRLVIteXpYZVRHNENiMng2d1VKRTBrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jNzc3OTctMGVjNy00YTBlLWE1NDItYzQwODU3NjA4OWIx
LzEvMlpIV2lRLVIteXpYZVRHNENiMng2d1VKRTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAWM7XkL7k
3TinqJFbLDkjjj5+IUxmVIQMHcxL0vz0iXGN4sUxyfU/bqEKV/hXMJ4KODlwxNN+
TuL/JoibE6k0a6fj305N5Bx/SeP+Pp8SYHPtpyjZl/uF1mJNuzCmgcmG02zsJQsj
HW/t2TJ2ueaJZ3+sqA0vOVapkBOJ36SK48EAJ8XarHicfXsNPZb/G2fDSdB0w6m5
bXsIyPSuv6as/gKRIiaOgxDph/ijgq9AYQIKL1hSg/6cbQHV/tOnlJAmJNnewdF1
f7kDVqCacggJyGgCHArgEnZFzhZXL9Puh/PEytXQMAdGfFn6hdFTDHa/Zav7f6nm
z6e5wfz1NYfcyw==
-----END CERTIFICATE-----