Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
File:                     XeHEMjIqoQWMPm_lf2N0qSlgacE.mft (raw, json)
Hash identifier:          aTBGxxAkR74b/0D5uutAGeP1qq60Y7romIzc0b88Ze0=
Subject key identifier:   41:EA:FB:0A:F2:75:33:1E:33:F4:C4:90:A3:CA:88:B1:2A:95:D4:EE
Authority key identifier: 5D:E1:C4:32:32:2A:A1:05:8C:3E:6F:E5:7F:63:74:A9:29:60:69:C1
Certificate issuer:       /CN=5de1c432322aa1058c3e6fe57f6374a9296069c1
Certificate serial:       019D9850198947FCDEF49E4E38A4D4347DBF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
Manifest number:          0DA3
Signing time:             Thu 16 Apr 2026 22:01:19 +0000
Manifest this update:     Thu 16 Apr 2026 22:01:19 +0000
Manifest next update:     Fri 17 Apr 2026 22:01:19 +0000
Files and hashes:         1: XeHEMjIqoQWMPm_lf2N0qSlgacE.crl (hash: FUDQvCzaDk2uBcyLvp8/crKcX7fUZVsqdzz4D5cG+aI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:98:50:19:89:47:fc:de:f4:9e:4e:38:a4:d4:34:7d:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5de1c432322aa1058c3e6fe57f6374a9296069c1
        Validity
            Not Before: Apr 16 22:01:19 2026 GMT
            Not After : Apr 17 22:01:19 2026 GMT
        Subject: CN=41eafb0af275331e33f4c490a3ca88b12a95d4ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:58:1c:9f:08:6e:11:1c:23:fb:73:08:fa:e8:
                    93:c6:4e:60:df:cd:9e:63:98:23:ed:30:3e:c3:af:
                    b8:e9:7d:4b:af:46:4a:43:ce:1b:ec:a5:6f:a6:9b:
                    09:01:ac:5f:8e:79:49:b8:f6:35:97:bb:21:a3:d4:
                    65:64:47:e1:73:ff:9b:24:57:5d:11:5a:d1:e9:a3:
                    25:85:64:83:e4:88:d3:50:a4:fa:f3:a7:2a:12:f1:
                    01:32:8a:bf:19:05:40:40:9a:62:7f:c4:2b:38:4d:
                    03:cb:89:b1:5d:34:2e:64:27:6e:50:82:ca:93:17:
                    e8:bf:8c:cf:a8:0b:28:be:c8:5d:12:c4:19:08:23:
                    76:b2:e2:91:a2:53:ad:dd:78:12:5b:a3:cd:35:d2:
                    bb:c7:0f:35:48:f3:e2:fe:ae:44:1d:5a:fc:eb:83:
                    2e:05:46:d4:f5:56:e2:fc:ef:24:1f:50:52:26:2b:
                    dc:c3:ec:f4:2a:77:11:f4:cb:05:a8:3e:a4:13:20:
                    d6:81:77:83:4a:06:6f:d4:d8:a3:ab:77:c2:64:9e:
                    2e:3c:f6:df:1d:4e:f0:b6:a1:ba:0f:44:20:43:fc:
                    29:6f:79:e5:15:b4:ed:b9:6d:35:2f:59:32:95:ba:
                    b9:e9:52:30:5f:18:e5:46:9f:24:c0:52:dd:fe:ae:
                    53:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:EA:FB:0A:F2:75:33:1E:33:F4:C4:90:A3:CA:88:B1:2A:95:D4:EE
            X509v3 Authority Key Identifier:
                keyid:5D:E1:C4:32:32:2A:A1:05:8C:3E:6F:E5:7F:63:74:A9:29:60:69:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XeHEMjIqoQWMPm_lf2N0qSlgacE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/33796e-7d5f-475c-b569-d78bb6f5b8f5/1/XeHEMjIqoQWMPm_lf2N0qSlgacE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         59:e0:30:3f:c9:5d:c0:28:ff:7e:00:fc:e6:57:6d:6d:da:5f:
         57:49:ce:ff:b8:02:33:49:ea:df:d3:3c:e0:ac:cc:a1:ce:7d:
         c8:07:53:ba:83:2e:4b:06:55:49:97:70:62:01:93:f6:4b:fe:
         26:c5:56:78:86:a7:09:38:87:6e:ea:97:d7:0f:e3:9a:81:d5:
         98:86:8e:b9:89:22:1c:b8:d6:58:cd:d6:ef:64:77:3c:6f:3b:
         c0:7f:d8:45:60:29:8d:77:62:18:6e:bc:65:00:ac:b2:3a:18:
         66:a8:fb:79:a8:1f:ac:fa:45:37:28:68:ea:2f:be:a0:f8:10:
         c6:96:11:c0:f0:6d:79:2c:30:2e:2f:15:03:90:91:fb:27:aa:
         85:a6:2f:45:84:70:c7:cc:f7:ab:c4:ad:0e:60:31:cc:32:55:
         95:14:da:cf:70:5b:9c:7b:b9:f8:11:95:73:16:6b:21:8b:15:
         c0:8b:a8:37:b6:b8:f4:ec:18:cd:e9:d0:39:54:92:0e:2a:48:
         a9:32:85:c5:c6:ff:80:1d:81:40:40:cb:07:b6:33:ae:b1:22:
         25:ab:30:33:2b:fa:a6:bb:b5:bf:01:dc:54:83:d0:8d:df:d2:
         e2:4b:aa:fc:6b:11:0b:4d:27:91:f2:90:a6:8e:1a:05:fe:43:
         31:34:0f:be
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ2YUBmJR/ze9J5OOKTUNH2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZTFjNDMyMzIyYWExMDU4YzNlNmZlNTdmNjM3NGE5Mjk2
MDY5YzEwHhcNMjYwNDE2MjIwMTE5WhcNMjYwNDE3MjIwMTE5WjAzMTEwLwYDVQQD
Eyg0MWVhZmIwYWYyNzUzMzFlMzNmNGM0OTBhM2NhODhiMTJhOTVkNGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVgcnwhuERwj+3MI+uiTxk5g382e
Y5gj7TA+w6+46X1Lr0ZKQ84b7KVvppsJAaxfjnlJuPY1l7sho9RlZEfhc/+bJFdd
EVrR6aMlhWSD5IjTUKT686cqEvEBMoq/GQVAQJpif8QrOE0Dy4mxXTQuZCduUILK
kxfov4zPqAsovshdEsQZCCN2suKRolOt3XgSW6PNNdK7xw81SPPi/q5EHVr864Mu
BUbU9Vbi/O8kH1BSJivcw+z0KncR9MsFqD6kEyDWgXeDSgZv1Nijq3fCZJ4uPPbf
HU7wtqG6D0QgQ/wpb3nlFbTtuW01L1kylbq56VIwXxjlRp8kwFLd/q5TQwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEHq+wrydTMeM/TEkKPKiLEqldTuMB8GA1UdIwQY
MBaAFF3hxDIyKqEFjD5v5X9jdKkpYGnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8zMzc5NmUtN2Q1Zi00NzVjLWI1Njkt
ZDc4YmI2ZjViOGY1LzEvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8zMzc5NmUtN2Q1Zi00NzVjLWI1NjktZDc4YmI2ZjViOGY1
LzEvWGVIRU1qSXFvUVdNUG1fbGYyTjBxU2xnYWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAWeAwP8ld
wCj/fgD85ldtbdpfV0nO/7gCM0nq39M84KzMoc59yAdTuoMuSwZVSZdwYgGT9kv+
JsVWeIanCTiHbuqX1w/jmoHVmIaOuYkiHLjWWM3W72R3PG87wH/YRWApjXdiGG68
ZQCssjoYZqj7eagfrPpFNyho6i++oPgQxpYRwPBteSwwLi8VA5CR+yeqhaYvRYRw
x8z3q8StDmAxzDJVlRTaz3BbnHu5+BGVcxZrIYsVwIuoN7a49OwYzenQOVSSDipI
qTKFxcb/gB2BQEDLB7YzrrEiJaswMyv6pru1vwHcVIPQjd/S4kuq/GsRC00nkfKQ
po4aBf5DMTQPvg==
-----END CERTIFICATE-----