Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          CsqLNAMZIV72QsIUYYueWHrliahqVRnb+a54jUL4MvU=
Subject key identifier:   63:1A:4E:F2:47:72:E6:57:6E:F2:28:E7:04:47:FF:FF:1A:88:27:91
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       019EBE7FC3FF2F7B9996CF6D11C8D5F52624
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          1955
Signing time:             Sat 13 Jun 2026 01:01:44 +0000
Manifest this update:     Sat 13 Jun 2026 01:01:44 +0000
Manifest next update:     Sun 14 Jun 2026 01:01:44 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: CXmRTgNKR/cNGnPxEI+I+eVT8zLcjaX0QWngllnqOzU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:be:7f:c3:ff:2f:7b:99:96:cf:6d:11:c8:d5:f5:26:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Jun 13 01:01:44 2026 GMT
            Not After : Jun 14 01:01:44 2026 GMT
        Subject: CN=631a4ef24772e6576ef228e70447ffff1a882791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b5:df:39:b7:22:82:c2:20:69:46:8f:2b:25:
                    81:bb:33:40:1c:7e:9d:ec:a6:a9:73:f8:b4:fe:bf:
                    e7:17:f1:2f:d0:4c:51:c4:e7:26:40:39:89:96:88:
                    d3:b0:ff:47:7d:c5:98:5e:99:6c:ef:9b:99:a3:3a:
                    18:b7:47:3e:61:b3:2f:d0:11:4e:a8:0c:85:7b:f5:
                    9d:3e:1d:d5:e5:df:ac:34:94:65:7c:96:76:65:97:
                    5c:5b:0b:f9:3c:fb:24:ab:43:05:2d:e7:24:76:13:
                    5b:46:30:51:72:22:2a:d9:e6:5a:f0:c6:eb:a4:41:
                    43:ef:06:6a:45:2d:b6:d3:9f:cd:36:b2:8f:e0:f5:
                    19:1c:35:7c:37:a7:8d:2d:de:2d:4d:99:ec:b5:b1:
                    a4:dc:05:57:1f:2e:3a:e0:26:40:4b:d4:be:2c:12:
                    d1:c8:3b:36:4c:31:21:b9:11:18:38:06:db:74:9b:
                    91:55:43:31:1b:16:d3:65:b9:19:5f:e3:20:a7:d5:
                    01:fd:67:15:c3:7d:04:ef:6e:f1:2c:fd:42:12:41:
                    be:4f:3a:ff:43:98:07:c9:9f:e4:36:14:ca:a0:25:
                    5f:29:5c:f1:cc:d1:9d:06:69:8b:91:10:10:d6:3f:
                    2e:da:fc:d7:57:78:9c:1a:8f:cc:17:1c:b0:2d:6b:
                    ac:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:1A:4E:F2:47:72:E6:57:6E:F2:28:E7:04:47:FF:FF:1A:88:27:91
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         97:ef:78:39:1c:ac:c1:cd:fa:52:2a:2a:3a:74:f0:9b:9f:04:
         be:e7:14:ee:6a:9e:78:c1:33:d1:21:79:b8:a5:c8:57:d8:94:
         d3:00:5a:72:18:86:4b:d3:5c:fa:40:55:fb:7b:dc:ef:6a:68:
         0a:ac:ee:95:2e:65:fc:0b:ec:5f:b1:29:d5:19:12:5f:5f:c5:
         00:12:87:9a:c8:dd:8f:54:5b:69:ec:fe:27:01:7d:ba:43:7b:
         60:bb:fd:7c:84:23:43:19:79:99:6f:e1:5f:03:23:a6:58:e3:
         03:1e:b7:7c:ce:3a:65:cf:db:a0:49:be:26:f7:a5:1c:a7:fd:
         f3:59:d4:9f:5e:cc:8d:99:f6:c6:59:4d:5e:f7:f5:a0:b7:d2:
         03:96:4e:09:06:7d:82:db:76:0a:ee:27:cc:6b:c3:74:c1:66:
         44:77:bc:e8:aa:d2:92:80:9f:f3:47:c8:4d:95:67:a3:a1:51:
         4d:13:69:c6:15:e8:d5:96:a6:90:e6:6e:2b:65:83:38:e9:cf:
         2e:41:33:75:c6:b2:f0:7f:46:a2:50:3b:a8:ba:eb:e0:7b:33:
         31:41:30:ef:ec:08:a2:e9:ed:56:80:72:e0:73:58:2e:f9:7e:
         38:80:a1:14:30:7a:97:75:7b:32:79:75:05:53:51:04:81:55:
         e3:f9:54:0b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ6+f8P/L3uZls9tEcjV9SYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjYwNjEzMDEwMTQ0WhcNMjYwNjE0MDEwMTQ0WjAzMTEwLwYDVQQD
Eyg2MzFhNGVmMjQ3NzJlNjU3NmVmMjI4ZTcwNDQ3ZmZmZjFhODgyNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrXfObcigsIgaUaPKyWBuzNAHH6d
7Kapc/i0/r/nF/Ev0ExRxOcmQDmJlojTsP9HfcWYXpls75uZozoYt0c+YbMv0BFO
qAyFe/WdPh3V5d+sNJRlfJZ2ZZdcWwv5PPskq0MFLeckdhNbRjBRciIq2eZa8Mbr
pEFD7wZqRS2205/NNrKP4PUZHDV8N6eNLd4tTZnstbGk3AVXHy464CZAS9S+LBLR
yDs2TDEhuREYOAbbdJuRVUMxGxbTZbkZX+Mgp9UB/WcVw30E727xLP1CEkG+Tzr/
Q5gHyZ/kNhTKoCVfKVzxzNGdBmmLkRAQ1j8u2vzXV3icGo/MFxywLWusqwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGMaTvJHcuZXbvIo5wRH//8aiCeRMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAl+94ORys
wc36UioqOnTwm58EvucU7mqeeMEz0SF5uKXIV9iU0wBachiGS9Nc+kBV+3vc72po
CqzulS5l/AvsX7Ep1RkSX1/FABKHmsjdj1Rbaez+JwF9ukN7YLv9fIQjQxl5mW/h
XwMjpljjAx63fM46Zc/boEm+JvelHKf981nUn17MjZn2xllNXvf1oLfSA5ZOCQZ9
gtt2Cu4nzGvDdMFmRHe86KrSkoCf80fITZVno6FRTRNpxhXo1ZamkOZuK2WDOOnP
LkEzdcay8H9GolA7qLrr4HszMUEw7+wIountVoBy4HNYLvl+OIChFDB6l3V7Mnl1
BVNRBIFV4/lUCw==
-----END CERTIFICATE-----