Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft
File:                     AFA0jPYGQvVOyQck3niqoD3NOOE.mft (raw, json)
Hash identifier:          Lrz5rYSxUVJ08awaEGgld1EIK3Vw+oHFOxYz+oojTkU=
Subject key identifier:   A4:1C:15:6A:27:70:F4:F2:15:20:3F:06:8D:BA:CA:6A:92:C4:73:54
Authority key identifier: 00:50:34:8C:F6:06:42:F5:4E:C9:07:24:DE:78:AA:A0:3D:CD:38:E1
Certificate issuer:       /CN=0050348cf60642f54ec90724de78aaa03dcd38e1
Certificate serial:       019CA97CA9EA45130871ABE547C72C3C8F24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AFA0jPYGQvVOyQck3niqoD3NOOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft
Manifest number:          0FF0
Signing time:             Sun 01 Mar 2026 13:00:45 +0000
Manifest this update:     Sun 01 Mar 2026 13:00:45 +0000
Manifest next update:     Mon 02 Mar 2026 13:00:45 +0000
Files and hashes:         1: AFA0jPYGQvVOyQck3niqoD3NOOE.crl (hash: 2g8in3XAVla7YUbhxjCN/Shf8Z/VnfIThj9qH5x9eZU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AFA0jPYGQvVOyQck3niqoD3NOOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a9:7c:a9:ea:45:13:08:71:ab:e5:47:c7:2c:3c:8f:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0050348cf60642f54ec90724de78aaa03dcd38e1
        Validity
            Not Before: Mar  1 13:00:45 2026 GMT
            Not After : Mar  2 13:00:45 2026 GMT
        Subject: CN=a41c156a2770f4f215203f068dbaca6a92c47354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:32:19:8a:ec:85:b6:f7:70:50:eb:7c:32:78:
                    f8:84:75:0d:a1:ba:64:b8:e0:36:0a:d2:f7:1c:79:
                    18:57:1b:fe:2a:ea:db:c4:b8:42:bc:df:c4:2f:8c:
                    ef:87:fa:39:92:8a:21:2b:97:26:18:27:c9:80:5a:
                    f1:78:49:aa:ea:0e:04:3d:a6:23:ca:82:6b:2e:9e:
                    d1:0e:52:db:49:f4:42:9e:d0:b7:1b:b6:61:f0:67:
                    cf:b0:a1:a8:c1:46:82:c6:f8:44:5c:ae:b4:e1:3e:
                    ef:ca:b7:24:53:9c:18:86:cf:03:98:eb:5f:70:d6:
                    01:47:0b:ef:01:2c:7d:97:93:30:6b:68:6c:4f:f0:
                    4f:4f:f6:40:de:3b:09:1f:07:44:72:00:f5:f6:1f:
                    1d:cb:d6:da:cb:c0:c4:ef:47:7d:c9:b0:6c:45:29:
                    4f:0f:88:ed:d9:93:d8:3c:e0:c1:a0:73:51:2b:4a:
                    5e:36:ec:68:dc:d2:79:6e:85:94:bc:ab:49:4f:ac:
                    fa:0a:c2:50:2c:f8:be:51:93:a5:1e:e9:10:8a:73:
                    00:fc:31:5a:3d:f4:93:15:21:c8:12:82:58:7b:20:
                    33:d5:34:44:c8:45:c9:92:e2:44:f8:81:26:ac:46:
                    88:96:a7:48:63:55:32:a2:e8:ad:b8:dd:aa:e5:16:
                    ec:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:1C:15:6A:27:70:F4:F2:15:20:3F:06:8D:BA:CA:6A:92:C4:73:54
            X509v3 Authority Key Identifier:
                keyid:00:50:34:8C:F6:06:42:F5:4E:C9:07:24:DE:78:AA:A0:3D:CD:38:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AFA0jPYGQvVOyQck3niqoD3NOOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         26:af:78:64:5d:b7:0f:d3:b8:82:ca:1f:7c:b0:51:f2:f0:4f:
         a4:c7:65:c3:dc:57:77:ec:8e:ea:bd:4e:2a:b0:90:9f:31:32:
         ee:32:d4:89:93:45:88:25:15:19:89:5a:2f:92:54:94:e2:fe:
         e8:10:74:78:8e:fb:5c:23:61:2b:7a:89:be:c5:dc:67:ac:3c:
         0d:f7:4b:a6:25:3f:22:b3:cb:50:9c:36:c4:f3:fa:5b:56:fd:
         53:87:0a:e0:c1:04:85:b4:de:67:f1:a5:bd:3c:22:94:a2:b3:
         c0:12:b6:28:ad:92:36:ac:36:57:0e:12:74:72:41:7b:fb:d1:
         f2:4b:35:7e:d0:af:0f:40:2c:8c:d2:6e:d2:13:1a:d1:d8:83:
         01:ca:a1:05:a6:94:c3:c1:d3:70:5a:87:5c:89:b8:79:75:e5:
         00:10:34:43:f2:78:3c:a6:ca:43:54:5a:c7:c8:01:5f:58:31:
         48:b5:93:ee:8d:de:f7:91:2b:6a:f2:09:15:6e:72:c2:b2:05:
         9f:37:ca:e4:e5:77:ba:61:18:26:75:b9:27:0f:b5:94:c1:ee:
         ff:92:bc:67:ac:65:3f:a4:7a:31:86:7e:17:29:19:5a:e2:54:
         80:e1:31:0a:0b:ca:49:52:f2:7e:fe:68:9a:c1:62:37:3d:f1:
         81:2b:0b:1f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZypfKnqRRMIcavlR8csPI8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNTAzNDhjZjYwNjQyZjU0ZWM5MDcyNGRlNzhhYWEwM2Rj
ZDM4ZTEwHhcNMjYwMzAxMTMwMDQ1WhcNMjYwMzAyMTMwMDQ1WjAzMTEwLwYDVQQD
EyhhNDFjMTU2YTI3NzBmNGYyMTUyMDNmMDY4ZGJhY2E2YTkyYzQ3MzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zIZiuyFtvdwUOt8Mnj4hHUNobpk
uOA2CtL3HHkYVxv+KurbxLhCvN/EL4zvh/o5koohK5cmGCfJgFrxeEmq6g4EPaYj
yoJrLp7RDlLbSfRCntC3G7Zh8GfPsKGowUaCxvhEXK604T7vyrckU5wYhs8DmOtf
cNYBRwvvASx9l5Mwa2hsT/BPT/ZA3jsJHwdEcgD19h8dy9bay8DE70d9ybBsRSlP
D4jt2ZPYPODBoHNRK0peNuxo3NJ5boWUvKtJT6z6CsJQLPi+UZOlHukQinMA/DFa
PfSTFSHIEoJYeyAz1TREyEXJkuJE+IEmrEaIlqdIY1UyouituN2q5RbsWQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKQcFWoncPTyFSA/Bo26ymqSxHNUMB8GA1UdIwQY
MBaAFABQNIz2BkL1TskHJN54qqA9zTjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZBMGpQWUdRdlZPeVFjazNuaXFvRDNOT09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9mMTI0YjItNDc0ZS00NWEwLWI3M2Et
ZTU0YjA2YTkzNTI2LzEvQUZBMGpQWUdRdlZPeVFjazNuaXFvRDNOT09FLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9mMTI0YjItNDc0ZS00NWEwLWI3M2EtZTU0YjA2YTkzNTI2
LzEvQUZBMGpQWUdRdlZPeVFjazNuaXFvRDNOT09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAJq94ZF23
D9O4gsoffLBR8vBPpMdlw9xXd+yO6r1OKrCQnzEy7jLUiZNFiCUVGYlaL5JUlOL+
6BB0eI77XCNhK3qJvsXcZ6w8DfdLpiU/IrPLUJw2xPP6W1b9U4cK4MEEhbTeZ/Gl
vTwilKKzwBK2KK2SNqw2Vw4SdHJBe/vR8ks1ftCvD0AsjNJu0hMa0diDAcqhBaaU
w8HTcFqHXIm4eXXlABA0Q/J4PKbKQ1Rax8gBX1gxSLWT7o3e95EravIJFW5ywrIF
nzfK5OV3umEYJnW5Jw+1lMHu/5K8Z6xlP6R6MYZ+FykZWuJUgOExCgvKSVLyfv5o
msFiNz3xgSsLHw==
-----END CERTIFICATE-----