Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
File:                     cl3CBR5_PY1hf1UYng7m8xdNkto.mft (raw, json)
Hash identifier:          FNRVhenAY8dUBJyKJQTAHI0auI88dBIKCBbooQ4Pz8g=
Subject key identifier:   FB:5E:AA:02:0E:01:89:A8:A3:53:0B:84:DA:E5:BF:C2:03:83:72:14
Authority key identifier: 72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA
Certificate issuer:       /CN=725dc2051e7f3d8d617f55189e0ee6f3174d92da
Certificate serial:       019D2772BC686F6976F9E73E8F994539A4CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
Manifest number:          05AB
Signing time:             Thu 26 Mar 2026 00:02:03 +0000
Manifest this update:     Thu 26 Mar 2026 00:02:03 +0000
Manifest next update:     Fri 27 Mar 2026 00:02:03 +0000
Files and hashes:         1: cl3CBR5_PY1hf1UYng7m8xdNkto.crl (hash: tkeRCRIyKB3jsLiEmp5ztMNhoJOW54VdMit8URIQwBU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:72:bc:68:6f:69:76:f9:e7:3e:8f:99:45:39:a4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725dc2051e7f3d8d617f55189e0ee6f3174d92da
        Validity
            Not Before: Mar 26 00:02:03 2026 GMT
            Not After : Mar 27 00:02:03 2026 GMT
        Subject: CN=fb5eaa020e0189a8a3530b84dae5bfc203837214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ff:cc:a1:07:b0:ad:07:44:8c:9c:78:b5:03:
                    ab:57:6a:ed:66:f3:0f:da:59:7b:f4:a1:5d:e2:10:
                    1f:8f:e6:47:18:50:34:23:2c:3b:49:19:31:88:a7:
                    fb:2d:8c:ab:73:8b:38:47:a8:a8:52:fa:54:92:62:
                    bd:7e:03:38:89:97:e0:0a:ed:cc:08:af:11:af:28:
                    74:f0:8d:3c:34:5c:31:0e:91:04:94:c8:1f:16:c0:
                    a8:f3:af:f4:1f:63:55:14:4e:fe:a3:a8:52:e1:57:
                    c3:4d:24:e5:f4:46:41:a2:c5:70:a2:ce:57:c1:d6:
                    31:71:29:16:95:f9:db:7d:89:91:c8:b8:89:c3:2c:
                    6f:cf:6a:51:2f:35:c9:8e:e4:ae:ae:72:66:fc:0c:
                    bf:96:25:dc:be:11:8e:37:9b:75:04:4d:d5:f2:40:
                    c4:06:32:18:1e:37:af:2c:97:1a:34:2d:46:6b:80:
                    1a:72:bd:5b:72:53:50:b9:ae:cf:f6:31:c9:6f:d8:
                    b1:6b:82:37:89:77:5c:bb:f5:80:ce:3d:a9:23:dc:
                    c1:53:74:bc:dc:d1:f4:07:d9:fa:cf:fb:74:d1:e6:
                    78:ec:d7:48:90:9d:84:93:2e:27:6a:99:b2:94:6e:
                    06:30:0b:39:b2:20:9d:d9:2f:96:20:7a:75:d6:6a:
                    31:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5E:AA:02:0E:01:89:A8:A3:53:0B:84:DA:E5:BF:C2:03:83:72:14
            X509v3 Authority Key Identifier:
                keyid:72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         2a:c1:96:97:b2:12:45:67:f0:39:58:04:3a:63:b7:5f:f0:e4:
         b1:4f:a8:04:8b:f9:c6:73:13:c8:e7:8c:16:1f:b5:07:e3:d8:
         39:0e:b1:6a:16:36:6a:58:5d:8b:9c:e8:b2:ce:69:28:3c:56:
         40:26:8a:ee:22:50:92:10:a1:05:a0:b9:50:44:f9:38:bf:92:
         a8:81:66:12:ab:d4:5d:38:0d:4c:c6:e1:79:45:36:66:55:82:
         2f:a9:49:40:4f:bb:ee:87:0e:10:7a:10:f9:4c:17:d7:95:6e:
         28:60:37:e1:dc:50:2a:40:0b:b0:35:6d:2e:e1:cb:6c:ed:7d:
         ad:cb:f9:1f:ac:d9:f9:03:dc:56:fb:16:88:34:f3:0f:86:b6:
         90:4f:5d:2d:ad:4c:91:89:90:00:dd:c4:07:e9:85:1e:3a:d4:
         b4:d8:9f:c2:0e:ad:03:46:88:90:f1:a0:24:da:d0:5a:f3:4c:
         1a:60:66:ef:9b:70:6f:83:12:a0:bc:d8:fd:84:35:07:ea:7b:
         52:f0:a8:bd:8d:ca:bc:e3:46:3f:d4:e4:49:96:1a:f5:03:1f:
         9b:95:e7:16:21:4e:7c:51:a4:4a:9e:fc:44:63:93:1f:b8:d3:
         ef:a4:c1:33:04:76:af:cd:f4:9e:4d:bd:f9:b6:ba:be:cd:dd:
         ca:91:54:61
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0ncrxob2l2+ec+j5lFOaTOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWRjMjA1MWU3ZjNkOGQ2MTdmNTUxODllMGVlNmYzMTc0
ZDkyZGEwHhcNMjYwMzI2MDAwMjAzWhcNMjYwMzI3MDAwMjAzWjAzMTEwLwYDVQQD
EyhmYjVlYWEwMjBlMDE4OWE4YTM1MzBiODRkYWU1YmZjMjAzODM3MjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP/MoQewrQdEjJx4tQOrV2rtZvMP
2ll79KFd4hAfj+ZHGFA0Iyw7SRkxiKf7LYyrc4s4R6ioUvpUkmK9fgM4iZfgCu3M
CK8Rryh08I08NFwxDpEElMgfFsCo86/0H2NVFE7+o6hS4VfDTSTl9EZBosVwos5X
wdYxcSkWlfnbfYmRyLiJwyxvz2pRLzXJjuSurnJm/Ay/liXcvhGON5t1BE3V8kDE
BjIYHjevLJcaNC1Ga4Aacr1bclNQua7P9jHJb9ixa4I3iXdcu/WAzj2pI9zBU3S8
3NH0B9n6z/t00eZ47NdIkJ2Eky4napmylG4GMAs5siCd2S+WIHp11moxEwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPteqgIOAYmoo1MLhNrlv8IDg3IUMB8GA1UdIwQY
MBaAFHJdwgUefz2NYX9VGJ4O5vMXTZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2wzQ0JSNV9QWTFoZjFVWW5nN204eGROa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ODQxMTEtNmY3Yy00ZTY5LTk0Yzkt
ZmYwZjUyNjMzNTI3LzEvY2wzQ0JSNV9QWTFoZjFVWW5nN204eGROa3RvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ODQxMTEtNmY3Yy00ZTY5LTk0YzktZmYwZjUyNjMzNTI3
LzEvY2wzQ0JSNV9QWTFoZjFVWW5nN204eGROa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAKsGWl7IS
RWfwOVgEOmO3X/DksU+oBIv5xnMTyOeMFh+1B+PYOQ6xahY2alhdi5zoss5pKDxW
QCaK7iJQkhChBaC5UET5OL+SqIFmEqvUXTgNTMbheUU2ZlWCL6lJQE+77ocOEHoQ
+UwX15VuKGA34dxQKkALsDVtLuHLbO19rcv5H6zZ+QPcVvsWiDTzD4a2kE9dLa1M
kYmQAN3EB+mFHjrUtNifwg6tA0aIkPGgJNrQWvNMGmBm75twb4MSoLzY/YQ1B+p7
UvCovY3KvONGP9TkSZYa9QMfm5XnFiFOfFGkSp78RGOTH7jT76TBMwR2r830nk29
+ba6vs3dypFUYQ==
-----END CERTIFICATE-----