Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
File:                     vfSGpExRBdeBNXKUVhzMPROk1nE.mft (raw, json)
Hash identifier:          Y/x9WR1vyvf1VJyi4BC+1rnPu1Bzw1a5oPT2UNUyU7k=
Subject key identifier:   71:D3:A3:F3:3D:A9:EC:9E:0C:7F:7B:40:D2:7F:E4:74:4B:A8:B0:49
Authority key identifier: BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71
Certificate issuer:       /CN=bdf486a44c5105d781357294561ccc3d13a4d671
Certificate serial:       019D2960F462ADD93781F654CE20B95C62C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfSGpExRBdeBNXKUVhzMPROk1nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
Manifest number:          0AF7
Signing time:             Thu 26 Mar 2026 09:01:53 +0000
Manifest this update:     Thu 26 Mar 2026 09:01:53 +0000
Manifest next update:     Fri 27 Mar 2026 09:01:53 +0000
Files and hashes:         1: vfSGpExRBdeBNXKUVhzMPROk1nE.crl (hash: cOI6Lo7SGgwROk4dvxk3dirdA/6h5MAlsQ9Le8k9xOM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfSGpExRBdeBNXKUVhzMPROk1nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:60:f4:62:ad:d9:37:81:f6:54:ce:20:b9:5c:62:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf486a44c5105d781357294561ccc3d13a4d671
        Validity
            Not Before: Mar 26 09:01:53 2026 GMT
            Not After : Mar 27 09:01:53 2026 GMT
        Subject: CN=71d3a3f33da9ec9e0c7f7b40d27fe4744ba8b049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fb:82:f8:f1:8d:c3:a9:ae:b6:f4:73:37:74:
                    1b:3f:a7:ce:a2:cc:5d:3b:83:48:9e:52:e9:8b:c3:
                    61:0a:48:1f:70:cd:d2:47:bf:15:c7:ce:45:0b:d9:
                    e5:26:4d:89:af:87:ae:12:4f:ea:0f:f3:37:ad:8c:
                    06:4b:25:12:e4:c3:78:79:07:85:3e:b9:c3:67:35:
                    77:16:95:86:17:dd:6d:d7:d6:d1:bc:ca:c8:be:3b:
                    4b:71:d0:44:57:e9:40:39:38:bb:3d:48:ae:fc:ac:
                    25:30:82:3f:11:b9:04:28:95:00:e2:a0:a6:5f:a6:
                    48:a3:e1:c4:f8:c7:70:7f:6e:17:ee:93:d0:0e:38:
                    b2:07:45:80:af:61:1d:04:44:fe:04:39:8f:cb:bc:
                    93:fb:77:70:75:73:21:ed:92:08:39:9d:38:c1:56:
                    ba:28:14:a1:80:eb:a6:bb:c6:72:1d:0c:d1:46:5e:
                    8d:b3:78:fe:54:aa:ab:e8:9d:4b:a2:0a:43:60:c0:
                    a6:b4:e5:62:ef:96:af:cf:92:85:c0:66:e7:e9:fd:
                    f5:23:f5:d5:0d:47:e9:1e:f6:aa:1a:12:02:fd:be:
                    ba:fc:bb:a0:d5:8f:69:a1:c5:f1:82:d9:38:b3:1c:
                    57:9a:59:c7:c5:6b:57:40:21:be:1c:fc:25:a8:12:
                    9d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:D3:A3:F3:3D:A9:EC:9E:0C:7F:7B:40:D2:7F:E4:74:4B:A8:B0:49
            X509v3 Authority Key Identifier:
                keyid:BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfSGpExRBdeBNXKUVhzMPROk1nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         28:eb:f6:ce:54:aa:4b:67:75:db:9d:d5:5a:4f:3b:d3:6b:af:
         35:43:88:f2:fa:63:a1:08:44:89:ca:af:58:4d:aa:4b:07:ec:
         54:e4:a0:7e:1f:da:af:01:f1:77:9d:13:bf:89:47:c0:e6:ea:
         c5:02:66:26:6d:31:3e:b8:83:4f:50:fd:4d:19:a8:32:aa:5c:
         32:54:b8:3c:2b:c7:80:c3:66:98:09:74:ac:a5:7b:00:bf:a0:
         e2:2a:b2:82:29:17:1a:af:be:cb:4c:78:10:19:9e:c1:2a:2e:
         a5:7e:0b:b0:a7:19:16:c7:a6:de:d5:b3:92:e6:d6:cf:15:b9:
         3d:6d:0a:af:b6:e2:5c:b3:7f:98:38:2d:49:39:56:94:4d:c2:
         7d:60:1f:68:a4:2c:2a:d2:c0:21:f2:f7:13:8a:85:ae:bc:ef:
         2f:54:b3:5a:6a:8d:16:76:00:fa:5d:5f:aa:0e:88:0d:5f:8a:
         0c:8b:03:1b:56:7f:7b:65:c3:fc:50:5c:2e:4f:a1:22:b3:3f:
         53:fe:6c:15:f1:95:07:12:a0:4d:fd:0f:f0:64:f6:3f:89:f6:
         4a:95:ea:49:30:32:45:95:f1:8e:c1:d5:bf:6a:7f:f2:dc:ee:
         aa:0e:e6:27:25:8f:a1:4d:c7:76:8f:a8:e1:f5:41:09:5e:36:
         02:12:b9:74
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0pYPRirdk3gfZUziC5XGLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjQ4NmE0NGM1MTA1ZDc4MTM1NzI5NDU2MWNjYzNkMTNh
NGQ2NzEwHhcNMjYwMzI2MDkwMTUzWhcNMjYwMzI3MDkwMTUzWjAzMTEwLwYDVQQD
Eyg3MWQzYTNmMzNkYTllYzllMGM3ZjdiNDBkMjdmZTQ3NDRiYThiMDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/uC+PGNw6mutvRzN3QbP6fOosxd
O4NInlLpi8NhCkgfcM3SR78Vx85FC9nlJk2Jr4euEk/qD/M3rYwGSyUS5MN4eQeF
PrnDZzV3FpWGF91t19bRvMrIvjtLcdBEV+lAOTi7PUiu/KwlMII/EbkEKJUA4qCm
X6ZIo+HE+Mdwf24X7pPQDjiyB0WAr2EdBET+BDmPy7yT+3dwdXMh7ZIIOZ04wVa6
KBShgOumu8ZyHQzRRl6Ns3j+VKqr6J1LogpDYMCmtOVi75avz5KFwGbn6f31I/XV
DUfpHvaqGhIC/b66/Lug1Y9pocXxgtk4sxxXmlnHxWtXQCG+HPwlqBKdEwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHHTo/M9qeyeDH97QNJ/5HRLqLBJMB8GA1UdIwQY
MBaAFL30hqRMUQXXgTVylFYczD0TpNZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZTR3BFeFJCZGVCTlhLVVZoek1QUk9rMW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iOGIyNzgtZjliZC00MGUxLTgwM2Et
ZjY5MWY2NDc1OGFjLzEvdmZTR3BFeFJCZGVCTlhLVVZoek1QUk9rMW5FLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iOGIyNzgtZjliZC00MGUxLTgwM2EtZjY5MWY2NDc1OGFj
LzEvdmZTR3BFeFJCZGVCTlhLVVZoek1QUk9rMW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAKOv2zlSq
S2d1253VWk8702uvNUOI8vpjoQhEicqvWE2qSwfsVOSgfh/arwHxd50Tv4lHwObq
xQJmJm0xPriDT1D9TRmoMqpcMlS4PCvHgMNmmAl0rKV7AL+g4iqygikXGq++y0x4
EBmewSoupX4LsKcZFsem3tWzkubWzxW5PW0Kr7biXLN/mDgtSTlWlE3CfWAfaKQs
KtLAIfL3E4qFrrzvL1SzWmqNFnYA+l1fqg6IDV+KDIsDG1Z/e2XD/FBcLk+hIrM/
U/5sFfGVBxKgTf0P8GT2P4n2SpXqSTAyRZXxjsHVv2p/8tzuqg7mJyWPoU3Hdo+o
4fVBCV42AhK5dA==
-----END CERTIFICATE-----