Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
File:                     2bN6OM6IfTdjYEau84ehwjMVLkE.mft (raw, json)
Hash identifier:          iwvP6k9QcmRjWrjS2EKxB8Tp7jutSdTTA+JV0Swixig=
Subject key identifier:   35:68:83:BF:09:AB:BE:A3:31:93:35:C2:C6:C5:7E:D9:1F:2E:05:4C
Authority key identifier: D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41
Certificate issuer:       /CN=d9b37a38ce887d37636046aef387a1c233152e41
Certificate serial:       019D9AE38A320C8E0FE07F76C6D84E861343
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
Manifest number:          0953
Signing time:             Fri 17 Apr 2026 10:01:36 +0000
Manifest this update:     Fri 17 Apr 2026 10:01:36 +0000
Manifest next update:     Sat 18 Apr 2026 10:01:36 +0000
Files and hashes:         1: 2bN6OM6IfTdjYEau84ehwjMVLkE.crl (hash: 9fcScrdtABypEVO5TSyGcEx8T18kVCrLxr1VghrIlEs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:e3:8a:32:0c:8e:0f:e0:7f:76:c6:d8:4e:86:13:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9b37a38ce887d37636046aef387a1c233152e41
        Validity
            Not Before: Apr 17 10:01:36 2026 GMT
            Not After : Apr 18 10:01:36 2026 GMT
        Subject: CN=356883bf09abbea3319335c2c6c57ed91f2e054c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b5:40:c0:2c:4b:b2:a4:d1:b8:a0:05:12:ca:
                    c7:d0:84:33:d3:5f:e1:9a:cb:01:2d:1b:01:ae:0a:
                    3b:1d:38:69:9e:58:8c:d9:35:e5:21:fe:1c:ce:4a:
                    aa:d6:b5:a0:95:20:29:52:44:ce:36:41:58:1b:09:
                    2a:56:aa:2a:3f:55:35:74:9c:f4:e7:43:0e:61:42:
                    e8:26:c9:20:83:9c:72:44:f6:30:5b:36:b0:05:b9:
                    b3:4d:f1:95:0a:4c:86:d8:2a:7e:f9:ac:82:41:c0:
                    fa:37:f3:9d:66:36:1d:40:df:54:7c:15:51:15:41:
                    17:74:16:10:66:f0:8f:5a:9e:e9:bd:de:37:3f:c4:
                    22:fe:e5:bb:0a:a3:8d:39:c4:aa:c2:5c:ae:c9:35:
                    2e:d6:0a:e7:e6:90:85:16:ad:9d:cf:a7:15:75:9c:
                    85:37:af:e2:ff:f6:07:e3:1b:86:1b:f5:0e:ea:8f:
                    a0:b7:51:5d:88:b3:c1:72:e2:8d:2a:27:22:aa:04:
                    cf:da:7a:15:59:b8:b5:f2:b9:70:b5:79:9a:c4:7a:
                    c1:3b:02:04:b0:d3:f8:7b:5d:98:be:ab:4a:de:53:
                    0b:ed:65:84:21:ea:2f:13:14:05:a4:4a:e7:6b:5f:
                    f6:be:66:95:d5:5b:06:97:32:3f:5b:3d:01:46:33:
                    a4:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:68:83:BF:09:AB:BE:A3:31:93:35:C2:C6:C5:7E:D9:1F:2E:05:4C
            X509v3 Authority Key Identifier:
                keyid:D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         21:a8:34:42:6d:72:84:27:c0:fe:6c:98:c4:d2:6f:5a:db:83:
         70:5c:50:36:4f:70:af:c9:a5:ba:28:17:84:0a:20:da:7b:38:
         d6:c3:a5:c2:14:9f:1d:01:db:c9:a8:e8:5c:69:19:06:b3:b9:
         82:d5:c4:1a:b5:59:54:d3:6f:1a:8d:27:93:ea:f0:ba:c7:ef:
         df:80:22:3f:51:af:f2:11:5e:bb:ab:e2:18:59:0f:74:2d:8d:
         df:2b:4a:00:97:99:b9:29:3f:94:98:a1:b1:64:20:34:2b:78:
         f9:8f:1a:55:3b:15:12:9d:7d:3d:db:b1:00:01:10:04:12:97:
         1a:cb:ed:34:3c:d1:bb:e9:79:1d:3f:b4:26:e6:2d:71:c2:a7:
         c9:6e:75:5c:a1:3f:4f:6c:6d:95:d3:77:2c:31:7f:a4:51:4f:
         4d:1e:06:68:9b:7a:56:50:fb:fe:17:8c:59:92:76:ec:b1:32:
         f1:eb:3a:ed:17:6e:15:d5:54:66:82:0f:c5:b7:4c:88:ab:a0:
         4b:f3:9e:53:ef:81:4b:32:6a:ad:5b:8d:5d:75:2b:d9:27:0b:
         1d:f1:6d:5f:bb:a7:7a:bd:0f:ca:15:24:6f:2d:61:bf:d9:9f:
         85:d4:02:b3:eb:ab:85:4e:df:57:1a:48:01:86:d0:a5:85:5f:
         78:5c:0f:5c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ2a44oyDI4P4H92xthOhhNDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YjM3YTM4Y2U4ODdkMzc2MzYwNDZhZWYzODdhMWMyMzMx
NTJlNDEwHhcNMjYwNDE3MTAwMTM2WhcNMjYwNDE4MTAwMTM2WjAzMTEwLwYDVQQD
EygzNTY4ODNiZjA5YWJiZWEzMzE5MzM1YzJjNmM1N2VkOTFmMmUwNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybVAwCxLsqTRuKAFEsrH0IQz01/h
mssBLRsBrgo7HThpnliM2TXlIf4czkqq1rWglSApUkTONkFYGwkqVqoqP1U1dJz0
50MOYULoJskgg5xyRPYwWzawBbmzTfGVCkyG2Cp++ayCQcD6N/OdZjYdQN9UfBVR
FUEXdBYQZvCPWp7pvd43P8Qi/uW7CqONOcSqwlyuyTUu1grn5pCFFq2dz6cVdZyF
N6/i//YH4xuGG/UO6o+gt1FdiLPBcuKNKiciqgTP2noVWbi18rlwtXmaxHrBOwIE
sNP4e12YvqtK3lML7WWEIeovExQFpErna1/2vmaV1VsGlzI/Wz0BRjOkZQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDVog78Jq76jMZM1wsbFftkfLgVMMB8GA1UdIwQY
MBaAFNmzejjOiH03Y2BGrvOHocIzFS5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgt
ZDZhYWM2MTM4MzBiLzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgtZDZhYWM2MTM4MzBi
LzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIag0Qm1y
hCfA/myYxNJvWtuDcFxQNk9wr8mluigXhAog2ns41sOlwhSfHQHbyajoXGkZBrO5
gtXEGrVZVNNvGo0nk+rwusfv34AiP1Gv8hFeu6viGFkPdC2N3ytKAJeZuSk/lJih
sWQgNCt4+Y8aVTsVEp19PduxAAEQBBKXGsvtNDzRu+l5HT+0JuYtccKnyW51XKE/
T2xtldN3LDF/pFFPTR4GaJt6VlD7/heMWZJ27LEy8es67RduFdVUZoIPxbdMiKug
S/OeU++BSzJqrVuNXXUr2ScLHfFtX7uner0PyhUkby1hv9mfhdQCs+urhU7fVxpI
AYbQpYVfeFwPXA==
-----END CERTIFICATE-----