Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          rTWnJOhPhRMwr7pmCzoCqyZHiro+R8HyytJr9Sr5LS8=
Subject key identifier:   CB:0F:C1:0B:58:E9:9E:39:29:19:F6:45:6F:B6:24:17:95:EE:79:DB
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       019D25BA4FD5E20C0236F357FD8C810D9A3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          0712
Signing time:             Wed 25 Mar 2026 16:01:00 +0000
Manifest this update:     Wed 25 Mar 2026 16:01:00 +0000
Manifest next update:     Thu 26 Mar 2026 16:01:00 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: swwI8JCDjfJ71wDIwgAgFFllGsfXM6as3lQd/KulQzE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:ba:4f:d5:e2:0c:02:36:f3:57:fd:8c:81:0d:9a:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Mar 25 16:01:00 2026 GMT
            Not After : Mar 26 16:01:00 2026 GMT
        Subject: CN=cb0fc10b58e99e392919f6456fb6241795ee79db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:92:63:79:5c:d4:31:ad:a1:5d:b6:0e:18:e8:
                    2a:02:6d:8c:2f:ad:5e:66:47:98:27:76:0f:db:a7:
                    7e:e8:2e:99:78:07:ed:ab:ed:fc:96:45:74:c2:72:
                    3b:ea:19:b6:3c:46:92:17:ea:94:1e:eb:42:c9:0c:
                    5d:c7:eb:69:16:8d:2c:30:5b:9c:02:40:46:07:75:
                    12:13:53:8f:12:e9:5a:0b:70:9f:3a:0c:54:66:85:
                    a7:a8:a2:a8:6e:ca:66:c5:43:b8:99:c5:a1:dd:0c:
                    11:c8:bc:56:95:2a:aa:a8:cc:91:15:f2:91:fd:da:
                    6b:7b:e1:f8:df:e1:1c:a3:87:ed:25:35:d5:fe:65:
                    eb:2a:a9:e1:af:94:a3:6b:4d:9d:6c:94:6d:c1:4e:
                    ec:c2:ba:6a:b4:99:07:98:40:fa:c9:50:ce:a7:4f:
                    be:a8:2a:20:61:17:af:f7:55:d8:c8:73:64:3c:1e:
                    2f:33:a1:b6:07:60:f5:54:08:1a:20:d1:ce:03:e6:
                    17:f9:56:32:5d:47:1f:30:87:1e:95:e0:20:49:b2:
                    8d:72:1c:8a:4d:79:78:68:d6:b0:06:08:e9:e9:5b:
                    d0:31:dd:9d:9a:0e:c2:8a:51:58:86:a0:2d:01:67:
                    91:6d:dd:73:a3:c7:a9:52:09:48:09:ab:e8:fd:3e:
                    ef:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:0F:C1:0B:58:E9:9E:39:29:19:F6:45:6F:B6:24:17:95:EE:79:DB
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         88:db:f4:f3:a1:89:56:b7:b6:c1:31:71:87:64:76:c7:64:20:
         fc:82:c4:1a:e9:66:87:e3:a7:a4:c3:0a:09:31:55:53:41:f2:
         8d:53:e9:66:0e:94:cb:57:81:49:a2:7d:e3:00:ed:af:40:f1:
         51:f6:cc:3c:a0:b8:15:9b:ce:f1:c0:42:00:a6:c7:d0:c9:e7:
         7c:cf:d9:8b:b9:fa:19:83:e9:82:d5:34:1f:b6:51:4a:e6:37:
         e3:84:c0:98:5f:d1:ce:92:bf:10:46:fb:cd:1f:48:c7:a5:a3:
         cb:b1:16:b3:38:2f:7e:ed:00:c9:c8:5d:99:1a:26:fa:a9:d6:
         f7:67:43:43:e8:4f:28:6b:0a:49:0b:55:fc:88:1b:b0:31:29:
         db:f0:14:ec:bd:a3:a1:fe:a8:d7:0a:f4:e3:82:20:27:3a:80:
         ec:35:72:9e:0c:af:71:4a:66:26:83:d3:7f:33:b8:46:3d:3c:
         38:13:f5:2b:f3:15:dd:e1:e3:0c:14:8b:88:4b:6e:67:02:b1:
         56:ad:b0:a9:d5:e8:65:11:d2:d2:a4:57:ac:40:ea:09:ed:cb:
         90:fd:b5:f2:6f:23:42:52:c4:d5:9c:4c:1f:b0:dd:86:2c:18:
         dc:5b:b2:f1:1c:97:d1:43:a0:02:ea:24:bd:04:08:2d:d2:d6:
         45:45:d4:2c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0luk/V4gwCNvNX/YyBDZo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjYwMzI1MTYwMTAwWhcNMjYwMzI2MTYwMTAwWjAzMTEwLwYDVQQD
EyhjYjBmYzEwYjU4ZTk5ZTM5MjkxOWY2NDU2ZmI2MjQxNzk1ZWU3OWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5JjeVzUMa2hXbYOGOgqAm2ML61e
ZkeYJ3YP26d+6C6ZeAftq+38lkV0wnI76hm2PEaSF+qUHutCyQxdx+tpFo0sMFuc
AkBGB3USE1OPEulaC3CfOgxUZoWnqKKobspmxUO4mcWh3QwRyLxWlSqqqMyRFfKR
/dpre+H43+Eco4ftJTXV/mXrKqnhr5Sja02dbJRtwU7swrpqtJkHmED6yVDOp0++
qCogYRev91XYyHNkPB4vM6G2B2D1VAgaINHOA+YX+VYyXUcfMIceleAgSbKNchyK
TXl4aNawBgjp6VvQMd2dmg7CilFYhqAtAWeRbd1zo8epUglICavo/T7vdQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMsPwQtY6Z45KRn2RW+2JBeV7nnbMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAiNv086GJ
Vre2wTFxh2R2x2Qg/ILEGulmh+OnpMMKCTFVU0HyjVPpZg6Uy1eBSaJ94wDtr0Dx
UfbMPKC4FZvO8cBCAKbH0MnnfM/Zi7n6GYPpgtU0H7ZRSuY344TAmF/RzpK/EEb7
zR9Ix6Wjy7EWszgvfu0AychdmRom+qnW92dDQ+hPKGsKSQtV/IgbsDEp2/AU7L2j
of6o1wr044IgJzqA7DVyngyvcUpmJoPTfzO4Rj08OBP1K/MV3eHjDBSLiEtuZwKx
Vq2wqdXoZRHS0qRXrEDqCe3LkP218m8jQlLE1ZxMH7DdhiwY3Fuy8RyX0UOgAuok
vQQILdLWRUXULA==
-----END CERTIFICATE-----