Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
File:                     Us2aZRLb8lpfGbgn16LH4iou6N0.mft (raw, json)
Hash identifier:          Aps/GX+AumXffDLjSJyWofev2E7Ing8N3cq3GL/RmnA=
Subject key identifier:   9B:B7:6F:76:7B:54:31:F7:D9:5F:78:0B:B9:DE:B6:F7:D8:A5:52:D0
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       019D269662262840149C1EA14B8262224A0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
Manifest number:          0B51
Signing time:             Wed 25 Mar 2026 20:01:22 +0000
Manifest this update:     Wed 25 Mar 2026 20:01:22 +0000
Manifest next update:     Thu 26 Mar 2026 20:01:22 +0000
Files and hashes:         1: 3JNAFPmuRusA7_P1cHUrpNc8ZWQ.roa (hash: zKy+aXsrA8Z978tqaQi0ynXqJW9mllBBtqQYt4mz8gc=)
                          2: 3eP-ZYKR74zQteZxg-jYK68KuKU.roa (hash: rI+Q6O08EYSoWZw7Ks588qVsTWbvSuHUC1dp2GQPsEg=)
                          3: 6ez8s1YBp2TYVVuKcqGU9mGsJLQ.roa (hash: iFltius3SHf/ctu10YpbCgn/dFGwWU60BbGiBMv1N44=)
                          4: Px4XmExl2QONyqSP6s8-qLoIeoI.roa (hash: reA0XoIHBbZsGAjNzRWT9dW+9757Ms5dgcUGYfnrDi8=)
                          5: SY0oaouPknTSy2MmGqSQOcOco4Q.roa (hash: HRxdYO/Iechw+UCcupxpKvFHOwFwn4JRjC6eMfFT/dQ=)
                          6: TQgAk-kjCmuvz2eqWr757vit-aI.roa (hash: lmDr2ZoodOyQIYq1JnmRLGHdUSfi5+BCh4SAfh571Mk=)
                          7: Us2aZRLb8lpfGbgn16LH4iou6N0.crl (hash: ml0PvEbzo2itrBmLYpD2r8qpgvGOvFwyCH3qnHsEHiU=)
                          8: b4bnSjrxkGqwlr0zkoxcOijmFkc.roa (hash: fQuLS072q+zjmBm2EgGlUmemoEePNKD15HIZM6Eyfw4=)
                          9: eNrRny52Eiu7YfDMlBGjKC4VVI0.roa (hash: cPx5AwXrpFAEKzDlA+d9QlLxdKd+eCrpsk0lWaPywAs=)
                          10: hlAbpQnKYaIDHrjCT-1lNBwSXu0.roa (hash: BILz2oAMGgMF6vZP6W3jaxaaHIODVkHC+m/GaL33QlM=)
                          11: kPZtrooPlOyF8jQupuEU9Gy1bJQ.roa (hash: KtcI+6F6qPHzsOZYQ0EOD+pODuibLz2OAgS4M/a6Aq4=)
                          12: oLlQgePRk9yvcOlL0Fl_a56u9H4.roa (hash: Wqock9cGRbZPQGtCkafIuYZm7FqajUuA17fJ83OGRks=)
                          13: otDdauzK1pDpIELnjnezw5Wgbks.roa (hash: PkYGbseDQrN+XnOme6deJeEpgE/JFmyzszNd7IeDEBs=)
                          14: qPI1ggc-eoyI91LAejwAAyCD3rI.roa (hash: tWlcYblK/ohLjpwsq6RKKOq9sGO2SDlm/NJl1KT1Ji8=)
                          15: qyLbFsRIe8Jd6sG2DI_BiTtP7io.roa (hash: yTz+vrd5+uJTzoZ6RiYw+CeRxkudUElCAIqfmUpkz54=)
                          16: vMyjTCsIRe0V7qqYSqRKgQhGULM.roa (hash: V42mkCmxs+ZvZ6Tmc6moy5eFcyohGVGWyhDhVpPXGok=)
                          17: xp9MuE3K7E-Sb2HgnwhKc3yErto.roa (hash: 9FJKEkYOHXVi/GiMh+ZQtwPZthuSJbC+u80wUEZ5uBo=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:26:96:62:26:28:40:14:9c:1e:a1:4b:82:62:22:4a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Mar 25 20:01:22 2026 GMT
            Not After : Mar 26 20:01:22 2026 GMT
        Subject: CN=9bb76f767b5431f7d95f780bb9deb6f7d8a552d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:39:3d:74:5d:8f:8b:36:b7:24:e3:e8:c6:d9:
                    f7:c7:ee:01:1b:0a:13:e5:c5:aa:1f:0f:d1:2f:aa:
                    74:36:c3:79:62:35:a7:1d:25:86:14:ab:e4:0c:3c:
                    6e:08:29:66:74:8c:36:c9:24:65:9a:38:bb:14:d9:
                    33:a1:f9:6d:d8:32:b7:39:fd:f6:af:c2:8f:54:62:
                    35:99:ba:79:4a:5b:da:d5:dc:94:3c:f7:e1:f4:b9:
                    64:fa:bd:ae:b9:dd:58:3e:c1:db:38:fa:f6:c2:5a:
                    2a:03:71:10:35:5c:68:5f:30:5c:ae:f5:0c:f2:d5:
                    49:41:20:cd:70:8b:ca:68:5a:3b:f0:40:a4:2e:53:
                    76:6c:f1:7e:2e:af:7b:02:92:17:f4:7c:d1:21:84:
                    d1:1e:8b:f0:bb:26:77:80:fc:f5:cf:de:74:c1:b6:
                    8d:8b:72:2a:f6:4e:5c:17:81:a2:3c:4f:28:c5:ea:
                    82:f4:68:1d:33:26:4c:1b:61:11:14:7d:0f:28:b9:
                    28:dd:cc:6f:bb:13:a8:a2:0a:1f:e6:d1:3d:44:5d:
                    e6:f2:b4:47:3d:0c:d9:9a:40:f9:f4:8a:6e:63:14:
                    44:e9:6a:cc:6a:b6:7e:ec:d3:e7:2a:c5:92:88:28:
                    fd:22:7d:05:0f:10:1b:48:45:37:b2:13:fa:be:9f:
                    2e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B7:6F:76:7B:54:31:F7:D9:5F:78:0B:B9:DE:B6:F7:D8:A5:52:D0
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         2d:88:71:03:e5:22:08:5a:a5:26:97:5e:29:10:b7:65:dc:82:
         dc:78:a8:2d:15:48:fe:7b:b7:b3:4c:89:af:7b:14:fa:6e:a1:
         f7:7e:9e:72:ec:16:02:c1:27:13:06:c9:b9:b7:11:19:a9:2a:
         79:df:08:9c:f8:c5:e2:2e:77:cb:93:f3:c4:ba:d9:09:51:66:
         a7:dc:54:ed:21:1c:ac:bc:02:e0:d5:b3:f9:a1:9a:0d:e6:a9:
         b9:7d:70:8f:51:b6:e7:62:23:5a:93:68:25:7e:d5:84:f4:c2:
         6e:08:73:d5:37:76:86:ee:d4:65:e2:61:0e:4c:2d:62:e9:7b:
         8d:2b:31:a0:12:f7:95:c5:a7:ba:5c:34:ce:65:1a:92:9d:e6:
         15:15:c8:82:88:f1:2a:57:3d:64:fd:8f:cc:e1:b0:a5:42:dd:
         11:eb:16:fb:48:24:1d:fb:91:91:3b:48:cd:a3:ba:f1:ab:1b:
         3b:08:4e:ad:c8:df:1c:c3:13:aa:7b:bc:a1:b6:29:6b:89:1d:
         e6:7c:5f:15:1c:de:25:dd:dc:4b:39:45:68:ef:dd:80:08:32:
         1b:0a:74:b0:ad:cf:4f:c8:85:21:ff:d0:6f:1b:7c:78:66:e2:
         7f:26:ec:5d:4c:76:c1:06:c2:e4:0f:14:93:b0:42:5c:ff:cd:
         87:c4:11:4e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0mlmImKEAUnB6hS4JiIkoPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjYwMzI1MjAwMTIyWhcNMjYwMzI2MjAwMTIyWjAzMTEwLwYDVQQD
Eyg5YmI3NmY3NjdiNTQzMWY3ZDk1Zjc4MGJiOWRlYjZmN2Q4YTU1MmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzk9dF2Piza3JOPoxtn3x+4BGwoT
5cWqHw/RL6p0NsN5YjWnHSWGFKvkDDxuCClmdIw2ySRlmji7FNkzoflt2DK3Of32
r8KPVGI1mbp5Slva1dyUPPfh9Llk+r2uud1YPsHbOPr2wloqA3EQNVxoXzBcrvUM
8tVJQSDNcIvKaFo78ECkLlN2bPF+Lq97ApIX9HzRIYTRHovwuyZ3gPz1z950wbaN
i3Iq9k5cF4GiPE8oxeqC9GgdMyZMG2ERFH0PKLko3cxvuxOoogof5tE9RF3m8rRH
PQzZmkD59IpuYxRE6WrMarZ+7NPnKsWSiCj9In0FDxAbSEU3shP6vp8uvwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJu3b3Z7VDH32V94C7netvfYpVLQMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEALYhxA+Ui
CFqlJpdeKRC3ZdyC3HioLRVI/nu3s0yJr3sU+m6h936ecuwWAsEnEwbJubcRGakq
ed8InPjF4i53y5PzxLrZCVFmp9xU7SEcrLwC4NWz+aGaDeapuX1wj1G252IjWpNo
JX7VhPTCbghz1Td2hu7UZeJhDkwtYul7jSsxoBL3lcWnulw0zmUakp3mFRXIgojx
Klc9ZP2PzOGwpULdEesW+0gkHfuRkTtIzaO68asbOwhOrcjfHMMTqnu8obYpa4kd
5nxfFRzeJd3cSzlFaO/dgAgyGwp0sK3PT8iFIf/Qbxt8eGbifybsXUx2wQbC5A8U
k7BCXP/Nh8QRTg==
-----END CERTIFICATE-----