Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d8c868-960f-4334-a146-2b8756a098ec/1/Z7xlI-d4s702dMb5intsaL8Kju4.mft
File:                     Z7xlI-d4s702dMb5intsaL8Kju4.mft (raw, json)
Hash identifier:          SIdufCbUL+IlchnGxiPQboe5kCzIQym2sWryz/YdLFw=
Subject key identifier:   68:94:16:F4:EE:68:EB:89:A2:8C:58:BA:F1:24:F7:E6:6C:A4:5B:F4
Authority key identifier: 67:BC:65:23:E7:78:B3:BD:36:74:C6:F9:8A:7B:6C:68:BF:0A:8E:EE
Certificate issuer:       /CN=67bc6523e778b3bd3674c6f98a7b6c68bf0a8eee
Certificate serial:       019D33082FB09DAC1B5132C3DDDE1B8FE24F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7xlI-d4s702dMb5intsaL8Kju4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/d8c868-960f-4334-a146-2b8756a098ec/1/Z7xlI-d4s702dMb5intsaL8Kju4.mft
Manifest number:          A3
Signing time:             Sat 28 Mar 2026 06:01:07 +0000
Manifest this update:     Sat 28 Mar 2026 06:01:07 +0000
Manifest next update:     Sun 29 Mar 2026 06:01:07 +0000
Files and hashes:         1: Z7xlI-d4s702dMb5intsaL8Kju4.crl (hash: +m8PUArNv31EaS/5JoEchKjQjEykdQep26PW3TAzeIM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/d8c868-960f-4334-a146-2b8756a098ec/1/Z7xlI-d4s702dMb5intsaL8Kju4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/d8c868-960f-4334-a146-2b8756a098ec/1/Z7xlI-d4s702dMb5intsaL8Kju4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z7xlI-d4s702dMb5intsaL8Kju4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:33:08:2f:b0:9d:ac:1b:51:32:c3:dd:de:1b:8f:e2:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67bc6523e778b3bd3674c6f98a7b6c68bf0a8eee
        Validity
            Not Before: Mar 28 06:01:07 2026 GMT
            Not After : Mar 29 06:01:07 2026 GMT
        Subject: CN=689416f4ee68eb89a28c58baf124f7e66ca45bf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0e:34:be:ae:6b:7b:44:44:f8:32:ec:2e:2f:
                    c4:d5:6a:b6:35:c5:6f:e8:57:64:e0:d6:4a:40:c0:
                    12:50:c8:08:5c:c2:f3:97:25:f8:b9:43:62:45:86:
                    68:41:67:be:f5:c7:04:8f:5c:94:ad:f5:e4:b7:3c:
                    62:e2:5e:1f:16:48:b9:fe:0d:e7:2e:86:c5:ea:ac:
                    c0:4b:c2:56:77:7a:c3:b0:30:0d:dc:0c:8e:c7:41:
                    6d:9a:d2:b6:e6:78:a6:93:6a:a5:35:b0:2a:70:7a:
                    5b:e7:fa:84:29:31:b0:8f:02:a9:1d:8c:ea:57:d1:
                    c9:a0:48:c2:f6:59:df:40:54:d9:f4:88:2c:5f:16:
                    3b:fe:91:28:a9:73:c6:56:5c:6d:a2:e1:06:13:eb:
                    ae:f0:c8:03:2f:b1:86:9a:51:15:e9:6e:6a:67:d1:
                    d8:85:2b:6d:a7:73:ef:93:d1:28:be:a7:cd:6a:e0:
                    92:1c:d4:d5:3c:aa:8b:31:ed:a0:02:01:d5:d5:44:
                    7f:47:39:07:7f:34:f9:12:5b:0e:cd:91:33:62:23:
                    29:50:57:9b:e5:97:13:a1:ba:c2:93:e7:58:2f:b1:
                    7c:28:b8:3c:8c:16:44:d7:e0:46:6a:6b:a1:b0:b8:
                    e4:25:4d:50:9c:fc:dd:be:3f:60:9b:ef:9a:c1:65:
                    ec:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:94:16:F4:EE:68:EB:89:A2:8C:58:BA:F1:24:F7:E6:6C:A4:5B:F4
            X509v3 Authority Key Identifier:
                keyid:67:BC:65:23:E7:78:B3:BD:36:74:C6:F9:8A:7B:6C:68:BF:0A:8E:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7xlI-d4s702dMb5intsaL8Kju4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d8c868-960f-4334-a146-2b8756a098ec/1/Z7xlI-d4s702dMb5intsaL8Kju4.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d8c868-960f-4334-a146-2b8756a098ec/1/Z7xlI-d4s702dMb5intsaL8Kju4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6f:04:61:42:40:58:bf:da:8f:10:68:36:90:2f:f6:8b:b3:a3:
         78:83:c0:4b:ef:d5:e0:03:a3:05:03:15:79:f0:0a:e9:9a:77:
         bd:aa:43:43:8e:05:3f:66:dc:d0:d2:46:ef:93:a9:2c:d8:76:
         39:7a:f6:70:49:8a:59:78:d0:a8:33:8a:9e:34:ca:bb:0d:b0:
         50:00:64:7e:41:64:54:67:f7:99:41:63:cb:ff:1c:13:9f:52:
         4b:f8:3f:a9:f0:b8:c9:68:9c:59:27:56:d5:09:ce:62:24:68:
         ea:1c:be:dc:f5:53:f7:d6:08:b8:04:3d:0c:c2:fb:fa:38:8d:
         dc:ee:82:52:72:8a:e6:60:92:56:9e:21:32:1e:ce:b3:e1:d1:
         df:91:d9:2a:dc:15:5e:08:d0:b0:13:69:0e:9c:bc:cd:71:71:
         18:19:95:8a:ec:f1:f4:e0:45:ea:da:4f:e6:dd:2d:95:9c:8d:
         28:a8:e6:7b:24:4f:7d:c3:47:2f:cf:45:c6:d7:f8:5e:18:e5:
         8e:db:aa:1d:11:c9:07:15:43:d9:7f:8f:78:ba:c5:0f:9f:8a:
         6d:2d:6c:b2:c6:2a:6a:9f:78:ba:3f:10:7c:81:5d:d0:74:66:
         7e:a7:8d:f2:a9:e9:b3:d0:c1:9a:58:df:a7:70:91:56:01:95:
         23:30:54:be
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0zCC+wnawbUTLD3d4bj+JPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YmM2NTIzZTc3OGIzYmQzNjc0YzZmOThhN2I2YzY4YmYw
YThlZWUwHhcNMjYwMzI4MDYwMTA3WhcNMjYwMzI5MDYwMTA3WjAzMTEwLwYDVQQD
Eyg2ODk0MTZmNGVlNjhlYjg5YTI4YzU4YmFmMTI0ZjdlNjZjYTQ1YmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA40vq5re0RE+DLsLi/E1Wq2NcVv
6Fdk4NZKQMASUMgIXMLzlyX4uUNiRYZoQWe+9ccEj1yUrfXktzxi4l4fFki5/g3n
LobF6qzAS8JWd3rDsDAN3AyOx0FtmtK25nimk2qlNbAqcHpb5/qEKTGwjwKpHYzq
V9HJoEjC9lnfQFTZ9IgsXxY7/pEoqXPGVlxtouEGE+uu8MgDL7GGmlEV6W5qZ9HY
hSttp3Pvk9EovqfNauCSHNTVPKqLMe2gAgHV1UR/RzkHfzT5ElsOzZEzYiMpUFeb
5ZcTobrCk+dYL7F8KLg8jBZE1+BGamuhsLjkJU1QnPzdvj9gm++awWXs8QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGiUFvTuaOuJooxYuvEk9+ZspFv0MB8GA1UdIwQY
MBaAFGe8ZSPneLO9NnTG+Yp7bGi/Co7uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjd4bEktZDRzNzAyZE1iNWludHNhTDhLanU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kOGM4NjgtOTYwZi00MzM0LWExNDYt
MmI4NzU2YTA5OGVjLzEvWjd4bEktZDRzNzAyZE1iNWludHNhTDhLanU0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kOGM4NjgtOTYwZi00MzM0LWExNDYtMmI4NzU2YTA5OGVj
LzEvWjd4bEktZDRzNzAyZE1iNWludHNhTDhLanU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAbwRhQkBY
v9qPEGg2kC/2i7OjeIPAS+/V4AOjBQMVefAK6Zp3vapDQ44FP2bc0NJG75OpLNh2
OXr2cEmKWXjQqDOKnjTKuw2wUABkfkFkVGf3mUFjy/8cE59SS/g/qfC4yWicWSdW
1QnOYiRo6hy+3PVT99YIuAQ9DML7+jiN3O6CUnKK5mCSVp4hMh7Os+HR35HZKtwV
XgjQsBNpDpy8zXFxGBmViuzx9OBF6tpP5t0tlZyNKKjmeyRPfcNHL89Fxtf4Xhjl
jtuqHRHJBxVD2X+PeLrFD5+KbS1sssYqap94uj8QfIFd0HRmfqeN8qnps9DBmljf
p3CRVgGVIzBUvg==
-----END CERTIFICATE-----