Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft
File:                     KLwbPQy41cqsOntK0XlF--9QWKU.mft (raw, json)
Hash identifier:          YP7G9PfASUNgJBGMPDqR4n9PitFvpyYsKoB+hFCmPxg=
Subject key identifier:   86:45:F8:50:03:92:4C:94:95:AA:D1:A5:AD:42:45:90:82:1C:D1:15
Authority key identifier: 28:BC:1B:3D:0C:B8:D5:CA:AC:3A:7B:4A:D1:79:45:FB:EF:50:58:A5
Certificate issuer:       /CN=28bc1b3d0cb8d5caac3a7b4ad17945fbef5058a5
Certificate serial:       019D99631C55F11593C869C04B4C5F921E8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KLwbPQy41cqsOntK0XlF--9QWKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft
Manifest number:          04D0
Signing time:             Fri 17 Apr 2026 03:01:42 +0000
Manifest this update:     Fri 17 Apr 2026 03:01:42 +0000
Manifest next update:     Sat 18 Apr 2026 03:01:42 +0000
Files and hashes:         1: KLwbPQy41cqsOntK0XlF--9QWKU.crl (hash: LdMuFfmLyY4byup9IU+gD+1sbIXioa7X7Vd+fRUeg7M=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KLwbPQy41cqsOntK0XlF--9QWKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:99:63:1c:55:f1:15:93:c8:69:c0:4b:4c:5f:92:1e:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bc1b3d0cb8d5caac3a7b4ad17945fbef5058a5
        Validity
            Not Before: Apr 17 03:01:42 2026 GMT
            Not After : Apr 18 03:01:42 2026 GMT
        Subject: CN=8645f85003924c9495aad1a5ad424590821cd115
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:de:77:22:51:23:e8:6e:8e:14:a7:ff:18:4f:
                    5c:55:23:39:0f:58:c2:23:47:4d:ea:c0:da:68:31:
                    f0:73:d4:66:f9:90:b8:0e:bc:64:81:3f:55:5c:84:
                    75:23:bd:f0:5f:da:aa:8f:de:d9:ce:4b:12:00:04:
                    1e:a2:e8:9d:4e:ea:8b:47:b1:dd:7b:e8:43:40:32:
                    23:b9:db:73:77:2d:ef:b4:b0:59:09:50:d7:97:33:
                    66:09:02:00:f2:a7:03:70:43:fc:05:ee:1e:45:44:
                    84:79:6f:33:51:68:ea:ff:dd:12:33:b3:6e:60:6a:
                    10:76:1b:49:b9:f5:b2:c5:d9:15:38:59:66:bc:74:
                    23:d8:53:d7:0a:df:bd:a1:77:77:07:1d:41:69:c7:
                    fa:2f:fe:f2:02:0c:c0:6b:fb:f7:88:6f:96:f8:d3:
                    6b:c0:61:0a:bf:2f:e0:17:9a:57:a0:fa:2a:42:37:
                    6a:39:e2:91:e6:6e:93:b5:27:2a:11:62:bb:78:ac:
                    33:51:3b:86:41:c4:f1:05:98:12:6f:ec:08:3f:65:
                    d2:d7:9d:70:d3:ed:de:dc:51:26:d3:2d:c6:03:6d:
                    03:d0:1f:65:2d:27:fa:41:1b:f6:14:f0:3a:32:29:
                    0b:5a:3e:a1:5b:a0:76:3f:3c:67:13:6e:77:39:97:
                    bd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:45:F8:50:03:92:4C:94:95:AA:D1:A5:AD:42:45:90:82:1C:D1:15
            X509v3 Authority Key Identifier:
                keyid:28:BC:1B:3D:0C:B8:D5:CA:AC:3A:7B:4A:D1:79:45:FB:EF:50:58:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLwbPQy41cqsOntK0XlF--9QWKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         31:70:7a:b6:de:79:fa:96:c2:e1:20:c4:f6:37:06:f3:a2:5d:
         f6:b3:5c:09:ff:33:9a:48:71:5e:c5:c9:a5:53:90:ef:0e:e8:
         d1:23:d6:c4:2d:d4:61:ce:af:7f:f2:98:e9:87:9c:d5:e3:98:
         5a:54:3b:92:7f:64:c0:f5:e5:5d:e4:e2:be:28:5d:b8:19:a3:
         b4:44:ca:44:a5:56:95:97:5a:a8:0c:29:8e:d1:fd:d3:be:7c:
         44:cd:5d:a0:2a:95:41:e9:89:9d:59:6d:1e:f7:dc:36:8f:30:
         59:f4:af:c3:38:6f:9e:aa:17:7e:b5:ed:7a:fa:38:be:34:ed:
         cb:b2:38:da:32:0e:6a:1e:2f:e1:9d:a1:f6:ec:88:00:39:aa:
         95:fe:ae:7a:62:08:26:fe:bd:4b:00:3a:d0:a6:af:39:fb:24:
         ea:73:23:85:72:f2:4c:75:bf:bc:1e:e7:a1:c7:2e:c1:77:24:
         dc:2c:3e:63:a4:2b:56:6d:b7:f5:18:8a:97:9f:7d:de:32:0f:
         c2:74:f5:d3:15:ff:b4:0d:af:70:d8:ef:60:6c:e3:f9:22:13:
         be:0d:12:2a:8a:76:b7:40:a7:66:85:76:49:f4:57:fb:f4:b5:
         fb:b1:06:21:04:90:cf:b7:79:92:e4:ed:7a:4c:63:00:77:b9:
         3b:06:41:18
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ2ZYxxV8RWTyGnAS0xfkh6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmMxYjNkMGNiOGQ1Y2FhYzNhN2I0YWQxNzk0NWZiZWY1
MDU4YTUwHhcNMjYwNDE3MDMwMTQyWhcNMjYwNDE4MDMwMTQyWjAzMTEwLwYDVQQD
Eyg4NjQ1Zjg1MDAzOTI0Yzk0OTVhYWQxYTVhZDQyNDU5MDgyMWNkMTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0d53IlEj6G6OFKf/GE9cVSM5D1jC
I0dN6sDaaDHwc9Rm+ZC4DrxkgT9VXIR1I73wX9qqj97ZzksSAAQeouidTuqLR7Hd
e+hDQDIjudtzdy3vtLBZCVDXlzNmCQIA8qcDcEP8Be4eRUSEeW8zUWjq/90SM7Nu
YGoQdhtJufWyxdkVOFlmvHQj2FPXCt+9oXd3Bx1Bacf6L/7yAgzAa/v3iG+W+NNr
wGEKvy/gF5pXoPoqQjdqOeKR5m6TtScqEWK7eKwzUTuGQcTxBZgSb+wIP2XS151w
0+3e3FEm0y3GA20D0B9lLSf6QRv2FPA6MikLWj6hW6B2PzxnE253OZe9WwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIZF+FADkkyUlarRpa1CRZCCHNEVMB8GA1UdIwQY
MBaAFCi8Gz0MuNXKrDp7StF5RfvvUFilMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0x3YlBReTQxY3FzT250SzBYbEYtLTlRV0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83YTFiNjAtM2FlYy00NGRkLTk2NjIt
MzY1OTg1NDA5YmZhLzEvS0x3YlBReTQxY3FzT250SzBYbEYtLTlRV0tVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83YTFiNjAtM2FlYy00NGRkLTk2NjItMzY1OTg1NDA5YmZh
LzEvS0x3YlBReTQxY3FzT250SzBYbEYtLTlRV0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAMXB6tt55
+pbC4SDE9jcG86Jd9rNcCf8zmkhxXsXJpVOQ7w7o0SPWxC3UYc6vf/KY6Yec1eOY
WlQ7kn9kwPXlXeTivihduBmjtETKRKVWlZdaqAwpjtH90758RM1doCqVQemJnVlt
HvfcNo8wWfSvwzhvnqoXfrXtevo4vjTty7I42jIOah4v4Z2h9uyIADmqlf6uemII
Jv69SwA60KavOfsk6nMjhXLyTHW/vB7noccuwXck3Cw+Y6QrVm239RiKl5993jIP
wnT10xX/tA2vcNjvYGzj+SITvg0SKop2t0CnZoV2SfRX+/S1+7EGIQSQz7d5kuTt
ekxjAHe5OwZBGA==
-----END CERTIFICATE-----