Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft
File:                     OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft (raw, json)
Hash identifier:          L6CA3llRFKNacW5O6FjkG3K+khUrcN85o+1gXwcZ8tA=
Subject key identifier:   95:F4:BE:87:0F:9C:45:10:75:55:A0:90:82:33:09:C6:C9:5A:1D:D9
Authority key identifier: 3A:74:E0:7C:2D:EF:CA:14:BF:2D:6C:7A:15:D5:A9:33:0D:09:37:48
Certificate issuer:       /CN=3a74e07c2defca14bf2d6c7a15d5a9330d093748
Certificate serial:       019D27DF966513D89DD2CBE0B96317B33AC4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OnTgfC3vyhS_LWx6FdWpMw0JN0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft
Manifest number:          0802
Signing time:             Thu 26 Mar 2026 02:00:57 +0000
Manifest this update:     Thu 26 Mar 2026 02:00:57 +0000
Manifest next update:     Fri 27 Mar 2026 02:00:57 +0000
Files and hashes:         1: OnTgfC3vyhS_LWx6FdWpMw0JN0g.crl (hash: LFUT9R9ZeT14BGpAk1Y1T62P1Lvl8Iq++z+WUzz6/pw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OnTgfC3vyhS_LWx6FdWpMw0JN0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:df:96:65:13:d8:9d:d2:cb:e0:b9:63:17:b3:3a:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a74e07c2defca14bf2d6c7a15d5a9330d093748
        Validity
            Not Before: Mar 26 02:00:57 2026 GMT
            Not After : Mar 27 02:00:57 2026 GMT
        Subject: CN=95f4be870f9c45107555a090823309c6c95a1dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5e:66:8e:3d:55:ce:f1:76:b5:f2:02:d6:1a:
                    84:01:d3:7e:7c:66:88:3b:12:65:f1:b9:33:92:f0:
                    f6:ee:d5:44:94:8d:8d:32:5e:84:c2:c5:9b:ea:35:
                    e4:56:7d:b2:c4:22:52:23:f4:1e:a7:79:27:ca:71:
                    f1:a1:5b:cc:19:aa:81:22:5f:73:46:be:8c:54:23:
                    bd:11:3b:2a:9b:9d:29:0c:10:a3:b6:b9:71:1a:55:
                    c2:1e:1c:52:96:c3:cf:e9:94:73:5c:73:6c:ff:2f:
                    70:da:44:4d:9c:c5:77:d3:64:a8:2f:70:23:72:dc:
                    6d:1e:c9:34:59:fc:1e:ea:37:25:d5:8b:05:cf:74:
                    82:8a:3a:b3:48:19:79:47:c0:e7:e1:97:76:a8:98:
                    32:7f:92:d5:69:4a:aa:ff:26:5f:3e:54:1f:0c:3b:
                    d2:db:1b:5e:12:93:cb:c7:d4:16:a7:54:54:83:d1:
                    7e:8b:ed:9e:6f:c7:13:a3:55:75:62:ce:49:77:85:
                    c7:9f:52:b3:22:f3:d9:a8:74:b4:e3:9a:51:7a:25:
                    dd:76:ff:a7:7f:40:3b:28:f7:df:6c:0f:f8:00:bc:
                    f7:1e:0e:f1:f4:e4:a9:03:40:c3:77:b2:20:26:51:
                    0d:1d:86:00:be:bf:59:7e:0c:33:e4:ce:42:90:98:
                    20:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F4:BE:87:0F:9C:45:10:75:55:A0:90:82:33:09:C6:C9:5A:1D:D9
            X509v3 Authority Key Identifier:
                keyid:3A:74:E0:7C:2D:EF:CA:14:BF:2D:6C:7A:15:D5:A9:33:0D:09:37:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OnTgfC3vyhS_LWx6FdWpMw0JN0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5e:96:e2:6d:c4:fd:0b:3b:43:45:a6:80:5e:1e:a4:67:25:0f:
         2f:c7:99:84:97:60:08:51:38:93:eb:6e:81:aa:a1:85:ca:a8:
         81:3b:d8:b9:16:22:bb:d5:5d:11:54:ab:b4:c7:14:04:53:89:
         fc:52:23:2a:b9:e0:db:6a:1f:30:af:f4:1d:f6:6c:10:8d:99:
         eb:bd:21:88:1c:22:d5:6e:5b:9c:25:6a:69:50:3a:d5:35:bd:
         64:55:55:41:9f:70:53:6a:22:49:94:c6:35:00:1c:c7:26:48:
         45:d1:9c:dd:ad:a2:3d:ec:ac:48:6b:fe:08:8c:20:05:ae:a2:
         13:4a:25:43:0b:c5:dc:95:08:35:04:5b:46:d7:65:29:c8:bc:
         6f:5a:e2:5a:6e:9a:c8:4c:53:00:f7:45:3e:7a:19:b8:8b:f3:
         5a:c2:97:ff:d2:8e:79:4e:ec:ca:64:ad:e5:15:2e:67:5b:a3:
         50:35:3c:6b:82:06:7c:9f:a1:a7:97:95:d5:4f:ce:06:29:50:
         43:71:ae:69:d1:0d:43:c1:d5:b8:83:b0:4b:af:0b:4e:3f:b1:
         85:d2:44:5c:34:c9:b1:9d:2e:19:be:68:30:84:c4:4d:a4:45:
         d0:8a:a5:82:21:03:47:b6:9e:8e:d8:78:91:19:d6:a2:7c:ef:
         85:f2:68:ea
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ0n35ZlE9id0svguWMXszrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNzRlMDdjMmRlZmNhMTRiZjJkNmM3YTE1ZDVhOTMzMGQw
OTM3NDgwHhcNMjYwMzI2MDIwMDU3WhcNMjYwMzI3MDIwMDU3WjAzMTEwLwYDVQQD
Eyg5NWY0YmU4NzBmOWM0NTEwNzU1NWEwOTA4MjMzMDljNmM5NWExZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr15mjj1VzvF2tfIC1hqEAdN+fGaI
OxJl8bkzkvD27tVElI2NMl6EwsWb6jXkVn2yxCJSI/Qep3knynHxoVvMGaqBIl9z
Rr6MVCO9ETsqm50pDBCjtrlxGlXCHhxSlsPP6ZRzXHNs/y9w2kRNnMV302SoL3Aj
ctxtHsk0Wfwe6jcl1YsFz3SCijqzSBl5R8Dn4Zd2qJgyf5LVaUqq/yZfPlQfDDvS
2xteEpPLx9QWp1RUg9F+i+2eb8cTo1V1Ys5Jd4XHn1KzIvPZqHS045pReiXddv+n
f0A7KPffbA/4ALz3Hg7x9OSpA0DDd7IgJlENHYYAvr9Zfgwz5M5CkJggzwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJX0vocPnEUQdVWgkIIzCcbJWh3ZMB8GA1UdIwQY
MBaAFDp04Hwt78oUvy1sehXVqTMNCTdIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25UZ2ZDM3Z5aFNfTFd4NkZkV3BNdzBKTjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NTg3ZDgtNTg5OC00NWE0LWE1ZTMt
ZDY0MmU0YjA4MWJkLzEvT25UZ2ZDM3Z5aFNfTFd4NkZkV3BNdzBKTjBnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NTg3ZDgtNTg5OC00NWE0LWE1ZTMtZDY0MmU0YjA4MWJk
LzEvT25UZ2ZDM3Z5aFNfTFd4NkZkV3BNdzBKTjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAXpbibcT9
CztDRaaAXh6kZyUPL8eZhJdgCFE4k+tugaqhhcqogTvYuRYiu9VdEVSrtMcUBFOJ
/FIjKrng22ofMK/0HfZsEI2Z670hiBwi1W5bnCVqaVA61TW9ZFVVQZ9wU2oiSZTG
NQAcxyZIRdGc3a2iPeysSGv+CIwgBa6iE0olQwvF3JUINQRbRtdlKci8b1riWm6a
yExTAPdFPnoZuIvzWsKX/9KOeU7symSt5RUuZ1ujUDU8a4IGfJ+hp5eV1U/OBilQ
Q3GuadENQ8HVuIOwS68LTj+xhdJEXDTJsZ0uGb5oMITETaRF0IqlgiEDR7aejth4
kRnWonzvhfJo6g==
-----END CERTIFICATE-----