Manifest
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.mft
File: 1OKXHl2BaclArwINsCe-2tiZFZA.mft (raw, json)
Hash identifier: G3WsO5C9FVaiQUT3HkuD3sykpC5TK7TLP4Tuk/SFyCc=
Subject key identifier: 30:09:E0:8B:39:EB:30:5C:33:BA:ED:84:0B:C5:3C:41:BD:3C:79:70
Authority key identifier: D4:E2:97:1E:5D:81:69:C9:40:AF:02:0D:B0:27:BE:DA:D8:99:15:90
Certificate issuer: /CN=d4e2971e5d8169c940af020db027bedad8991590
Certificate serial: 019A4DAAB9B1F4B10FA2EEA06F089EE23C11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1OKXHl2BaclArwINsCe-2tiZFZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.mft
Manifest number: 1710
Signing time: Tue 04 Nov 2025 07:00:25 +0000
Manifest this update: Tue 04 Nov 2025 07:00:25 +0000
Manifest next update: Wed 05 Nov 2025 07:00:25 +0000
Files and hashes: 1: 1OKXHl2BaclArwINsCe-2tiZFZA.crl (hash: iHwDxlGuEvNpmeKc3DNqdijjMAy9NuKwBoLZ4XvlcZI=)
2: JSqJ02JsxZMyq1FZ1Ds1WnAXfzM.roa (hash: FrjQUqzgc9bbbA26gpxWpuyB85Zjnu+GzKv9yBO8vww=)
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.mft
rsync://rpki.ripe.net/repository/DEFAULT/1OKXHl2BaclArwINsCe-2tiZFZA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 07:00:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4d:aa:b9:b1:f4:b1:0f:a2:ee:a0:6f:08:9e:e2:3c:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4e2971e5d8169c940af020db027bedad8991590
Validity
Not Before: Nov 4 07:00:25 2025 GMT
Not After : Nov 5 07:00:25 2025 GMT
Subject: CN=3009e08b39eb305c33baed840bc53c41bd3c7970
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:87:41:63:e5:0c:34:62:6b:b0:99:54:47:da:
44:2b:2c:3f:8f:e3:ef:4c:84:dc:e6:8c:dc:c9:c3:
68:32:2b:ce:54:84:e2:d6:5b:05:71:1a:dd:df:6e:
77:72:9a:bd:83:6a:bf:f6:65:9f:40:e6:88:69:4a:
f1:aa:6f:97:7b:f9:f8:c0:38:3a:e8:2e:69:8d:0c:
3f:a2:cc:58:ee:2f:41:4c:05:4d:52:2e:1e:97:72:
48:84:ac:3c:d4:ab:01:88:1f:ed:ad:cc:40:65:33:
e8:1c:72:67:ad:6f:bf:5c:6f:e4:06:dd:1f:fb:be:
a0:db:c7:51:2c:c3:2d:a4:7d:c5:2a:35:7e:b3:1a:
d3:7d:0e:c1:72:a5:72:4b:60:a1:8d:d7:6f:d0:54:
e5:73:94:c3:93:52:86:10:3a:77:87:5d:43:ff:90:
d8:f0:f5:de:c4:a5:82:ec:39:17:7d:66:5b:ab:28:
a7:3f:91:63:9a:f9:21:2f:e5:4d:01:1b:a6:37:d6:
bb:5e:47:b1:98:8e:73:26:40:da:22:98:eb:e0:ca:
7e:7a:32:a8:09:37:c9:ae:aa:b4:39:28:9b:3d:af:
7c:8b:17:fa:58:d4:bc:d4:3b:b7:a8:2f:12:73:56:
7c:46:9d:02:13:f3:b5:dd:9c:72:02:73:ee:98:a9:
0f:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:09:E0:8B:39:EB:30:5C:33:BA:ED:84:0B:C5:3C:41:BD:3C:79:70
X509v3 Authority Key Identifier:
keyid:D4:E2:97:1E:5D:81:69:C9:40:AF:02:0D:B0:27:BE:DA:D8:99:15:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1OKXHl2BaclArwINsCe-2tiZFZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.mft
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4: inherit
IPv6: inherit
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
inherit
Signature Algorithm: sha256WithRSAEncryption
64:16:15:03:72:00:9c:b2:85:2b:0f:eb:94:9f:ef:dc:5a:ca:
4e:80:48:12:4c:db:98:91:20:f0:ec:db:63:4d:10:76:a4:1a:
45:0f:9d:05:e3:78:73:f4:a9:d9:2b:92:19:8d:0a:a2:bc:8b:
3c:08:7c:ea:f7:b9:6c:00:e1:d2:50:57:00:1d:75:ec:19:f1:
de:61:29:cc:7e:c6:47:9b:22:99:3a:1e:84:f1:e1:09:f1:ab:
a9:0b:cf:2e:5d:ca:38:03:3f:09:b1:ce:b3:dc:e5:f5:c1:5a:
3e:6a:d8:05:3e:40:a3:34:5f:03:1f:5e:ad:87:01:be:b8:44:
58:0c:f7:d4:11:19:b8:73:4f:89:c1:b5:59:36:f3:5f:3b:e4:
81:b1:54:9f:d5:a0:36:06:f7:a0:54:09:1a:7d:bb:54:0d:15:
04:68:01:b9:b3:d4:1f:c5:a6:3e:92:26:b9:b7:75:b1:75:de:
7f:58:0e:5a:29:05:31:e1:3e:e3:0c:00:06:1d:6a:a4:1f:18:
60:06:98:16:cf:e9:6e:e6:57:9d:3a:db:56:0c:d3:02:ee:1b:
85:68:7c:2f:40:2a:a9:30:1a:ae:d9:56:5c:59:ac:d9:40:6a:
9a:af:3f:be:ee:2f:3a:74:b3:7b:ef:75:1e:b3:d0:90:4c:d2:
0e:66:5c:9b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpNqrmx9LEPou6gbwie4jwRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZTI5NzFlNWQ4MTY5Yzk0MGFmMDIwZGIwMjdiZWRhZDg5
OTE1OTAwHhcNMjUxMTA0MDcwMDI1WhcNMjUxMTA1MDcwMDI1WjAzMTEwLwYDVQQD
EygzMDA5ZTA4YjM5ZWIzMDVjMzNiYWVkODQwYmM1M2M0MWJkM2M3OTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4dBY+UMNGJrsJlUR9pEKyw/j+Pv
TITc5ozcycNoMivOVITi1lsFcRrd3253cpq9g2q/9mWfQOaIaUrxqm+Xe/n4wDg6
6C5pjQw/osxY7i9BTAVNUi4el3JIhKw81KsBiB/trcxAZTPoHHJnrW+/XG/kBt0f
+76g28dRLMMtpH3FKjV+sxrTfQ7BcqVyS2Chjddv0FTlc5TDk1KGEDp3h11D/5DY
8PXexKWC7DkXfWZbqyinP5FjmvkhL+VNARumN9a7XkexmI5zJkDaIpjr4Mp+ejKo
CTfJrqq0OSibPa98ixf6WNS81Du3qC8Sc1Z8Rp0CE/O13ZxyAnPumKkPlwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDAJ4Is56zBcM7rthAvFPEG9PHlwMB8GA1UdIwQY
MBaAFNTilx5dgWnJQK8CDbAnvtrYmRWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU9LWEhsMkJhY2xBcndJTnNDZS0ydGlaRlpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80NzhhZWEtNmI5NC00OWEzLWFhN2Yt
MTg5NDkwZDYwZWE2LzEvMU9LWEhsMkJhY2xBcndJTnNDZS0ydGlaRlpBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80NzhhZWEtNmI5NC00OWEzLWFhN2YtMTg5NDkwZDYwZWE2
LzEvMU9LWEhsMkJhY2xBcndJTnNDZS0ydGlaRlpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZBYVA3IA
nLKFKw/rlJ/v3FrKToBIEkzbmJEg8OzbY00QdqQaRQ+dBeN4c/Sp2SuSGY0KoryL
PAh86ve5bADh0lBXAB117Bnx3mEpzH7GR5simToehPHhCfGrqQvPLl3KOAM/CbHO
s9zl9cFaPmrYBT5AozRfAx9erYcBvrhEWAz31BEZuHNPicG1WTbzXzvkgbFUn9Wg
Ngb3oFQJGn27VA0VBGgBubPUH8WmPpImubd1sXXef1gOWikFMeE+4wwABh1qpB8Y
YAaYFs/pbuZXnTrbVgzTAu4bhWh8L0AqqTAartlWXFms2UBqmq8/vu4vOnSze+91
HrPQkEzSDmZcmw==
-----END CERTIFICATE-----
Generated at Tue Nov 4 14:53:39 2025 by rpki-client