Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/5141aa-18d9-4d34-8278-f3096a024e29/1/35qWOAlxTREDtkYNnQ4UoS6FAyU.mft
File:                     35qWOAlxTREDtkYNnQ4UoS6FAyU.mft (raw, json)
Hash identifier:          l1iOTQnuQV2MpCWWsN7NLXeGTJk2+bWmCaiXWEMuTkw=
Subject key identifier:   A3:9D:2B:ED:B0:89:BC:92:C0:56:CB:64:9F:DC:AA:C4:16:C1:82:06
Authority key identifier: DF:9A:96:38:09:71:4D:11:03:B6:46:0D:9D:0E:14:A1:2E:85:03:25
Certificate issuer:       /CN=df9a963809714d1103b6460d9d0e14a12e850325
Certificate serial:       019CAB341F623D6EA7D5D2BC26BCAF810EE4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35qWOAlxTREDtkYNnQ4UoS6FAyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/5141aa-18d9-4d34-8278-f3096a024e29/1/35qWOAlxTREDtkYNnQ4UoS6FAyU.mft
Manifest number:          0F2B
Signing time:             Sun 01 Mar 2026 21:00:45 +0000
Manifest this update:     Sun 01 Mar 2026 21:00:45 +0000
Manifest next update:     Mon 02 Mar 2026 21:00:45 +0000
Files and hashes:         1: 35qWOAlxTREDtkYNnQ4UoS6FAyU.crl (hash: r1Q8RgUhYXELiWz3RrAggYroJkYEb9Sfc/eJo2AI8lk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/5141aa-18d9-4d34-8278-f3096a024e29/1/35qWOAlxTREDtkYNnQ4UoS6FAyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/5141aa-18d9-4d34-8278-f3096a024e29/1/35qWOAlxTREDtkYNnQ4UoS6FAyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/35qWOAlxTREDtkYNnQ4UoS6FAyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 21:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ab:34:1f:62:3d:6e:a7:d5:d2:bc:26:bc:af:81:0e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9a963809714d1103b6460d9d0e14a12e850325
        Validity
            Not Before: Mar  1 21:00:45 2026 GMT
            Not After : Mar  2 21:00:45 2026 GMT
        Subject: CN=a39d2bedb089bc92c056cb649fdcaac416c18206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:14:fd:6e:7f:90:60:a9:4e:1f:bf:ec:58:1c:
                    36:26:be:6d:a3:0e:26:90:33:2d:8e:16:1d:e2:af:
                    39:21:17:f4:79:43:5d:f2:21:b6:ae:aa:e8:1f:b9:
                    6d:39:50:aa:82:eb:8a:e2:ff:6a:76:60:1b:f3:cd:
                    6a:30:e9:f1:87:ad:03:5b:90:d8:f4:56:a1:fa:c3:
                    cc:51:61:be:48:ab:b1:a2:e7:a5:68:46:91:37:7d:
                    c8:1e:68:eb:d2:c0:c7:d2:71:f6:f0:19:60:84:5c:
                    42:ad:e3:84:c1:81:9f:72:2d:dd:78:cf:ff:e7:34:
                    cc:7f:14:e6:5e:76:9c:32:e4:39:40:ba:ce:29:bd:
                    df:5b:d2:91:cb:2b:b7:91:7d:81:43:ca:b6:d9:23:
                    97:ca:93:64:e6:be:a7:76:9f:1d:ac:29:8a:bf:f4:
                    56:8c:b2:f7:51:35:cc:cc:a6:13:49:15:67:b8:3b:
                    7a:0e:79:59:e1:5b:4c:22:e8:9a:99:74:b3:4f:ba:
                    77:e1:fa:df:87:eb:32:45:32:da:38:e9:c7:42:93:
                    9e:78:fc:e9:3a:cd:f5:ef:4d:fa:67:5a:f5:fc:f2:
                    17:b6:cc:33:03:c8:4d:f8:b3:8a:ee:e1:e0:30:15:
                    9e:86:0c:e8:3d:cd:9a:15:10:fd:c9:bb:df:75:4a:
                    57:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:9D:2B:ED:B0:89:BC:92:C0:56:CB:64:9F:DC:AA:C4:16:C1:82:06
            X509v3 Authority Key Identifier:
                keyid:DF:9A:96:38:09:71:4D:11:03:B6:46:0D:9D:0E:14:A1:2E:85:03:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35qWOAlxTREDtkYNnQ4UoS6FAyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/5141aa-18d9-4d34-8278-f3096a024e29/1/35qWOAlxTREDtkYNnQ4UoS6FAyU.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/5141aa-18d9-4d34-8278-f3096a024e29/1/35qWOAlxTREDtkYNnQ4UoS6FAyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         2d:ab:af:99:30:da:88:6c:d3:32:9c:18:39:2f:16:9d:2e:c4:
         ec:a7:1b:bb:59:98:bd:fa:4f:61:25:5f:f7:83:ac:11:5c:b3:
         3f:c6:dc:03:0a:6c:96:ba:c6:a6:38:b6:b4:cd:50:92:70:05:
         2c:75:b2:50:46:26:dd:91:71:44:b4:a9:18:cb:67:26:4c:a8:
         fc:f8:60:ea:d9:8d:50:55:d2:4f:e7:d6:db:4a:3f:91:bb:38:
         6c:d8:95:5b:b4:93:05:15:7d:bd:0d:a6:02:8b:e3:31:b3:c0:
         eb:a4:f8:ad:f9:6a:8a:bb:cc:f7:78:db:98:1f:06:4d:57:9b:
         82:07:dc:a5:e7:f5:69:67:e3:f4:93:39:17:75:e5:70:0a:7b:
         2c:48:fb:0b:5e:d6:5b:2c:6b:5e:39:01:0f:0e:7a:0b:53:4b:
         2a:34:95:3f:f2:0f:10:eb:f0:92:5e:c3:77:61:52:ae:74:9c:
         f0:88:a8:60:80:ee:23:0d:98:48:e3:3d:1c:52:7d:6a:f5:0e:
         dd:24:57:cd:00:f1:24:48:01:a9:13:8c:ad:18:7b:09:af:61:
         d8:90:2c:45:0f:17:c3:cd:c8:eb:97:81:56:7b:81:b7:bd:b0:
         27:4a:f0:74:08:2f:56:d8:c8:6c:91:bd:b8:02:99:16:f3:6d:
         ea:11:2f:f4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZyrNB9iPW6n1dK8JryvgQ7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWE5NjM4MDk3MTRkMTEwM2I2NDYwZDlkMGUxNGExMmU4
NTAzMjUwHhcNMjYwMzAxMjEwMDQ1WhcNMjYwMzAyMjEwMDQ1WjAzMTEwLwYDVQQD
EyhhMzlkMmJlZGIwODliYzkyYzA1NmNiNjQ5ZmRjYWFjNDE2YzE4MjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBT9bn+QYKlOH7/sWBw2Jr5tow4m
kDMtjhYd4q85IRf0eUNd8iG2rqroH7ltOVCqguuK4v9qdmAb881qMOnxh60DW5DY
9Fah+sPMUWG+SKuxouelaEaRN33IHmjr0sDH0nH28BlghFxCreOEwYGfci3deM//
5zTMfxTmXnacMuQ5QLrOKb3fW9KRyyu3kX2BQ8q22SOXypNk5r6ndp8drCmKv/RW
jLL3UTXMzKYTSRVnuDt6DnlZ4VtMIuiamXSzT7p34frfh+syRTLaOOnHQpOeePzp
Os317036Z1r1/PIXtswzA8hN+LOK7uHgMBWehgzoPc2aFRD9ybvfdUpXDQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKOdK+2wibySwFbLZJ/cqsQWwYIGMB8GA1UdIwQY
MBaAFN+aljgJcU0RA7ZGDZ0OFKEuhQMlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzVxV09BbHhUUkVEdGtZTm5RNFVvUzZGQXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC81MTQxYWEtMThkOS00ZDM0LTgyNzgt
ZjMwOTZhMDI0ZTI5LzEvMzVxV09BbHhUUkVEdGtZTm5RNFVvUzZGQXlVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC81MTQxYWEtMThkOS00ZDM0LTgyNzgtZjMwOTZhMDI0ZTI5
LzEvMzVxV09BbHhUUkVEdGtZTm5RNFVvUzZGQXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEALauvmTDa
iGzTMpwYOS8WnS7E7Kcbu1mYvfpPYSVf94OsEVyzP8bcAwpslrrGpji2tM1QknAF
LHWyUEYm3ZFxRLSpGMtnJkyo/Phg6tmNUFXST+fW20o/kbs4bNiVW7STBRV9vQ2m
AovjMbPA66T4rflqirvM93jbmB8GTVebggfcpef1aWfj9JM5F3XlcAp7LEj7C17W
WyxrXjkBDw56C1NLKjSVP/IPEOvwkl7Dd2FSrnSc8IioYIDuIw2YSOM9HFJ9avUO
3SRXzQDxJEgBqROMrRh7Ca9h2JAsRQ8Xw83I65eBVnuBt72wJ0rwdAgvVtjIbJG9
uAKZFvNt6hEv9A==
-----END CERTIFICATE-----