Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
File:                     71fC2dk6x8-bLxfKp4WbaYWzm50.mft (raw, json)
Hash identifier:          0aofE2x3XulHOwH+18uijZ/VmpEyd2wWnfBKBEQyVUo=
Subject key identifier:   C5:2D:78:67:8D:BF:9A:20:9F:F3:4A:6A:9F:62:00:29:62:0C:EA:81
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       019D2772A212A5BCF497B7CEACDC07E8FF78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
Manifest number:          14CE
Signing time:             Thu 26 Mar 2026 00:01:57 +0000
Manifest this update:     Thu 26 Mar 2026 00:01:57 +0000
Manifest next update:     Fri 27 Mar 2026 00:01:57 +0000
Files and hashes:         1: 2ngTJwoTyX1Nz5fKPJKsViXxDHk.roa (hash: Ir7bv4VELFAPGwsqBM/ur+v9Fopro+iM13JltIh4cX4=)
                          2: 6rWzroD3N7hgAXbNo3yuEEQJsfI.roa (hash: E8YwvFkIVbhynhPsVej9fShdrkMGkyiT775U87D7jFU=)
                          3: 71fC2dk6x8-bLxfKp4WbaYWzm50.crl (hash: KlvkmggsPtuCkZmh9voe/CF6aFiKCr6htR7Pdk/4n4I=)
                          4: 7G49o5z8bi7Lcd53h1h0bVLCJZ4.roa (hash: xDGbGchiaLKjcl8d608rUMISo9V9+y1tYFZNtiJzodk=)
                          5: LEPIREdkNINi3YsArD5Iqz6JZKw.roa (hash: u5xGsEDr0cKb/8SFVnNCp/maWigXZl2skRgwHSiizuc=)
                          6: MhN5MRvvgoofpuFJ5m4YLHyq3Nc.roa (hash: NsITOI3k4qxMk9t6uldTtNFi2z9FnXsMOLB/akZmaQE=)
                          7: OoWh-cPJxIo9-JnYWW14PlGkMmw.roa (hash: cwPQ8D+hZiBjw4HTvZt5RVfnCwIHlW6ts6eZs3ca5ro=)
                          8: SFT1d23h5s56wOshvucHEdfHMus.roa (hash: VF+VBV1f8xNTi+BzW8c6Ab0X5I99oWpbTy8oGRDDLo4=)
                          9: WGjiujLOuuOMzeq5qZIClszPW1M.roa (hash: O/EAhkWdzhGmiMAnV0b4Fh9oCWFKJcMW6EgTymaPAQY=)
                          10: Y6USBv7EsN_hgdgW0uW5KbpmRN4.roa (hash: tv5XftYxR3URBlazOVai0U6SyL0OPoC8TTkoFI5KZuM=)
                          11: cJiubHQvHYR5Esd1XVcnoAH7nVc.roa (hash: FMFv+8H/z6shQKfY24LWmw315shSovkbNLpCdkTVVts=)
                          12: fxFIclzOclkDebowO2HCdBIp7JU.roa (hash: kKrwCtFqATS4Q0FX0wGNL2DdvolnBDZchK0yi2jbTGw=)
                          13: hOLoSAjKi_Ysduv-PJ2ejNql5Ok.roa (hash: lHppC78Yz/GWXK8KxKeoOvZZKZRlVzNZc6B6F5euHEc=)
                          14: lQ3OWX0myb8uFOtmBUqCeb2oHhA.roa (hash: bhpFnL+TI2NRedv8XMlX+BIC3gSuHb2XvhJF/GSwAJE=)
                          15: lfuF0jCiq554Dy69uuASsTOPZ58.roa (hash: 6OAF0vEeoAJWYtA3vCDPsWGl38QU6NBLN+OCMZmyOUQ=)
                          16: xgcIl72OMRsTXzMLl7PIGrHb2sQ.roa (hash: 2SWmpy8UdVqECkthus0V0cF6NslAcNvMaIDq36UHafw=)
                          17: yJInE-fPhdu-ABKOdKIoShinhzo.roa (hash: skD34yjii/PhcEF3U0syiUJjraUYJpJM6Jt4QrA1zs8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:72:a2:12:a5:bc:f4:97:b7:ce:ac:dc:07:e8:ff:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Mar 26 00:01:57 2026 GMT
            Not After : Mar 27 00:01:57 2026 GMT
        Subject: CN=c52d78678dbf9a209ff34a6a9f620029620cea81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0b:67:2c:d8:12:9f:b7:a0:91:e8:76:37:a6:
                    ac:93:b8:cc:87:b8:f3:b3:ac:50:01:cf:a1:3c:af:
                    d5:88:3f:25:ba:fa:ab:db:af:dd:65:83:07:22:07:
                    40:a3:9a:60:3a:7c:cd:e9:da:55:8f:33:02:fc:4b:
                    62:3c:9a:af:fe:71:d8:08:c4:86:55:b5:76:df:9d:
                    93:1e:00:77:85:db:44:dc:24:eb:9a:e2:68:4f:76:
                    3f:f4:a1:80:70:9b:05:ce:3c:b5:56:3f:43:d3:06:
                    b5:1b:4a:71:cf:5f:c6:8e:ce:d7:ea:8f:c7:b3:74:
                    7e:19:8f:2c:65:20:21:ce:e9:32:06:06:09:d0:49:
                    43:da:2b:21:22:2a:fd:64:05:1b:2e:18:8e:a0:6b:
                    85:80:4f:14:0e:ae:8d:b1:c8:61:4d:55:7a:ee:ff:
                    68:96:83:c2:89:42:4f:93:3a:45:3c:5c:36:b2:b4:
                    2a:21:e0:6a:6f:3e:e5:64:cd:ce:69:8c:41:f1:e7:
                    c4:95:39:34:7c:7f:8d:31:2b:a1:7c:09:be:6a:56:
                    34:b8:ad:51:63:e0:b1:8f:e8:8a:4b:16:c8:fb:85:
                    42:33:bb:dd:5c:2a:1d:c4:e6:33:77:07:c8:c4:78:
                    c0:2f:09:61:5b:59:c1:6e:55:20:f3:c1:d2:9d:7b:
                    b3:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:2D:78:67:8D:BF:9A:20:9F:F3:4A:6A:9F:62:00:29:62:0C:EA:81
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1d:a2:8c:49:51:d5:80:94:18:26:86:a4:53:16:b6:55:19:2a:
         51:49:f6:4e:0e:40:bf:5a:67:bc:c3:1d:ac:bf:34:db:02:50:
         49:a2:68:d8:4d:ba:33:5d:9e:e2:a3:05:e7:c9:69:e9:dd:2b:
         bd:b4:62:4c:0a:b9:f8:97:20:bc:ff:8d:73:85:a4:17:55:66:
         fb:95:5c:31:76:cd:c8:97:bd:1c:94:a9:21:f8:64:36:53:db:
         f4:37:61:69:67:7e:43:7e:17:09:f0:35:af:11:88:35:4d:a7:
         b0:08:dd:1a:1b:72:ec:47:f8:ad:37:27:64:7c:7a:4d:f7:46:
         92:75:b0:41:61:2a:64:c0:8d:20:f8:db:91:b9:e6:29:1d:a9:
         e9:25:9e:ef:98:ad:fa:c0:3a:aa:13:86:67:78:0c:f8:a1:fe:
         7c:0b:25:99:cc:10:36:1d:97:84:94:73:28:03:05:c0:8d:76:
         80:a2:e8:f8:ac:16:f6:d6:99:f6:ea:42:16:c8:61:6c:e2:76:
         e0:c2:87:f8:50:28:49:63:7e:8d:79:c0:ca:63:be:a6:d2:1f:
         2d:df:a7:c0:9c:52:4c:bb:4c:cf:2b:06:7e:f4:b3:20:33:ff:
         e5:6b:ea:2e:ef:4a:45:87:ce:94:2f:05:18:66:94:80:d9:ca:
         ed:22:b5:88
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0ncqISpbz0l7fOrNwH6P94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjYwMzI2MDAwMTU3WhcNMjYwMzI3MDAwMTU3WjAzMTEwLwYDVQQD
EyhjNTJkNzg2NzhkYmY5YTIwOWZmMzRhNmE5ZjYyMDAyOTYyMGNlYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQtnLNgSn7egkeh2N6ask7jMh7jz
s6xQAc+hPK/ViD8luvqr26/dZYMHIgdAo5pgOnzN6dpVjzMC/EtiPJqv/nHYCMSG
VbV2352THgB3hdtE3CTrmuJoT3Y/9KGAcJsFzjy1Vj9D0wa1G0pxz1/Gjs7X6o/H
s3R+GY8sZSAhzukyBgYJ0ElD2ishIir9ZAUbLhiOoGuFgE8UDq6NschhTVV67v9o
loPCiUJPkzpFPFw2srQqIeBqbz7lZM3OaYxB8efElTk0fH+NMSuhfAm+alY0uK1R
Y+Cxj+iKSxbI+4VCM7vdXCodxOYzdwfIxHjALwlhW1nBblUg88HSnXuz5wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMUteGeNv5ogn/NKap9iACliDOqBMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAHaKMSVHV
gJQYJoakUxa2VRkqUUn2Tg5Av1pnvMMdrL802wJQSaJo2E26M12e4qMF58lp6d0r
vbRiTAq5+JcgvP+Nc4WkF1Vm+5VcMXbNyJe9HJSpIfhkNlPb9DdhaWd+Q34XCfA1
rxGINU2nsAjdGhty7Ef4rTcnZHx6TfdGknWwQWEqZMCNIPjbkbnmKR2p6SWe75it
+sA6qhOGZ3gM+KH+fAslmcwQNh2XhJRzKAMFwI12gKLo+KwW9taZ9upCFshhbOJ2
4MKH+FAoSWN+jXnAymO+ptIfLd+nwJxSTLtMzysGfvSzIDP/5WvqLu9KRYfOlC8F
GGaUgNnK7SK1iA==
-----END CERTIFICATE-----