Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
File:                     QHsur7H0zNuzzWzU10srM5eKC3A.mft (raw, json)
Hash identifier:          tcgi6jUlLAIJRQzIOW4p3jb7kCwrDw3JlzX3YqykNvI=
Subject key identifier:   A5:E3:04:99:76:F0:40:70:3A:50:5D:FA:F6:E1:95:8B:FB:76:46:0E
Authority key identifier: 40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70
Certificate issuer:       /CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
Certificate serial:       019D2703F34457E521424FB41CCEFFB01042
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
Manifest number:          1884
Signing time:             Wed 25 Mar 2026 22:01:03 +0000
Manifest this update:     Wed 25 Mar 2026 22:01:03 +0000
Manifest next update:     Thu 26 Mar 2026 22:01:03 +0000
Files and hashes:         1: QHsur7H0zNuzzWzU10srM5eKC3A.crl (hash: tS1lGlhpCiQkV8n78v6Ug+dOmjv/AmC7Ewk2YR2s/5o=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:03:f3:44:57:e5:21:42:4f:b4:1c:ce:ff:b0:10:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
        Validity
            Not Before: Mar 25 22:01:03 2026 GMT
            Not After : Mar 26 22:01:03 2026 GMT
        Subject: CN=a5e3049976f040703a505dfaf6e1958bfb76460e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:86:77:8e:ec:82:b3:c0:00:45:a1:85:9d:af:
                    c8:45:be:26:b4:9c:dc:d6:de:02:31:1c:31:aa:42:
                    d4:4e:db:68:8e:e5:d6:d0:75:65:43:47:48:da:ed:
                    3f:8e:fa:0f:70:41:c6:36:51:7f:0b:30:ac:b3:89:
                    6d:8d:52:66:5a:7d:09:64:10:4e:c5:92:fb:fc:09:
                    38:9d:ff:c6:ae:5b:e0:11:7c:64:b7:9e:6f:eb:4f:
                    c4:bc:75:1f:0a:28:a3:4f:91:fd:0d:26:0e:dc:3e:
                    e6:00:0e:84:5a:a0:42:06:76:d9:21:c3:7b:27:c8:
                    a5:dc:18:8e:b2:b6:dd:a9:75:43:74:98:65:17:a4:
                    e8:10:7c:35:c7:a3:2f:4d:f0:76:60:d0:0f:98:f6:
                    d3:38:0c:ce:c1:af:bf:8c:cd:bd:e1:3b:9d:95:7d:
                    d6:53:d3:85:dc:7e:34:ee:91:2d:50:ea:59:a8:b3:
                    be:9f:f4:b4:6c:54:e4:0b:c3:9f:ac:f8:27:c8:81:
                    ce:bf:f6:e3:f4:5f:55:03:9f:7a:82:ab:98:a8:fb:
                    87:e0:e8:81:88:0e:34:44:7f:df:c5:2b:c3:d7:f6:
                    df:aa:c0:c4:a2:24:d2:9f:fc:67:db:43:68:0f:d0:
                    58:86:6a:82:b9:18:17:45:32:3c:87:a2:b4:d3:47:
                    28:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:E3:04:99:76:F0:40:70:3A:50:5D:FA:F6:E1:95:8B:FB:76:46:0E
            X509v3 Authority Key Identifier:
                keyid:40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         2a:45:fb:01:95:0f:03:71:74:8e:e7:a5:b7:30:84:47:e5:95:
         b4:29:aa:31:b7:ec:27:c1:13:c2:b6:c0:bc:a0:6b:e6:07:b4:
         77:40:39:f1:84:2d:07:1a:08:95:0f:3d:67:bd:71:0c:f7:cc:
         35:18:0c:46:6e:1d:4c:40:54:33:9b:cd:de:7d:95:05:ee:de:
         35:b2:99:d0:47:b2:9a:cb:34:c3:85:1e:84:43:af:7d:59:6f:
         51:1a:a3:4c:6c:25:66:ed:10:2c:47:14:e0:38:69:03:fb:80:
         f7:a2:6b:67:e5:70:dc:17:14:6d:01:39:c6:96:1a:f3:dd:7c:
         8e:7d:db:7a:de:9a:72:a4:9e:c4:98:f8:ab:54:75:5c:2b:1c:
         c1:0c:70:c8:f7:20:94:ad:bd:3d:eb:f9:60:89:03:46:91:49:
         eb:08:8f:1b:08:dc:55:a8:31:ff:5d:9a:df:5e:5d:fc:a8:a4:
         4a:fa:14:27:08:55:2c:8c:d2:50:a1:8e:48:6f:a6:71:98:9a:
         a2:ea:d8:c5:a7:c8:01:4e:bd:be:26:e6:3c:f5:8a:31:96:b0:
         e5:06:02:ec:3a:f9:89:44:46:8c:9b:98:34:d5:85:c1:73:e2:
         5d:00:51:21:b7:8b:92:5c:03:9e:b7:87:ca:56:c8:88:2c:d2:
         db:a6:e1:b4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0nA/NEV+UhQk+0HM7/sBBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2IyZWFmYjFmNGNjZGJiM2NkNmNkNGQ3NGIyYjMzOTc4
YTBiNzAwHhcNMjYwMzI1MjIwMTAzWhcNMjYwMzI2MjIwMTAzWjAzMTEwLwYDVQQD
EyhhNWUzMDQ5OTc2ZjA0MDcwM2E1MDVkZmFmNmUxOTU4YmZiNzY0NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoZ3juyCs8AARaGFna/IRb4mtJzc
1t4CMRwxqkLUTttojuXW0HVlQ0dI2u0/jvoPcEHGNlF/CzCss4ltjVJmWn0JZBBO
xZL7/Ak4nf/GrlvgEXxkt55v60/EvHUfCiijT5H9DSYO3D7mAA6EWqBCBnbZIcN7
J8il3BiOsrbdqXVDdJhlF6ToEHw1x6MvTfB2YNAPmPbTOAzOwa+/jM294TudlX3W
U9OF3H407pEtUOpZqLO+n/S0bFTkC8OfrPgnyIHOv/bj9F9VA596gquYqPuH4OiB
iA40RH/fxSvD1/bfqsDEoiTSn/xn20NoD9BYhmqCuRgXRTI8h6K000coMwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKXjBJl28EBwOlBd+vbhlYv7dkYOMB8GA1UdIwQY
MBaAFEB7Lq+x9Mzbs81s1NdLKzOXigtwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgt
YzJlNjY4YzE5NzI3LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgtYzJlNjY4YzE5NzI3
LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAKkX7AZUP
A3F0jueltzCER+WVtCmqMbfsJ8ETwrbAvKBr5ge0d0A58YQtBxoIlQ89Z71xDPfM
NRgMRm4dTEBUM5vN3n2VBe7eNbKZ0Eeymss0w4UehEOvfVlvURqjTGwlZu0QLEcU
4DhpA/uA96JrZ+Vw3BcUbQE5xpYa8918jn3bet6acqSexJj4q1R1XCscwQxwyPcg
lK29Pev5YIkDRpFJ6wiPGwjcVagx/12a315d/KikSvoUJwhVLIzSUKGOSG+mcZia
ourYxafIAU69vibmPPWKMZaw5QYC7Dr5iURGjJuYNNWFwXPiXQBRIbeLklwDnreH
ylbIiCzS26bhtA==
-----END CERTIFICATE-----