Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/1f95ab-f2a5-40fc-90c4-ac854cc5d051/1/_xcGtTYa7OO3e5sag2JA1IS9C1Q.mft
File:                     _xcGtTYa7OO3e5sag2JA1IS9C1Q.mft (raw, json)
Hash identifier:          CJsTdS33fQUyVL+EQcH7CavBXN4n5bs1iyU4q1c5+RQ=
Subject key identifier:   70:34:85:FC:D1:DE:ED:56:01:39:34:69:7A:A5:47:FF:86:88:74:C5
Authority key identifier: FF:17:06:B5:36:1A:EC:E3:B7:7B:9B:1A:83:62:40:D4:84:BD:0B:54
Certificate issuer:       /CN=ff1706b5361aece3b77b9b1a836240d484bd0b54
Certificate serial:       019D25F1F358CDDA315CA12268880942CB30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_xcGtTYa7OO3e5sag2JA1IS9C1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/1f95ab-f2a5-40fc-90c4-ac854cc5d051/1/_xcGtTYa7OO3e5sag2JA1IS9C1Q.mft
Manifest number:          0127
Signing time:             Wed 25 Mar 2026 17:01:46 +0000
Manifest this update:     Wed 25 Mar 2026 17:01:46 +0000
Manifest next update:     Thu 26 Mar 2026 17:01:46 +0000
Files and hashes:         1: _xcGtTYa7OO3e5sag2JA1IS9C1Q.crl (hash: p/QkH8h+fEBkTV9dUvA9OJ897UduAztybUeyIFMle+w=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/1f95ab-f2a5-40fc-90c4-ac854cc5d051/1/_xcGtTYa7OO3e5sag2JA1IS9C1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/1f95ab-f2a5-40fc-90c4-ac854cc5d051/1/_xcGtTYa7OO3e5sag2JA1IS9C1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_xcGtTYa7OO3e5sag2JA1IS9C1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:f1:f3:58:cd:da:31:5c:a1:22:68:88:09:42:cb:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff1706b5361aece3b77b9b1a836240d484bd0b54
        Validity
            Not Before: Mar 25 17:01:46 2026 GMT
            Not After : Mar 26 17:01:46 2026 GMT
        Subject: CN=703485fcd1deed56013934697aa547ff868874c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:18:f0:ce:3c:3d:46:c2:f5:67:e6:c9:14:54:
                    ef:14:14:ff:f7:46:a0:ea:70:51:30:6f:da:be:00:
                    d1:7d:3b:60:f1:ef:f4:0b:78:bf:1f:ed:57:42:91:
                    0c:fc:7c:7c:b0:33:bc:cd:26:f2:18:61:55:ff:9a:
                    5a:78:c8:54:d5:07:2c:90:05:52:1a:52:a5:28:cd:
                    64:72:78:74:83:52:ce:63:94:2f:23:f2:7d:ca:b3:
                    a4:55:89:e7:2e:43:ad:16:df:ec:1c:66:33:0e:6d:
                    93:0c:5c:05:43:b9:e7:9b:c7:b9:a5:ba:e8:2c:3a:
                    29:72:69:b2:c7:c7:d0:51:74:71:9f:cb:a9:10:e8:
                    6f:e3:86:1c:90:4c:ab:ac:25:df:bf:70:01:ab:06:
                    86:13:85:0d:53:2d:66:b9:46:8e:b8:d6:23:dd:02:
                    d1:ff:30:62:d4:ca:be:d9:b3:2b:2e:2f:50:b8:ee:
                    22:a7:6e:fd:a8:dc:c5:fa:c8:b6:b7:67:3a:c6:7f:
                    16:c1:fb:bb:de:5d:e3:dd:0e:5e:0f:cf:d2:45:ea:
                    d5:6f:00:a6:b9:fb:52:5d:d5:f7:46:9b:42:e1:30:
                    ea:33:6c:73:b6:32:a8:af:87:26:5f:e5:50:4c:5e:
                    26:c1:bd:da:83:56:b4:5c:d6:18:78:7f:f1:21:c6:
                    9a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:34:85:FC:D1:DE:ED:56:01:39:34:69:7A:A5:47:FF:86:88:74:C5
            X509v3 Authority Key Identifier:
                keyid:FF:17:06:B5:36:1A:EC:E3:B7:7B:9B:1A:83:62:40:D4:84:BD:0B:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_xcGtTYa7OO3e5sag2JA1IS9C1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1f95ab-f2a5-40fc-90c4-ac854cc5d051/1/_xcGtTYa7OO3e5sag2JA1IS9C1Q.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/1f95ab-f2a5-40fc-90c4-ac854cc5d051/1/_xcGtTYa7OO3e5sag2JA1IS9C1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         32:a1:f9:3b:23:d5:6a:be:7c:68:21:3f:74:f0:35:a9:8a:f5:
         91:5e:97:35:66:d8:df:d9:34:22:42:77:aa:f7:d9:12:be:aa:
         ff:15:a0:31:34:0a:d1:68:57:11:5a:bb:c3:ea:d5:a0:41:99:
         1c:c5:27:b2:1f:f4:3a:fc:95:c1:36:08:e8:73:93:26:63:41:
         1d:67:fe:a7:12:3e:74:8a:02:27:53:2f:d2:24:99:34:9c:4a:
         9c:3a:d0:9d:35:20:6a:df:6a:20:bb:13:fa:de:11:07:5a:19:
         65:eb:57:37:79:03:15:d7:78:c2:1a:2b:47:63:af:e4:98:27:
         74:42:30:8f:74:33:01:ec:19:54:ca:21:a4:d0:f7:38:ea:2b:
         6e:7c:e0:78:5a:a8:b9:ea:4c:49:e1:24:40:a3:c5:14:68:4f:
         e5:af:29:a4:8f:5d:54:e2:71:0e:02:dd:fa:1f:2c:36:9d:e5:
         b4:27:f7:9c:71:ef:bb:da:51:dc:4b:6d:ec:d4:f4:cb:e3:9e:
         1c:e0:68:24:61:76:b0:b1:d7:34:12:92:ec:02:f1:00:1b:03:
         e8:ff:20:bb:ff:d1:10:2f:f1:d2:6d:84:ae:90:dc:f9:3b:c0:
         aa:43:0f:17:0d:93:44:8f:2b:97:d4:cb:70:32:85:90:58:98:
         ef:63:09:9c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0l8fNYzdoxXKEiaIgJQsswMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMTcwNmI1MzYxYWVjZTNiNzdiOWIxYTgzNjI0MGQ0ODRi
ZDBiNTQwHhcNMjYwMzI1MTcwMTQ2WhcNMjYwMzI2MTcwMTQ2WjAzMTEwLwYDVQQD
Eyg3MDM0ODVmY2QxZGVlZDU2MDEzOTM0Njk3YWE1NDdmZjg2ODg3NGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBjwzjw9RsL1Z+bJFFTvFBT/90ag
6nBRMG/avgDRfTtg8e/0C3i/H+1XQpEM/Hx8sDO8zSbyGGFV/5paeMhU1QcskAVS
GlKlKM1kcnh0g1LOY5QvI/J9yrOkVYnnLkOtFt/sHGYzDm2TDFwFQ7nnm8e5pbro
LDopcmmyx8fQUXRxn8upEOhv44YckEyrrCXfv3ABqwaGE4UNUy1muUaOuNYj3QLR
/zBi1Mq+2bMrLi9QuO4ip279qNzF+si2t2c6xn8Wwfu73l3j3Q5eD8/SRerVbwCm
uftSXdX3RptC4TDqM2xztjKor4cmX+VQTF4mwb3ag1a0XNYYeH/xIcaaPQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHA0hfzR3u1WATk0aXqlR/+GiHTFMB8GA1UdIwQY
MBaAFP8XBrU2Guzjt3ubGoNiQNSEvQtUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3hjR3RUWWE3T08zZTVzYWcySkExSVM5QzFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8xZjk1YWItZjJhNS00MGZjLTkwYzQt
YWM4NTRjYzVkMDUxLzEvX3hjR3RUWWE3T08zZTVzYWcySkExSVM5QzFRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8xZjk1YWItZjJhNS00MGZjLTkwYzQtYWM4NTRjYzVkMDUx
LzEvX3hjR3RUWWE3T08zZTVzYWcySkExSVM5QzFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAMqH5OyPV
ar58aCE/dPA1qYr1kV6XNWbY39k0IkJ3qvfZEr6q/xWgMTQK0WhXEVq7w+rVoEGZ
HMUnsh/0OvyVwTYI6HOTJmNBHWf+pxI+dIoCJ1Mv0iSZNJxKnDrQnTUgat9qILsT
+t4RB1oZZetXN3kDFdd4whorR2Ov5JgndEIwj3QzAewZVMohpND3OOorbnzgeFqo
uepMSeEkQKPFFGhP5a8ppI9dVOJxDgLd+h8sNp3ltCf3nHHvu9pR3Ett7NT0y+Oe
HOBoJGF2sLHXNBKS7ALxABsD6P8gu//REC/x0m2ErpDc+TvAqkMPFw2TRI8rl9TL
cDKFkFiY72MJnA==
-----END CERTIFICATE-----