Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
File:                     520NqzR6OOK4e1oiovfJ4hwYybw.mft (raw, json)
Hash identifier:          YLDQR6a3O5gRdWpwFNtRn1eC3oknlZJOkVZAnkuYEZM=
Subject key identifier:   2C:FF:3D:93:9F:B0:4A:12:84:4F:05:6B:9D:97:92:59:FC:DC:E8:8C
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       019CAA591615F1D3DF1A480AC90EBB693126
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
Manifest number:          1333
Signing time:             Sun 01 Mar 2026 17:01:30 +0000
Manifest this update:     Sun 01 Mar 2026 17:01:30 +0000
Manifest next update:     Mon 02 Mar 2026 17:01:30 +0000
Files and hashes:         1: 1dfOhFGT4Rz19mHWVabW0kWxTss.roa (hash: Rjg1gNguWYpEwGKvfk1H+hd0eMsqKT2A4N+C2/8Q+uQ=)
                          2: 520NqzR6OOK4e1oiovfJ4hwYybw.crl (hash: AYBYlfLVQRBDvKZX8TFPvQIIGyfkO4OyabgnkUqIJ9I=)
                          3: 7EPxlfzuNdNfziGNw3Hj7EoZj1Q.roa (hash: fYUfx118C/cw672kHDWSH3DD1Ik9WuMEeaQ/qAV9tYE=)
                          4: 9EzrkfCb3685-QENXXhTIl2uZz4.roa (hash: 4o0MB77YQKRQiZHQrZxR1nkb/HsRFN1Kq0iR4K53WZA=)
                          5: DVIKLwP8b0UVJE_X0Zz4hLCMFmU.roa (hash: 2ROrixfhF0UtgJihhtThPaEztRX+VVHt8WTM1ZfZQ1o=)
                          6: Fn3txwFOnsHfJqp3dmOvAMcvgHc.roa (hash: 0tFPd6mFP89u9IcgrQmVyEuYoDxe9S4zwwRr4qndNks=)
                          7: RqZv9lI-beWajs98dICrEK2DwUM.roa (hash: z0DWSEDfb+oWc/lkT9R9ehjWWb2y0A0CPcHglnAYRf8=)
                          8: Ud0XI3ub85_CL2l55YZW3cXrctA.roa (hash: 2gMJyy7om8/uY1IqvCz0ubvDeUV63nAu6cUom48+3U0=)
                          9: ao5k8aMHz2Rr-UFohnKN0Vsy0ts.roa (hash: qeXz8tDdKItxGK8qtWsvUAbM0Ooz+MmMiDN8cvBIyTQ=)
                          10: bbXWGNkALy-ajnXnVwsq6VcslC8.roa (hash: lOmBCerqz+GglurufDI5e+15DQVwzjxcTvAfkACkLYE=)
                          11: jTMEUhkl6sKPDlW6gGgXZsH4VwQ.roa (hash: bLe2Zk8IquF+7aI/fXPQxZklmLIeFhH3W5DkdYCydQA=)
                          12: r-NoE_XHTABnwPRM9GdFHoEeHJo.roa (hash: qsD5Rt9CKRxXFQG5JSeN7cqv7sQvsG2HbFGsWmdhdi8=)
                          13: rIIpXZCn7E3HgJjpCaYYUR4k6ZI.roa (hash: Vvylnj2QqF4AFfq4GCTBxANmDk4TfXB5W5GNlTLI/Qw=)
                          14: rp3l1DRMo7bxNlcekPEumkx_Cu4.roa (hash: cvH000yVT30CU4NGwC5k2pFAaWGJcYLG4wfqKOyLWIU=)
                          15: s9E0mrs6RE5G3diI6qJ2dNaQlCY.roa (hash: ALHEFczsxrK3P9zm6czuHQOWsz9Vxib3j6fIwRLXdsA=)
                          16: smuPovOHBHHaIAv32qcc0ZyhNkQ.roa (hash: HcQ/8p3eoCWjnnKfMtVzm8focRBIq46dCnVV7vdjMxQ=)
                          17: v94LL-qGGgahldRNvzQc-ZVS3KI.roa (hash: a3YAXYAGQiNiI/eRCe9RKvTaP1hHvgR2d27wk4bq6Cw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:59:16:15:f1:d3:df:1a:48:0a:c9:0e:bb:69:31:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Mar  1 17:01:30 2026 GMT
            Not After : Mar  2 17:01:30 2026 GMT
        Subject: CN=2cff3d939fb04a12844f056b9d979259fcdce88c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:a0:8c:1b:43:85:e8:c1:15:38:cc:08:1e:ac:
                    25:4f:b6:c5:8c:00:27:5a:c7:37:e8:b6:af:0b:58:
                    25:d2:c9:51:07:23:cb:0a:63:46:f1:a3:01:f8:44:
                    6d:2a:5a:b7:40:58:0a:bc:ec:39:dc:dc:0b:9e:ec:
                    a2:e2:d3:c9:b0:28:62:ba:0f:58:ab:b7:d4:70:66:
                    2d:96:14:7d:9d:df:0c:56:10:28:72:32:05:ee:25:
                    a2:89:54:ef:3c:bc:d5:6f:6d:a3:1a:9a:fc:19:22:
                    d6:9c:0a:56:21:de:7f:38:b7:2a:1e:3a:d3:ee:64:
                    28:d2:4b:b2:77:99:ab:17:d1:78:be:a9:37:86:62:
                    9d:5b:49:75:e8:7c:68:be:e1:e8:de:cc:5a:cf:3d:
                    df:a9:8b:f0:5e:f8:c3:3a:fc:db:9f:28:27:fd:d3:
                    ca:b9:c0:98:d4:65:e8:10:4c:f1:a5:f0:39:34:58:
                    dc:e4:1b:be:4d:fa:ea:37:94:8a:e5:8d:ef:ad:47:
                    5d:90:c1:44:63:18:b3:47:f1:2a:3a:8f:98:9c:5a:
                    1d:e3:f4:88:3a:ce:85:a5:c0:a9:62:24:fc:fb:45:
                    c6:9e:bb:37:5f:a7:4c:c2:c9:3a:6b:c0:2a:97:c5:
                    ad:0b:17:34:33:e4:51:0d:d6:3b:6e:7a:fe:cc:10:
                    e6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:FF:3D:93:9F:B0:4A:12:84:4F:05:6B:9D:97:92:59:FC:DC:E8:8C
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5c:c1:93:05:26:c6:ac:d4:51:2d:aa:24:7f:bc:fb:68:e1:02:
         42:e1:ae:f6:51:75:d8:ab:11:b0:2b:76:20:cf:41:3e:dc:c7:
         60:e2:f0:10:3e:05:2f:31:13:53:f4:27:b8:18:f1:31:4e:29:
         8e:de:14:58:0a:4c:01:8e:f6:2c:f0:90:7c:4c:35:ba:73:76:
         4b:bc:51:49:e8:7a:e7:54:af:3d:5d:af:88:60:57:3c:1b:e4:
         92:c6:f3:3e:32:c0:da:2f:e6:db:10:1f:d6:89:9b:4a:b7:e4:
         4a:21:5b:dc:83:fb:2e:8d:b2:51:93:df:2c:76:12:3e:d3:db:
         31:fd:8e:1c:78:3d:6e:a0:6c:58:37:fc:c3:63:50:00:70:62:
         03:a9:65:e7:94:5a:3e:23:47:7f:76:b5:38:2a:fa:3f:12:3d:
         6a:22:fd:fa:91:3c:7f:5d:28:4a:b2:95:02:e9:ed:13:4c:28:
         01:92:62:28:05:94:d9:e4:17:f1:85:65:0d:5b:ca:8c:71:6f:
         ae:df:15:14:53:bc:29:9c:a8:b7:46:10:33:93:7e:d6:dd:d3:
         fb:ce:c9:32:23:1c:4c:8c:96:a0:23:82:90:f4:ba:97:e5:29:
         53:e4:8d:09:38:79:28:d6:f6:b3:bb:58:93:e8:d6:d5:f1:00:
         d3:e1:31:4a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZyqWRYV8dPfGkgKyQ67aTEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjYwMzAxMTcwMTMwWhcNMjYwMzAyMTcwMTMwWjAzMTEwLwYDVQQD
EygyY2ZmM2Q5MzlmYjA0YTEyODQ0ZjA1NmI5ZDk3OTI1OWZjZGNlODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6KCMG0OF6MEVOMwIHqwlT7bFjAAn
Wsc36LavC1gl0slRByPLCmNG8aMB+ERtKlq3QFgKvOw53NwLnuyi4tPJsChiug9Y
q7fUcGYtlhR9nd8MVhAocjIF7iWiiVTvPLzVb22jGpr8GSLWnApWId5/OLcqHjrT
7mQo0kuyd5mrF9F4vqk3hmKdW0l16HxovuHo3sxazz3fqYvwXvjDOvzbnygn/dPK
ucCY1GXoEEzxpfA5NFjc5Bu+TfrqN5SK5Y3vrUddkMFEYxizR/EqOo+YnFod4/SI
Os6FpcCpYiT8+0XGnrs3X6dMwsk6a8Aql8WtCxc0M+RRDdY7bnr+zBDmuwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCz/PZOfsEoShE8Fa52Xkln83OiMMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAXMGTBSbG
rNRRLaokf7z7aOECQuGu9lF12KsRsCt2IM9BPtzHYOLwED4FLzETU/QnuBjxMU4p
jt4UWApMAY72LPCQfEw1unN2S7xRSeh651SvPV2viGBXPBvkksbzPjLA2i/m2xAf
1ombSrfkSiFb3IP7Lo2yUZPfLHYSPtPbMf2OHHg9bqBsWDf8w2NQAHBiA6ll55Ra
PiNHf3a1OCr6PxI9aiL9+pE8f10oSrKVAuntE0woAZJiKAWU2eQX8YVlDVvKjHFv
rt8VFFO8KZyot0YQM5N+1t3T+87JMiMcTIyWoCOCkPS6l+UpU+SNCTh5KNb2s7tY
k+jW1fEA0+ExSg==
-----END CERTIFICATE-----