Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft
File:                     2Gcf4VfnflYoTFTVLi3w1_4609k.mft (raw, json)
Hash identifier:          LMkGmCLLBVLiBuqrGPALkenSA5fJxWPX2YikG3A2WNk=
Subject key identifier:   A2:54:AF:73:B8:FA:92:37:3B:8F:B3:D6:3E:5A:57:1E:88:72:01:41
Authority key identifier: D8:67:1F:E1:57:E7:7E:56:28:4C:54:D5:2E:2D:F0:D7:FE:3A:D3:D9
Certificate issuer:       /CN=d8671fe157e77e56284c54d52e2df0d7fe3ad3d9
Certificate serial:       019DA3E5CF134FA3A1A07FC8C7D8D78A7F0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Gcf4VfnflYoTFTVLi3w1_4609k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft
Manifest number:          1558
Signing time:             Sun 19 Apr 2026 04:00:40 +0000
Manifest this update:     Sun 19 Apr 2026 04:00:40 +0000
Manifest next update:     Mon 20 Apr 2026 04:00:40 +0000
Files and hashes:         1: 2Gcf4VfnflYoTFTVLi3w1_4609k.crl (hash: LE46N/eYSxOQRzDGqKOEIly99qNsWekD4kjEfOycmvA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Gcf4VfnflYoTFTVLi3w1_4609k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a3:e5:cf:13:4f:a3:a1:a0:7f:c8:c7:d8:d7:8a:7f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8671fe157e77e56284c54d52e2df0d7fe3ad3d9
        Validity
            Not Before: Apr 19 04:00:40 2026 GMT
            Not After : Apr 20 04:00:40 2026 GMT
        Subject: CN=a254af73b8fa92373b8fb3d63e5a571e88720141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:cf:d1:58:96:a9:5d:26:d7:ec:ec:08:c9:dc:
                    69:04:b9:51:be:38:24:b6:93:7f:ab:3c:e2:02:94:
                    d1:29:ce:c3:0e:bd:da:dc:a1:9e:8d:32:96:72:b3:
                    cc:8b:c4:2a:dd:66:60:d5:78:b7:68:29:da:96:91:
                    dc:67:02:2d:9c:5b:1c:84:b2:ff:20:a3:35:cd:de:
                    47:90:30:28:39:7c:8b:13:41:f7:f7:1c:d4:59:67:
                    16:be:a0:50:66:3b:b6:1f:bd:0a:a4:97:45:3a:31:
                    50:f2:c3:ca:9f:99:db:94:29:d3:c3:98:1d:51:31:
                    4d:89:3a:63:60:e9:c4:93:44:dc:d4:82:0b:3c:6a:
                    9f:78:ff:09:e1:de:c6:e3:16:12:28:8e:fe:e2:bc:
                    46:b4:f1:dd:f9:63:0e:85:22:ef:86:29:85:08:87:
                    fb:68:bf:e9:d7:94:3b:44:60:ed:1d:ca:d6:8d:be:
                    65:c0:da:03:43:5e:43:02:26:7d:56:3f:7f:1c:ca:
                    d0:df:0f:0f:f7:6b:7a:9b:71:42:89:27:24:57:90:
                    19:26:d7:8f:35:2b:a7:37:47:de:3d:97:27:f2:94:
                    0d:06:5e:76:f3:a9:cc:1d:ae:11:34:47:30:79:bc:
                    d7:1c:8b:d6:72:b9:cb:8e:df:ac:d1:96:31:25:f4:
                    29:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:54:AF:73:B8:FA:92:37:3B:8F:B3:D6:3E:5A:57:1E:88:72:01:41
            X509v3 Authority Key Identifier:
                keyid:D8:67:1F:E1:57:E7:7E:56:28:4C:54:D5:2E:2D:F0:D7:FE:3A:D3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Gcf4VfnflYoTFTVLi3w1_4609k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/768b72-2a77-42b9-8b0c-1eabffaaff19/1/2Gcf4VfnflYoTFTVLi3w1_4609k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         12:94:10:cb:32:e2:a0:6d:70:f2:87:b0:ae:cf:55:a2:d4:58:
         12:35:e9:03:a2:70:e5:62:1b:84:45:83:6a:dc:1b:76:cb:43:
         b3:fa:a0:20:8e:b0:e5:ea:08:74:27:c7:ec:46:dd:75:91:36:
         b2:6c:9c:41:30:30:09:85:a7:e6:a4:e3:e1:6e:15:a4:8c:ba:
         b5:fd:53:e6:a2:4a:81:9c:13:f8:97:16:77:66:a2:9e:08:9a:
         5e:10:7e:24:4e:c2:29:11:0c:43:d6:f8:b7:78:fc:62:4c:e4:
         cd:41:b7:74:2c:f1:c7:96:36:8a:70:eb:62:c6:d1:54:66:74:
         d1:85:3d:33:34:08:68:3d:69:ef:9f:fe:c4:47:4c:d5:07:34:
         49:0f:1f:4a:2f:f1:65:34:cd:5e:3c:5b:2c:5a:68:37:c6:e2:
         da:a5:80:ff:04:9e:d6:05:71:f2:35:87:34:37:f9:52:06:e0:
         dc:96:24:b5:38:d3:08:f8:b5:46:22:1e:9f:08:6d:27:13:1d:
         31:e3:76:23:13:85:d4:46:4d:6c:de:75:32:27:bf:2b:c9:5f:
         4b:b0:6d:c8:74:1f:0d:ca:a2:50:4f:9a:e0:b6:af:67:cb:b3:
         98:2d:7c:c5:55:d4:92:27:93:13:70:7e:5d:d2:cf:94:56:15:
         5c:73:65:71
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ2j5c8TT6OhoH/Ix9jXin8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NjcxZmUxNTdlNzdlNTYyODRjNTRkNTJlMmRmMGQ3ZmUz
YWQzZDkwHhcNMjYwNDE5MDQwMDQwWhcNMjYwNDIwMDQwMDQwWjAzMTEwLwYDVQQD
EyhhMjU0YWY3M2I4ZmE5MjM3M2I4ZmIzZDYzZTVhNTcxZTg4NzIwMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8/RWJapXSbX7OwIydxpBLlRvjgk
tpN/qzziApTRKc7DDr3a3KGejTKWcrPMi8Qq3WZg1Xi3aCnalpHcZwItnFschLL/
IKM1zd5HkDAoOXyLE0H39xzUWWcWvqBQZju2H70KpJdFOjFQ8sPKn5nblCnTw5gd
UTFNiTpjYOnEk0Tc1IILPGqfeP8J4d7G4xYSKI7+4rxGtPHd+WMOhSLvhimFCIf7
aL/p15Q7RGDtHcrWjb5lwNoDQ15DAiZ9Vj9/HMrQ3w8P92t6m3FCiSckV5AZJteP
NSunN0fePZcn8pQNBl5286nMHa4RNEcwebzXHIvWcrnLjt+s0ZYxJfQpRwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKJUr3O4+pI3O4+z1j5aVx6IcgFBMB8GA1UdIwQY
MBaAFNhnH+FX535WKExU1S4t8Nf+OtPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkdjZjRWZm5mbFlvVEZUVkxpM3cxXzQ2MDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy83NjhiNzItMmE3Ny00MmI5LThiMGMt
MWVhYmZmYWFmZjE5LzEvMkdjZjRWZm5mbFlvVEZUVkxpM3cxXzQ2MDlrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy83NjhiNzItMmE3Ny00MmI5LThiMGMtMWVhYmZmYWFmZjE5
LzEvMkdjZjRWZm5mbFlvVEZUVkxpM3cxXzQ2MDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAEpQQyzLi
oG1w8oewrs9VotRYEjXpA6Jw5WIbhEWDatwbdstDs/qgII6w5eoIdCfH7EbddZE2
smycQTAwCYWn5qTj4W4VpIy6tf1T5qJKgZwT+JcWd2aingiaXhB+JE7CKREMQ9b4
t3j8YkzkzUG3dCzxx5Y2inDrYsbRVGZ00YU9MzQIaD1p75/+xEdM1Qc0SQ8fSi/x
ZTTNXjxbLFpoN8bi2qWA/wSe1gVx8jWHNDf5Ugbg3JYktTjTCPi1RiIenwhtJxMd
MeN2IxOF1EZNbN51Mie/K8lfS7BtyHQfDcqiUE+a4LavZ8uzmC18xVXUkieTE3B+
XdLPlFYVXHNlcQ==
-----END CERTIFICATE-----