Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
File:                     XeHEMjIqoQWMPm_lf2N0qSlgacE.mft (raw, json)
Hash identifier:          k1RpLLK9tei20EI2SSDF7PZ4EBngTsUCZts/crVCSFc=
Subject key identifier:   C4:16:11:9B:EE:4B:17:BB:E9:54:9C:6A:D5:48:29:A8:18:1B:02:2F
Authority key identifier: 5D:E1:C4:32:32:2A:A1:05:8C:3E:6F:E5:7F:63:74:A9:29:60:69:C1
Certificate issuer:       /CN=5de1c432322aa1058c3e6fe57f6374a9296069c1
Certificate serial:       019CAAC63C4157B35E43B0E2906EE2216886
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
Manifest number:          0D28
Signing time:             Sun 01 Mar 2026 19:00:44 +0000
Manifest this update:     Sun 01 Mar 2026 19:00:44 +0000
Manifest next update:     Mon 02 Mar 2026 19:00:44 +0000
Files and hashes:         1: XeHEMjIqoQWMPm_lf2N0qSlgacE.crl (hash: WTDDxqk7UiVtMZavYdM2qxUYEh8+F0QNDasM+q29T/M=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:c6:3c:41:57:b3:5e:43:b0:e2:90:6e:e2:21:68:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5de1c432322aa1058c3e6fe57f6374a9296069c1
        Validity
            Not Before: Mar  1 19:00:44 2026 GMT
            Not After : Mar  2 19:00:44 2026 GMT
        Subject: CN=c416119bee4b17bbe9549c6ad54829a8181b022f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5c:cb:ef:e7:50:1c:02:10:39:4f:bf:d2:37:
                    a5:9c:c0:14:2e:80:f7:67:6b:92:82:16:df:5d:97:
                    a6:70:77:f5:0d:38:2d:f3:11:57:29:ff:7a:0d:c6:
                    ca:57:74:5f:66:b9:fa:26:5c:f7:54:17:f5:57:a2:
                    5b:7a:0d:56:1f:b2:3f:86:74:3b:ba:5e:7c:16:ad:
                    05:cf:d0:88:45:97:54:25:cb:ed:7c:a8:37:3f:a3:
                    89:ac:f7:29:72:b7:45:3a:b5:5d:7e:19:35:18:7f:
                    f1:c5:fc:a5:80:bc:4e:ce:06:6d:4e:43:54:31:f6:
                    2a:ca:36:26:a8:dc:28:f2:fd:a0:6b:fe:ad:63:6b:
                    66:19:af:6a:66:66:fc:0d:db:ed:ac:e0:95:62:13:
                    e5:36:50:95:d8:75:cf:af:d9:14:19:63:73:c0:26:
                    e5:e6:23:e9:7c:4c:55:9e:0d:a0:ee:72:51:51:69:
                    75:7a:c1:60:1e:97:68:e7:66:3f:07:d2:8a:49:50:
                    42:b3:5a:02:b6:78:ea:e9:25:47:fc:85:e0:c1:88:
                    a1:82:d3:ed:41:32:fd:ed:e5:be:54:a1:0d:1f:35:
                    37:aa:51:00:4a:4e:f0:3d:85:a6:84:d7:46:bc:7c:
                    d6:75:5e:01:d6:b7:f6:bf:09:6c:cd:47:ab:81:cb:
                    e0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:16:11:9B:EE:4B:17:BB:E9:54:9C:6A:D5:48:29:A8:18:1B:02:2F
            X509v3 Authority Key Identifier:
                keyid:5D:E1:C4:32:32:2A:A1:05:8C:3E:6F:E5:7F:63:74:A9:29:60:69:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         c0:85:99:ae:94:a7:ce:64:32:a2:54:2d:dc:4a:f7:f3:07:98:
         8a:af:75:0b:6b:aa:83:3a:97:1b:6b:56:1d:bd:20:6e:40:69:
         6b:10:7a:90:25:c8:20:07:5f:78:b5:82:e6:39:62:2b:30:59:
         d6:9b:3d:66:be:bb:fc:26:3e:23:34:04:5c:21:88:eb:fe:2b:
         7e:df:45:90:ac:ab:ce:a3:95:e8:c5:24:da:00:c0:ce:8d:6e:
         39:59:d7:54:2a:06:59:13:8f:ba:6c:99:25:a1:aa:8c:4c:11:
         21:c3:5c:a6:a0:e4:49:38:fa:39:f6:fd:29:7e:de:0f:73:51:
         35:94:9e:6d:36:63:53:71:e7:d3:bc:36:2d:2c:7b:0f:1d:25:
         62:db:4a:45:d6:ef:d2:e8:87:81:dd:9f:53:f0:49:49:f0:97:
         2c:d0:3e:85:f3:59:ec:ea:e5:0b:42:db:fc:19:5a:f5:21:2c:
         0a:88:b7:74:e1:f1:c4:eb:93:db:14:ab:ce:0a:d7:c3:2e:45:
         fb:ab:4a:ff:28:f5:80:61:57:84:6e:68:f7:e4:c4:16:4b:3b:
         88:c5:69:87:62:19:9d:c7:27:9c:29:c4:34:05:4e:73:8d:3d:
         15:bf:b6:ef:38:57:ba:83:cb:ab:e1:46:b9:4a:11:81:92:fb:
         8f:7e:5e:62
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZyqxjxBV7NeQ7DikG7iIWiGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZTFjNDMyMzIyYWExMDU4YzNlNmZlNTdmNjM3NGE5Mjk2
MDY5YzEwHhcNMjYwMzAxMTkwMDQ0WhcNMjYwMzAyMTkwMDQ0WjAzMTEwLwYDVQQD
EyhjNDE2MTE5YmVlNGIxN2JiZTk1NDljNmFkNTQ4MjlhODE4MWIwMjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFzL7+dQHAIQOU+/0jelnMAULoD3
Z2uSghbfXZemcHf1DTgt8xFXKf96DcbKV3RfZrn6Jlz3VBf1V6Jbeg1WH7I/hnQ7
ul58Fq0Fz9CIRZdUJcvtfKg3P6OJrPcpcrdFOrVdfhk1GH/xxfylgLxOzgZtTkNU
MfYqyjYmqNwo8v2ga/6tY2tmGa9qZmb8DdvtrOCVYhPlNlCV2HXPr9kUGWNzwCbl
5iPpfExVng2g7nJRUWl1esFgHpdo52Y/B9KKSVBCs1oCtnjq6SVH/IXgwYihgtPt
QTL97eW+VKENHzU3qlEASk7wPYWmhNdGvHzWdV4B1rf2vwlszUergcvg+wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMQWEZvuSxe76VScatVIKagYGwIvMB8GA1UdIwQY
MBaAFF3hxDIyKqEFjD5v5X9jdKkpYGnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8zMzc5NmUtN2Q1Zi00NzVjLWI1Njkt
ZDc4YmI2ZjViOGY1LzEvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8zMzc5NmUtN2Q1Zi00NzVjLWI1NjktZDc4YmI2ZjViOGY1
LzEvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAwIWZrpSn
zmQyolQt3Er38weYiq91C2uqgzqXG2tWHb0gbkBpaxB6kCXIIAdfeLWC5jliKzBZ
1ps9Zr67/CY+IzQEXCGI6/4rft9FkKyrzqOV6MUk2gDAzo1uOVnXVCoGWROPumyZ
JaGqjEwRIcNcpqDkSTj6Ofb9KX7eD3NRNZSebTZjU3Hn07w2LSx7Dx0lYttKRdbv
0uiHgd2fU/BJSfCXLNA+hfNZ7OrlC0Lb/Bla9SEsCoi3dOHxxOuT2xSrzgrXwy5F
+6tK/yj1gGFXhG5o9+TEFks7iMVph2IZnccnnCnENAVOc409Fb+27zhXuoPLq+FG
uUoRgZL7j35eYg==
-----END CERTIFICATE-----