Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/cbe005-2689-4379-9a7e-a50e32de0823/1/xIzPWOSy4trdSoSDPAZ87iuXRek.mft
File:                     xIzPWOSy4trdSoSDPAZ87iuXRek.mft (raw, json)
Hash identifier:          JgIwIcY1UzSxKfqGsyflBvW8OjAbWjmoM+vB9wjcBC8=
Subject key identifier:   1C:70:E1:C5:F8:AB:B9:40:0D:CC:FF:7F:4B:87:37:DA:DC:60:B2:8C
Authority key identifier: C4:8C:CF:58:E4:B2:E2:DA:DD:4A:84:83:3C:06:7C:EE:2B:97:45:E9
Certificate issuer:       /CN=c48ccf58e4b2e2dadd4a84833c067cee2b9745e9
Certificate serial:       019D9A3EC414EC6CC6959CBCAF191730F85F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xIzPWOSy4trdSoSDPAZ87iuXRek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/cbe005-2689-4379-9a7e-a50e32de0823/1/xIzPWOSy4trdSoSDPAZ87iuXRek.mft
Manifest number:          0AF1
Signing time:             Fri 17 Apr 2026 07:01:37 +0000
Manifest this update:     Fri 17 Apr 2026 07:01:37 +0000
Manifest next update:     Sat 18 Apr 2026 07:01:37 +0000
Files and hashes:         1: xIzPWOSy4trdSoSDPAZ87iuXRek.crl (hash: mJLv/imVM0PczZyiIbnHuZOhJnx+BEkV5AWZdhbOUss=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/cbe005-2689-4379-9a7e-a50e32de0823/1/xIzPWOSy4trdSoSDPAZ87iuXRek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/cbe005-2689-4379-9a7e-a50e32de0823/1/xIzPWOSy4trdSoSDPAZ87iuXRek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xIzPWOSy4trdSoSDPAZ87iuXRek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:3e:c4:14:ec:6c:c6:95:9c:bc:af:19:17:30:f8:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c48ccf58e4b2e2dadd4a84833c067cee2b9745e9
        Validity
            Not Before: Apr 17 07:01:37 2026 GMT
            Not After : Apr 18 07:01:37 2026 GMT
        Subject: CN=1c70e1c5f8abb9400dccff7f4b8737dadc60b28c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d3:e8:cc:bd:7b:b8:07:48:36:e9:0d:0d:29:
                    04:dd:57:85:e8:00:a6:13:08:50:35:34:c8:1b:9a:
                    22:ec:d9:92:94:d3:8f:9f:65:1b:14:57:83:33:3f:
                    8e:da:53:da:05:b1:60:eb:3c:fd:10:e8:8f:31:34:
                    61:c0:ec:b8:a7:85:75:9e:99:05:eb:e2:d9:28:fd:
                    f7:ec:83:ba:c2:03:db:3a:7e:e3:50:46:a2:7c:0d:
                    ea:bb:44:9d:c6:db:96:c4:57:77:07:0c:b3:70:c4:
                    60:8f:44:02:44:c1:6c:4a:cd:39:1e:37:0b:68:d9:
                    ae:44:f9:c9:ac:64:6e:3d:4c:ff:33:70:d2:b4:5c:
                    06:91:5a:01:03:98:65:c5:77:80:0d:72:74:fb:0b:
                    e0:ec:99:a3:3e:a8:83:3b:04:64:53:dd:ae:a5:0f:
                    3a:87:f5:39:7c:56:ae:55:1f:55:f2:4c:ab:e6:bd:
                    37:ed:a6:ff:34:90:fa:9d:11:b3:8e:cd:33:34:32:
                    5b:0b:2c:f5:a7:50:f0:9c:59:34:22:cf:4a:ea:5f:
                    84:f8:29:19:05:02:aa:15:ab:c3:e7:f3:91:dc:e2:
                    52:30:e9:02:dc:63:14:07:93:71:93:7a:7a:c9:18:
                    b1:e4:e6:08:81:80:37:86:a3:49:e5:7f:e2:31:cb:
                    74:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:70:E1:C5:F8:AB:B9:40:0D:CC:FF:7F:4B:87:37:DA:DC:60:B2:8C
            X509v3 Authority Key Identifier:
                keyid:C4:8C:CF:58:E4:B2:E2:DA:DD:4A:84:83:3C:06:7C:EE:2B:97:45:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xIzPWOSy4trdSoSDPAZ87iuXRek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/cbe005-2689-4379-9a7e-a50e32de0823/1/xIzPWOSy4trdSoSDPAZ87iuXRek.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/cbe005-2689-4379-9a7e-a50e32de0823/1/xIzPWOSy4trdSoSDPAZ87iuXRek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         14:c9:74:d4:75:b6:3e:3c:ac:9f:5d:be:b0:54:4c:39:d3:7c:
         44:85:bc:b7:f1:64:66:e4:6e:b0:30:02:57:73:5a:d6:b9:2f:
         a6:96:14:15:e3:74:6d:d3:21:41:84:86:b4:79:b0:5c:52:99:
         af:c4:35:54:61:27:a5:b5:f2:86:29:8d:25:99:8a:3f:b2:b3:
         c5:d7:c8:90:fc:f1:db:75:5f:19:ab:5b:f5:52:08:54:da:43:
         2d:e3:33:5d:0a:f8:a9:dd:14:3e:01:86:8b:dc:65:34:61:2a:
         a8:ac:66:b4:a1:ca:2d:8b:a8:77:1f:b9:20:5d:73:55:1e:03:
         7c:b5:e7:bf:3a:f1:69:42:39:5d:b7:f1:5a:05:e4:05:23:4e:
         50:b0:1e:1f:22:5c:83:84:91:c3:7f:f7:e4:df:83:e6:be:45:
         28:6d:4d:44:50:e6:27:3e:e9:db:56:94:c1:1d:01:48:79:ec:
         c4:2c:12:11:da:d6:9e:00:26:3c:fb:a4:e0:14:a6:a2:60:37:
         4c:e5:b0:a3:93:ce:f7:9e:23:e4:f1:76:02:aa:e2:26:ba:88:
         3d:e2:bc:7b:09:80:ea:90:19:cc:69:63:4f:01:e8:f7:47:b8:
         57:35:cc:25:00:84:4d:ec:25:7e:84:75:57:90:f3:6f:e5:0e:
         ef:81:54:1b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ2aPsQU7GzGlZy8rxkXMPhfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0OGNjZjU4ZTRiMmUyZGFkZDRhODQ4MzNjMDY3Y2VlMmI5
NzQ1ZTkwHhcNMjYwNDE3MDcwMTM3WhcNMjYwNDE4MDcwMTM3WjAzMTEwLwYDVQQD
EygxYzcwZTFjNWY4YWJiOTQwMGRjY2ZmN2Y0Yjg3MzdkYWRjNjBiMjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9PozL17uAdINukNDSkE3VeF6ACm
EwhQNTTIG5oi7NmSlNOPn2UbFFeDMz+O2lPaBbFg6zz9EOiPMTRhwOy4p4V1npkF
6+LZKP337IO6wgPbOn7jUEaifA3qu0SdxtuWxFd3BwyzcMRgj0QCRMFsSs05HjcL
aNmuRPnJrGRuPUz/M3DStFwGkVoBA5hlxXeADXJ0+wvg7JmjPqiDOwRkU92upQ86
h/U5fFauVR9V8kyr5r037ab/NJD6nRGzjs0zNDJbCyz1p1DwnFk0Is9K6l+E+CkZ
BQKqFavD5/OR3OJSMOkC3GMUB5Nxk3p6yRix5OYIgYA3hqNJ5X/iMct0HwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBxw4cX4q7lADcz/f0uHN9rcYLKMMB8GA1UdIwQY
MBaAFMSMz1jksuLa3UqEgzwGfO4rl0XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEl6UFdPU3k0dHJkU29TRFBBWjg3aXVYUmVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9jYmUwMDUtMjY4OS00Mzc5LTlhN2Ut
YTUwZTMyZGUwODIzLzEveEl6UFdPU3k0dHJkU29TRFBBWjg3aXVYUmVrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9jYmUwMDUtMjY4OS00Mzc5LTlhN2UtYTUwZTMyZGUwODIz
LzEveEl6UFdPU3k0dHJkU29TRFBBWjg3aXVYUmVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFMl01HW2
Pjysn12+sFRMOdN8RIW8t/FkZuRusDACV3Na1rkvppYUFeN0bdMhQYSGtHmwXFKZ
r8Q1VGEnpbXyhimNJZmKP7KzxdfIkPzx23VfGatb9VIIVNpDLeMzXQr4qd0UPgGG
i9xlNGEqqKxmtKHKLYuodx+5IF1zVR4DfLXnvzrxaUI5XbfxWgXkBSNOULAeHyJc
g4SRw3/35N+D5r5FKG1NRFDmJz7p21aUwR0BSHnsxCwSEdrWngAmPPuk4BSmomA3
TOWwo5PO954j5PF2AqriJrqIPeK8ewmA6pAZzGljTwHo90e4VzXMJQCETewlfoR1
V5Dzb+UO74FUGw==
-----END CERTIFICATE-----