Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/b11584-19e9-453f-84c7-56c2a44d1878/1/r89alhpnpvrt_v2PKluD8mg3WYQ.mft
File:                     r89alhpnpvrt_v2PKluD8mg3WYQ.mft (raw, json)
Hash identifier:          cdZG+s/UAJ+hO3qkRFM5qO0qEcO89w7E1xxs+1rDG1Q=
Subject key identifier:   F8:BA:05:B2:DF:0E:96:04:29:42:0B:1D:F1:F7:29:B9:8F:DC:F5:10
Authority key identifier: AF:CF:5A:96:1A:67:A6:FA:ED:FE:FD:8F:2A:5B:83:F2:68:37:59:84
Certificate issuer:       /CN=afcf5a961a67a6faedfefd8f2a5b83f268375984
Certificate serial:       019D99CFE38D8D24036770E6F8DA311FA7AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r89alhpnpvrt_v2PKluD8mg3WYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/b11584-19e9-453f-84c7-56c2a44d1878/1/r89alhpnpvrt_v2PKluD8mg3WYQ.mft
Manifest number:          0533
Signing time:             Fri 17 Apr 2026 05:00:31 +0000
Manifest this update:     Fri 17 Apr 2026 05:00:31 +0000
Manifest next update:     Sat 18 Apr 2026 05:00:31 +0000
Files and hashes:         1: r89alhpnpvrt_v2PKluD8mg3WYQ.crl (hash: q4YFp6Zzdd7R2kHQ9hSwCuZci+Uma0p6vjp2z/PU53M=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/b11584-19e9-453f-84c7-56c2a44d1878/1/r89alhpnpvrt_v2PKluD8mg3WYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/b11584-19e9-453f-84c7-56c2a44d1878/1/r89alhpnpvrt_v2PKluD8mg3WYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r89alhpnpvrt_v2PKluD8mg3WYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:99:cf:e3:8d:8d:24:03:67:70:e6:f8:da:31:1f:a7:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afcf5a961a67a6faedfefd8f2a5b83f268375984
        Validity
            Not Before: Apr 17 05:00:31 2026 GMT
            Not After : Apr 18 05:00:31 2026 GMT
        Subject: CN=f8ba05b2df0e960429420b1df1f729b98fdcf510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b2:1d:71:48:be:a8:f4:38:e4:3e:af:79:48:
                    be:0d:c9:69:52:c3:95:19:17:45:f1:b8:5c:9d:8f:
                    a3:25:cb:40:d0:38:ca:4b:5a:8d:81:5a:f7:cd:d3:
                    0f:82:3e:db:95:b3:be:2f:05:82:18:0b:3e:e2:a4:
                    76:dd:ca:a5:bb:42:28:b5:10:dd:7e:56:73:2e:c1:
                    62:6d:38:f2:dc:60:b6:cf:f2:2c:c2:9a:ba:5e:49:
                    b7:cf:24:27:86:97:cf:b2:07:45:57:91:49:57:8b:
                    d0:a5:44:78:ed:ba:30:02:79:f6:be:e3:a0:b3:f7:
                    1b:a3:fe:29:76:74:7c:2d:97:24:49:80:bd:ad:00:
                    22:36:88:30:86:85:29:b0:1a:e3:92:50:4f:91:d3:
                    bc:e7:84:36:5c:88:87:14:8e:b4:b4:f0:5f:34:cb:
                    a9:f7:49:0c:28:91:d3:8e:29:94:5c:ee:2f:55:e1:
                    55:64:19:a3:ea:8c:53:0f:41:19:b5:4b:5d:1b:7d:
                    82:2e:6d:42:c7:ef:20:1f:6b:d9:ce:bc:db:db:0d:
                    6b:47:c5:14:2c:ad:ea:a4:01:f9:a5:3d:f4:a6:a8:
                    7f:66:88:cd:fa:ce:60:7a:2c:b7:5f:59:c5:4f:0c:
                    a3:7f:71:ef:b4:23:90:b3:9a:37:ee:a6:70:30:b5:
                    1f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BA:05:B2:DF:0E:96:04:29:42:0B:1D:F1:F7:29:B9:8F:DC:F5:10
            X509v3 Authority Key Identifier:
                keyid:AF:CF:5A:96:1A:67:A6:FA:ED:FE:FD:8F:2A:5B:83:F2:68:37:59:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r89alhpnpvrt_v2PKluD8mg3WYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b11584-19e9-453f-84c7-56c2a44d1878/1/r89alhpnpvrt_v2PKluD8mg3WYQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b11584-19e9-453f-84c7-56c2a44d1878/1/r89alhpnpvrt_v2PKluD8mg3WYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6c:2d:09:ae:a1:91:67:f0:6c:ae:c4:a3:c9:47:83:51:8c:c7:
         d2:5a:d3:9c:1c:0c:b6:a7:38:7a:8c:de:c9:71:ce:38:d2:c8:
         e0:ba:3c:b9:d2:45:f0:ff:ab:9b:66:56:c4:5a:fe:c8:41:74:
         0f:cc:9c:73:bf:72:79:0b:92:4b:6d:80:b1:05:9e:37:bb:d6:
         78:a9:d6:ae:05:c0:e5:8a:52:46:6c:80:6a:00:eb:b5:8c:83:
         26:0a:69:95:e5:0c:b4:82:cc:75:80:d8:42:9b:16:52:c1:6d:
         5e:72:71:ca:b3:16:91:b7:ad:9f:1a:72:b0:85:54:a9:3c:ca:
         d2:a3:0a:6d:91:7b:42:4c:3f:32:e2:81:e6:d9:75:a5:de:67:
         23:1f:40:04:d7:c5:33:41:e3:83:94:83:76:67:5d:8c:bf:1c:
         8f:ba:45:3b:96:de:cd:59:ad:cd:f9:26:34:b6:07:f2:87:92:
         ae:22:fc:49:67:77:39:4d:fb:af:02:47:1c:2e:f7:bd:ea:77:
         34:2e:34:52:70:94:31:78:40:8a:e9:e3:b0:d7:a3:b5:8e:e1:
         42:ba:5d:ad:ad:92:f8:27:e6:3c:cd:07:f8:d6:48:37:c2:b2:
         d8:4f:01:1c:bf:6a:33:1a:dd:f7:48:91:c6:50:60:f6:65:8d:
         22:22:d6:3e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZ2Zz+ONjSQDZ3Dm+NoxH6euMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmY2Y1YTk2MWE2N2E2ZmFlZGZlZmQ4ZjJhNWI4M2YyNjgz
NzU5ODQwHhcNMjYwNDE3MDUwMDMxWhcNMjYwNDE4MDUwMDMxWjAzMTEwLwYDVQQD
EyhmOGJhMDViMmRmMGU5NjA0Mjk0MjBiMWRmMWY3MjliOThmZGNmNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrIdcUi+qPQ45D6veUi+DclpUsOV
GRdF8bhcnY+jJctA0DjKS1qNgVr3zdMPgj7blbO+LwWCGAs+4qR23cqlu0IotRDd
flZzLsFibTjy3GC2z/Iswpq6Xkm3zyQnhpfPsgdFV5FJV4vQpUR47bowAnn2vuOg
s/cbo/4pdnR8LZckSYC9rQAiNogwhoUpsBrjklBPkdO854Q2XIiHFI60tPBfNMup
90kMKJHTjimUXO4vVeFVZBmj6oxTD0EZtUtdG32CLm1Cx+8gH2vZzrzb2w1rR8UU
LK3qpAH5pT30pqh/ZojN+s5geiy3X1nFTwyjf3HvtCOQs5o37qZwMLUfZQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPi6BbLfDpYEKUILHfH3KbmP3PUQMB8GA1UdIwQY
MBaAFK/PWpYaZ6b67f79jypbg/JoN1mEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjg5YWxocG5wdnJ0X3YyUEtsdUQ4bWczV1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iMTE1ODQtMTllOS00NTNmLTg0Yzct
NTZjMmE0NGQxODc4LzEvcjg5YWxocG5wdnJ0X3YyUEtsdUQ4bWczV1lRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iMTE1ODQtMTllOS00NTNmLTg0YzctNTZjMmE0NGQxODc4
LzEvcjg5YWxocG5wdnJ0X3YyUEtsdUQ4bWczV1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAbC0JrqGR
Z/BsrsSjyUeDUYzH0lrTnBwMtqc4eozeyXHOONLI4Lo8udJF8P+rm2ZWxFr+yEF0
D8ycc79yeQuSS22AsQWeN7vWeKnWrgXA5YpSRmyAagDrtYyDJgppleUMtILMdYDY
QpsWUsFtXnJxyrMWkbetnxpysIVUqTzK0qMKbZF7Qkw/MuKB5tl1pd5nIx9ABNfF
M0Hjg5SDdmddjL8cj7pFO5bezVmtzfkmNLYH8oeSriL8SWd3OU37rwJHHC73vep3
NC40UnCUMXhAiunjsNejtY7hQrpdra2S+CfmPM0H+NZIN8Ky2E8BHL9qMxrd90iR
xlBg9mWNIiLWPg==
-----END CERTIFICATE-----