Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
File:                     2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft (raw, json)
Hash identifier:          NU4Q1FgN+uK/PMPTMbvN5wE6NVOFNQYnVSW5d2J2s8s=
Subject key identifier:   74:E7:06:C8:E6:16:29:9C:42:D0:FE:E8:D1:E2:A9:F0:DA:F2:6C:2F
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       019D97AAB37F0388823C195BBC07866CF7A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
Manifest number:          18D8
Signing time:             Thu 16 Apr 2026 19:00:39 +0000
Manifest this update:     Thu 16 Apr 2026 19:00:39 +0000
Manifest next update:     Fri 17 Apr 2026 19:00:39 +0000
Files and hashes:         1: 2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl (hash: iZO4AJG0ZsfDvr4z+JpsuVJnMQ9BbRRz7uZ5Hdxe1E8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:aa:b3:7f:03:88:82:3c:19:5b:bc:07:86:6c:f7:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Apr 16 19:00:39 2026 GMT
            Not After : Apr 17 19:00:39 2026 GMT
        Subject: CN=74e706c8e616299c42d0fee8d1e2a9f0daf26c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3c:73:27:ae:9d:b3:1e:4f:ab:da:92:82:a3:
                    25:95:2b:5a:6f:a9:11:ae:a4:f8:06:41:e6:85:99:
                    57:5c:0f:ac:5b:a6:1e:7c:30:ed:89:52:46:49:9c:
                    05:c8:9e:9e:5c:8b:4c:e7:59:d1:5b:f1:df:06:e8:
                    19:fe:c5:67:3e:19:c9:c2:7e:8e:ca:58:51:c9:34:
                    c0:bc:2d:00:d6:72:d2:8b:8a:17:f6:5d:a4:6f:19:
                    95:f3:6f:c2:65:5e:47:1e:76:bb:ff:5a:87:59:18:
                    eb:80:66:e4:8c:68:21:23:b7:2c:5c:38:c4:ff:e6:
                    e8:e0:8e:40:2c:26:60:be:8f:ee:41:c3:8c:12:c2:
                    c5:34:f0:e7:6e:55:d5:61:e5:79:37:d1:9e:d6:d1:
                    e8:d1:74:4b:12:8b:3b:33:74:0b:34:46:05:4b:2f:
                    cf:a8:b0:55:b1:37:de:04:b5:e0:a6:94:ee:bd:23:
                    26:54:fd:b4:1a:43:1b:a1:64:62:eb:0a:34:31:37:
                    e1:24:bd:4a:46:0f:d4:22:a8:6f:56:13:54:44:be:
                    ff:be:f5:5f:2c:ef:47:ad:55:ba:e9:98:d6:56:96:
                    22:a7:aa:02:16:ce:76:bf:c7:8b:16:e0:8d:4c:01:
                    1d:3d:82:27:07:92:86:2c:b7:08:78:da:17:19:b1:
                    b3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E7:06:C8:E6:16:29:9C:42:D0:FE:E8:D1:E2:A9:F0:DA:F2:6C:2F
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         14:82:42:d5:e9:f3:ea:46:c0:8f:6b:07:b8:7a:64:c8:bc:80:
         fa:15:47:7f:1e:ab:c5:78:56:8a:f1:9b:0f:27:a4:3a:61:11:
         33:e2:12:c7:56:ae:8c:a4:03:21:ce:43:76:36:e0:e4:ab:2d:
         f3:91:4b:0f:85:96:52:0d:09:cd:56:10:79:dc:d7:5a:2e:c7:
         da:8d:d6:84:55:17:44:08:01:2f:cc:bb:7a:c1:c2:f1:c7:f6:
         a0:81:73:e4:f6:02:e7:8e:d7:22:d8:61:65:c1:eb:cb:29:4d:
         f7:33:3b:11:3f:0a:1c:e0:a5:5d:ee:a6:78:37:5f:a5:58:21:
         0a:ba:62:52:fe:34:f5:bc:4e:39:85:82:85:86:e3:c0:a2:42:
         f6:ba:cb:79:d0:80:65:9d:b1:b5:32:f1:4a:1f:4a:31:ba:a9:
         ee:0e:9e:0f:b6:78:69:04:ce:77:36:8c:61:30:6d:0a:1f:85:
         09:bb:57:f8:88:1b:3c:1f:78:51:79:2b:2f:fb:52:bc:0d:2f:
         0d:ea:53:4e:df:c4:83:b1:ea:12:11:ba:64:09:ac:b2:ee:00:
         12:1f:85:f7:b6:a4:22:ff:42:7e:c7:55:ae:ef:4d:ea:ac:29:
         3d:84:61:85:19:13:2d:e2:98:cb:c3:b7:dc:44:b1:10:db:25:
         c1:6a:10:3d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ2XqrN/A4iCPBlbvAeGbPejMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjYwNDE2MTkwMDM5WhcNMjYwNDE3MTkwMDM5WjAzMTEwLwYDVQQD
Eyg3NGU3MDZjOGU2MTYyOTljNDJkMGZlZThkMWUyYTlmMGRhZjI2YzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujxzJ66dsx5Pq9qSgqMllStab6kR
rqT4BkHmhZlXXA+sW6YefDDtiVJGSZwFyJ6eXItM51nRW/HfBugZ/sVnPhnJwn6O
ylhRyTTAvC0A1nLSi4oX9l2kbxmV82/CZV5HHna7/1qHWRjrgGbkjGghI7csXDjE
/+bo4I5ALCZgvo/uQcOMEsLFNPDnblXVYeV5N9Ge1tHo0XRLEos7M3QLNEYFSy/P
qLBVsTfeBLXgppTuvSMmVP20GkMboWRi6wo0MTfhJL1KRg/UIqhvVhNURL7/vvVf
LO9HrVW66ZjWVpYip6oCFs52v8eLFuCNTAEdPYInB5KGLLcIeNoXGbGzZQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHTnBsjmFimcQtD+6NHiqfDa8mwvMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFIJC1enz
6kbAj2sHuHpkyLyA+hVHfx6rxXhWivGbDyekOmERM+ISx1aujKQDIc5Ddjbg5Kst
85FLD4WWUg0JzVYQedzXWi7H2o3WhFUXRAgBL8y7esHC8cf2oIFz5PYC547XIthh
ZcHryylN9zM7ET8KHOClXe6meDdfpVghCrpiUv409bxOOYWChYbjwKJC9rrLedCA
ZZ2xtTLxSh9KMbqp7g6eD7Z4aQTOdzaMYTBtCh+FCbtX+IgbPB94UXkrL/tSvA0v
DepTTt/Eg7HqEhG6ZAmssu4AEh+F97akIv9CfsdVru9N6qwpPYRhhRkTLeKYy8O3
3ESxENslwWoQPQ==
-----END CERTIFICATE-----