Manifest
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/aaa05d-e7b1-4e39-8470-cafe5e7db758/1/2f8MyFNVS935CZqjzuvTUka5KPU.mft
File: 2f8MyFNVS935CZqjzuvTUka5KPU.mft (raw, json)
Hash identifier: BTjE5aoWoHpu7iGEToyrBieU76R6fHkSA9376aWp8zA=
Subject key identifier: 4D:B6:C6:94:22:92:70:73:B6:6E:EB:43:DC:98:EC:A6:59:F6:E5:FD
Authority key identifier: D9:FF:0C:C8:53:55:4B:DD:F9:09:9A:A3:CE:EB:D3:52:46:B9:28:F5
Certificate issuer: /CN=d9ff0cc853554bddf9099aa3ceebd35246b928f5
Certificate serial: 019D292930821786AC9DF8298C0517CA8C91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2f8MyFNVS935CZqjzuvTUka5KPU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/aaa05d-e7b1-4e39-8470-cafe5e7db758/1/2f8MyFNVS935CZqjzuvTUka5KPU.mft
Manifest number: CA
Signing time: Thu 26 Mar 2026 08:00:58 +0000
Manifest this update: Thu 26 Mar 2026 08:00:58 +0000
Manifest next update: Fri 27 Mar 2026 08:00:58 +0000
Files and hashes: 1: 1-OkpooCR750DOU3KO4Q0Au9Ls5A.roa (hash: Dj+AT1jX9rfVhJFGXz9XaLtPSZgqG/nTfTCrODe4StE=)
2: 2f8MyFNVS935CZqjzuvTUka5KPU.crl (hash: AgU+VzrVYU47ApAGxZGLmMRygQUYD9XH8yfRYia865A=)
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9b/aaa05d-e7b1-4e39-8470-cafe5e7db758/1/2f8MyFNVS935CZqjzuvTUka5KPU.crl
rsync://rpki.ripe.net/repository/DEFAULT/9b/aaa05d-e7b1-4e39-8470-cafe5e7db758/1/2f8MyFNVS935CZqjzuvTUka5KPU.mft
rsync://rpki.ripe.net/repository/DEFAULT/2f8MyFNVS935CZqjzuvTUka5KPU.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 08:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:29:29:30:82:17:86:ac:9d:f8:29:8c:05:17:ca:8c:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9ff0cc853554bddf9099aa3ceebd35246b928f5
Validity
Not Before: Mar 26 08:00:58 2026 GMT
Not After : Mar 27 08:00:58 2026 GMT
Subject: CN=4db6c69422927073b66eeb43dc98eca659f6e5fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:e9:7b:c0:af:18:60:b2:b3:3f:19:bb:cf:86:
df:ba:40:8f:a2:8e:f6:87:99:4c:6f:04:04:ec:36:
72:20:db:4b:ac:c0:da:52:32:4a:eb:5f:80:0c:85:
14:9a:27:4a:73:f8:6b:7d:72:ca:67:c3:25:9f:8c:
bb:bc:22:9b:1d:46:f1:af:fd:e7:27:83:64:9b:9c:
46:7f:9b:9e:8b:ee:c6:ab:af:18:ef:8b:c2:96:b6:
22:2f:3e:01:2e:db:61:0a:25:57:8b:af:cf:25:a9:
a3:db:12:78:6a:f9:7d:b5:e3:80:f1:b6:4f:bb:89:
72:3a:d6:c0:fc:c2:42:5a:f6:20:57:e0:b0:8e:67:
be:14:f1:99:3e:b0:27:1b:a6:42:f5:e9:6e:e9:50:
27:63:33:75:5c:36:74:9a:6d:bd:b2:15:80:c3:83:
04:02:7b:26:93:8d:b5:eb:9e:61:e2:4f:be:64:26:
64:5b:02:73:be:95:9c:3c:99:c9:d9:a4:ec:df:06:
40:26:77:5d:69:be:8f:77:51:a6:51:70:eb:db:41:
75:ad:5e:d5:8b:ad:9e:9d:ce:04:b6:15:23:e5:d3:
42:e8:be:90:b0:9c:43:51:75:d3:ce:fb:d7:b8:d5:
09:2d:a9:b4:b1:89:6c:c4:8d:36:e8:fc:7e:e4:11:
b8:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:B6:C6:94:22:92:70:73:B6:6E:EB:43:DC:98:EC:A6:59:F6:E5:FD
X509v3 Authority Key Identifier:
keyid:D9:FF:0C:C8:53:55:4B:DD:F9:09:9A:A3:CE:EB:D3:52:46:B9:28:F5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f8MyFNVS935CZqjzuvTUka5KPU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/aaa05d-e7b1-4e39-8470-cafe5e7db758/1/2f8MyFNVS935CZqjzuvTUka5KPU.mft
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/aaa05d-e7b1-4e39-8470-cafe5e7db758/1/2f8MyFNVS935CZqjzuvTUka5KPU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4: inherit
IPv6: inherit
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
inherit
Signature Algorithm: sha256WithRSAEncryption
0f:0d:62:af:ff:1a:f5:3d:24:c4:db:25:90:44:cf:8f:bf:12:
c6:7a:03:55:8b:af:3b:d7:c8:06:14:9b:40:d3:83:e4:a4:b1:
22:b9:91:d0:70:a8:ee:9f:38:e5:dc:cd:5b:91:c2:c9:ba:4b:
5a:19:be:e5:ac:e1:24:33:2b:65:29:af:2e:8b:a9:a2:01:19:
98:01:1f:cf:64:79:ac:ab:54:21:7b:41:0d:7c:82:43:92:99:
0e:5c:47:bf:e5:cf:da:9a:5d:b4:39:a0:1d:d1:96:70:7d:5f:
6d:9a:32:b5:6e:32:f7:a9:7c:c8:50:64:0b:44:75:35:31:11:
23:a3:d7:71:15:21:9e:67:0c:58:f2:01:dc:0e:30:0d:cd:17:
b2:b5:89:39:86:e4:4c:4c:68:0b:04:ec:5f:6c:6e:77:60:ac:
32:65:dd:14:28:25:5c:ff:99:45:73:6e:df:0d:5d:da:1f:16:
33:67:7a:9f:51:14:b3:f8:1b:05:83:e8:74:1e:34:2f:20:d6:
59:80:2e:92:62:37:b9:2f:d6:10:86:7f:2d:0b:9c:6c:ef:13:
8e:10:ff:51:fa:21:35:e9:e8:1d:fe:73:b8:32:45:dd:00:23:
2f:04:af:dd:1a:c7:38:6e:f2:14:56:e8:69:02:09:ca:f3:c2:
62:14:d8:e4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0pKTCCF4asnfgpjAUXyoyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmYwY2M4NTM1NTRiZGRmOTA5OWFhM2NlZWJkMzUyNDZi
OTI4ZjUwHhcNMjYwMzI2MDgwMDU4WhcNMjYwMzI3MDgwMDU4WjAzMTEwLwYDVQQD
Eyg0ZGI2YzY5NDIyOTI3MDczYjY2ZWViNDNkYzk4ZWNhNjU5ZjZlNWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOl7wK8YYLKzPxm7z4bfukCPoo72
h5lMbwQE7DZyINtLrMDaUjJK61+ADIUUmidKc/hrfXLKZ8Mln4y7vCKbHUbxr/3n
J4Nkm5xGf5uei+7Gq68Y74vClrYiLz4BLtthCiVXi6/PJamj2xJ4avl9teOA8bZP
u4lyOtbA/MJCWvYgV+Cwjme+FPGZPrAnG6ZC9elu6VAnYzN1XDZ0mm29shWAw4ME
Ansmk421655h4k++ZCZkWwJzvpWcPJnJ2aTs3wZAJnddab6Pd1GmUXDr20F1rV7V
i62enc4EthUj5dNC6L6QsJxDUXXTzvvXuNUJLam0sYlsxI026Px+5BG4LQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFE22xpQiknBztm7rQ9yY7KZZ9uX9MB8GA1UdIwQY
MBaAFNn/DMhTVUvd+Qmao87r01JGuSj1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmY4TXlGTlZTOTM1Q1pxanp1dlRVa2E1S1BVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9hYWEwNWQtZTdiMS00ZTM5LTg0NzAt
Y2FmZTVlN2RiNzU4LzEvMmY4TXlGTlZTOTM1Q1pxanp1dlRVa2E1S1BVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9hYWEwNWQtZTdiMS00ZTM5LTg0NzAtY2FmZTVlN2RiNzU4
LzEvMmY4TXlGTlZTOTM1Q1pxanp1dlRVa2E1S1BVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEADw1ir/8a
9T0kxNslkETPj78SxnoDVYuvO9fIBhSbQNOD5KSxIrmR0HCo7p845dzNW5HCybpL
Whm+5azhJDMrZSmvLoupogEZmAEfz2R5rKtUIXtBDXyCQ5KZDlxHv+XP2ppdtDmg
HdGWcH1fbZoytW4y96l8yFBkC0R1NTERI6PXcRUhnmcMWPIB3A4wDc0XsrWJOYbk
TExoCwTsX2xud2CsMmXdFCglXP+ZRXNu3w1d2h8WM2d6n1EUs/gbBYPodB40LyDW
WYAukmI3uS/WEIZ/LQucbO8TjhD/UfohNenoHf5zuDJF3QAjLwSv3RrHOG7yFFbo
aQIJyvPCYhTY5A==
-----END CERTIFICATE-----
Generated at Thu Mar 26 13:50:55 2026 by rpki-client