Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft
File:                     YhcForItk4GoI8l5xvTnc0I1I20.mft (raw, json)
Hash identifier:          g+KznnhoBPhnmKRyylqMxyBxOQvM5iRtmP0t6ZogFGE=
Subject key identifier:   2A:F4:94:7B:E0:CE:99:95:2C:0C:49:02:F9:5B:9E:8C:0A:14:59:4D
Authority key identifier: 62:17:05:A2:B2:2D:93:81:A8:23:C9:79:C6:F4:E7:73:42:35:23:6D
Certificate issuer:       /CN=621705a2b22d9381a823c979c6f4e7734235236d
Certificate serial:       019CAA590D724E44D8BC0950DDFA5804986B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhcForItk4GoI8l5xvTnc0I1I20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft
Manifest number:          1127
Signing time:             Sun 01 Mar 2026 17:01:28 +0000
Manifest this update:     Sun 01 Mar 2026 17:01:28 +0000
Manifest next update:     Mon 02 Mar 2026 17:01:28 +0000
Files and hashes:         1: YhcForItk4GoI8l5xvTnc0I1I20.crl (hash: SzvOr0qiH5+bhYegvTg9IO1yBVBJ5dLl1oic8hKADjo=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhcForItk4GoI8l5xvTnc0I1I20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:aa:59:0d:72:4e:44:d8:bc:09:50:dd:fa:58:04:98:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621705a2b22d9381a823c979c6f4e7734235236d
        Validity
            Not Before: Mar  1 17:01:28 2026 GMT
            Not After : Mar  2 17:01:28 2026 GMT
        Subject: CN=2af4947be0ce99952c0c4902f95b9e8c0a14594d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f2:17:e2:bd:2f:90:f5:6e:52:a2:ea:15:ef:
                    34:62:88:79:ff:09:a9:96:73:8d:bc:18:d9:81:3e:
                    f5:bf:c5:c0:87:21:46:a4:ad:21:bf:50:9e:aa:1c:
                    15:98:ef:36:dd:88:49:47:d8:2a:f5:38:2d:2c:d1:
                    75:66:34:0a:cf:52:25:63:b0:2e:81:73:60:b4:40:
                    76:1e:f9:6e:4b:d4:16:21:89:d2:27:b5:52:27:09:
                    e4:ea:4b:fd:c2:d5:1f:49:6c:b6:0c:b4:1c:a1:e4:
                    b3:6b:a9:fe:20:03:e2:3b:f9:cf:22:16:bb:b8:39:
                    bb:2a:4e:07:38:cb:2e:20:d6:b7:94:61:b0:96:a5:
                    f4:ac:38:4b:9f:b5:1b:a7:64:1c:11:69:24:56:27:
                    4c:d5:91:58:2e:80:38:1c:bf:19:89:d2:67:28:12:
                    73:ff:53:50:be:12:ec:8a:0a:fb:2e:b6:6b:aa:35:
                    84:70:41:5e:f0:21:8c:6c:b2:97:67:70:76:ea:5c:
                    ec:e1:37:fb:c0:16:cf:20:bf:49:ff:25:5b:d7:d9:
                    c7:d7:ba:1a:a2:42:a5:a1:20:6f:e5:ce:8a:eb:55:
                    b6:ca:2e:e2:55:49:af:f2:1b:da:9f:99:91:7e:dc:
                    e4:30:a7:72:58:4c:de:6c:41:3d:2b:6a:56:96:ea:
                    ca:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:F4:94:7B:E0:CE:99:95:2C:0C:49:02:F9:5B:9E:8C:0A:14:59:4D
            X509v3 Authority Key Identifier:
                keyid:62:17:05:A2:B2:2D:93:81:A8:23:C9:79:C6:F4:E7:73:42:35:23:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhcForItk4GoI8l5xvTnc0I1I20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/c9234d-e133-4194-84ac-71a39db88a23/1/YhcForItk4GoI8l5xvTnc0I1I20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         b7:5a:bb:b2:0b:c4:6d:a8:6f:34:65:a0:da:b0:a8:2e:a0:fa:
         de:75:b8:fe:8b:c6:73:19:05:38:a3:0c:f5:a1:db:4e:9d:b8:
         af:0e:5d:8c:2f:c8:26:3f:92:24:23:69:ad:49:bf:88:21:b5:
         b0:bc:16:b8:0e:2e:1d:58:4d:8c:70:45:25:b1:7d:cf:51:0c:
         af:f6:75:ec:16:0b:d0:d2:6b:4a:29:9a:00:c0:c4:dd:67:d9:
         de:94:01:f1:0c:3d:1c:0a:e6:8b:56:91:69:32:2d:e5:9d:72:
         e2:94:db:c7:a4:d8:06:e1:04:55:ca:c8:00:a9:b9:ba:a9:97:
         78:0f:9c:87:17:eb:49:3d:ca:05:ef:2b:9d:3b:d0:a8:a3:2f:
         5c:7c:db:f4:3e:2c:8f:76:9c:c4:67:85:78:b6:cb:8f:be:cc:
         24:ed:b3:16:c6:5e:69:69:1c:40:5d:b8:6b:70:bc:d6:bb:c1:
         0c:c3:d2:63:c3:a1:63:44:40:4f:c5:fd:98:e9:8c:07:e0:30:
         bc:ae:7c:a2:27:ae:f4:a2:c7:0c:09:0f:0b:7b:96:88:24:85:
         b6:a2:fb:76:9d:53:c1:72:11:17:72:7d:7a:81:87:e2:7c:2a:
         af:bd:04:f8:f6:54:30:d9:e0:17:24:e4:8a:4a:9d:6b:d7:cd:
         8c:41:4f:ca
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZyqWQ1yTkTYvAlQ3fpYBJhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTcwNWEyYjIyZDkzODFhODIzYzk3OWM2ZjRlNzczNDIz
NTIzNmQwHhcNMjYwMzAxMTcwMTI4WhcNMjYwMzAyMTcwMTI4WjAzMTEwLwYDVQQD
EygyYWY0OTQ3YmUwY2U5OTk1MmMwYzQ5MDJmOTViOWU4YzBhMTQ1OTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPIX4r0vkPVuUqLqFe80Yoh5/wmp
lnONvBjZgT71v8XAhyFGpK0hv1CeqhwVmO823YhJR9gq9TgtLNF1ZjQKz1IlY7Au
gXNgtEB2HvluS9QWIYnSJ7VSJwnk6kv9wtUfSWy2DLQcoeSza6n+IAPiO/nPIha7
uDm7Kk4HOMsuINa3lGGwlqX0rDhLn7Ubp2QcEWkkVidM1ZFYLoA4HL8ZidJnKBJz
/1NQvhLsigr7LrZrqjWEcEFe8CGMbLKXZ3B26lzs4Tf7wBbPIL9J/yVb19nH17oa
okKloSBv5c6K61W2yi7iVUmv8hvan5mRftzkMKdyWEzebEE9K2pWlurKPwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCr0lHvgzpmVLAxJAvlbnowKFFlNMB8GA1UdIwQY
MBaAFGIXBaKyLZOBqCPJecb053NCNSNtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhjRm9ySXRrNEdvSThsNXh2VG5jMEkxSTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9jOTIzNGQtZTEzMy00MTk0LTg0YWMt
NzFhMzlkYjg4YTIzLzEvWWhjRm9ySXRrNEdvSThsNXh2VG5jMEkxSTIwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9jOTIzNGQtZTEzMy00MTk0LTg0YWMtNzFhMzlkYjg4YTIz
LzEvWWhjRm9ySXRrNEdvSThsNXh2VG5jMEkxSTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAt1q7sgvE
bahvNGWg2rCoLqD63nW4/ovGcxkFOKMM9aHbTp24rw5djC/IJj+SJCNprUm/iCG1
sLwWuA4uHVhNjHBFJbF9z1EMr/Z17BYL0NJrSimaAMDE3WfZ3pQB8Qw9HArmi1aR
aTIt5Z1y4pTbx6TYBuEEVcrIAKm5uqmXeA+chxfrST3KBe8rnTvQqKMvXHzb9D4s
j3acxGeFeLbLj77MJO2zFsZeaWkcQF24a3C81rvBDMPSY8OhY0RAT8X9mOmMB+Aw
vK58oieu9KLHDAkPC3uWiCSFtqL7dp1TwXIRF3J9eoGH4nwqr70E+PZUMNngFyTk
ikqda9fNjEFPyg==
-----END CERTIFICATE-----