Manifest

$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
File:                     DC780D9935DABC701A4C4832B16C11D7743C399A.mft (raw, json)
Hash identifier:          hgKypLrL05sm8Os0TZQ+gqvKPFRwLkKvavCg+tGWvjE=
Subject key identifier:   46:D0:76:43:2C:97:CB:CF:47:BF:7F:28:EC:81:01:E4:85:8B:90:3A
Authority key identifier: DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A
Certificate issuer:       /CN=dc780d9935dabc701a4c4832b16c11d7743c399a
Certificate serial:       10FE9B4B914010FDF8588EA6AE924952D2817B2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
Subject info access:      rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
Manifest number:          0120
Signing time:             Sun 01 Mar 2026 16:52:41 +0000
Manifest this update:     Sun 01 Mar 2026 16:47:41 +0000
Manifest next update:     Mon 02 Mar 2026 16:59:41 +0000
Files and hashes:         1: 326130343a623930373a3a2f34382d3438203d3e2030.roa (hash: /xnxiOeZe4RUPZsXL0vjp7QXRGVs8BxZ08hPmiOocY8=)
                          2: 326130343a623930373a3a2f34372d3437203d3e20323131333231.roa (hash: eSgn8pAntXBevn2NWK+HjwLFj3TRH0aVr1zTI6ST4E0=)
                          3: 326130343a623930343a3a2f34382d3438203d3e20323131333231.roa (hash: XACd90ki63AXfGn+taSfXn0bg5k/VvTu6qRBsyyOiUc=)
                          4: 326130343a623930353a3a2f34382d3438203d3e203136353039.roa (hash: 2WLi+yTCoT6MxCiLFaQP7kK5t5x+CtSSj0mzxVLx03Y=)
                          5: C8623AA6C30FA8E058243708F5672D7960E52389.cer (hash: qDS/meVpMF7qgfPtayVFbWOCnAfvA9XikJALxZNw670=)
                          6: 3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa (hash: UL7yBA1F7ergECjM7xK45EYvQh4BIa6w098X6gj/00E=)
                          7: 326130343a623930323a3a2f34382d3438203d3e20323131333231.roa (hash: qdL0+PphZnX4cdypWsOWZjkH1FNw49MUNv/FrNDrY3s=)
                          8: 3138352e34392e3134322e302f32342d3234203d3e2030.roa (hash: OFYzxf950q78iFTJtOczlCYpNOX+DOEpFZuRWUO9N6w=)
                          9: 326130343a623930303a3a2f33302d3332203d3e2038353837.roa (hash: YouEGWqx2GG1gNyKDzMvqaRmGag9lv2eJQyjBwSYn9Y=)
                          10: 3138352e34392e3134302e302f32332d3233203d3e2038353837.roa (hash: bG62lXPn1Km32GF1V4Mpr+78+uhtW45az4faRRcPToY=)
                          11: DC780D9935DABC701A4C4832B16C11D7743C399A.crl (hash: DxXQZvfNzf+cbhLr8huCOHXK8mJMP0mPPuJ2zueVLdI=)
                          12: 326130343a623930343a373230303a3a2f34302d3430203d3e20323131333231.roa (hash: refEY6cMSdDY7cBVUX5w6R5vf51PxokJ+N8DMMimo3o=)
                          13: 326130343a623930363a3a2f34382d3438203d3e2030.roa (hash: rzyLuLQB2r5jFPz4ER372UgwfaN2meO05T5dDI5hqUg=)
                          14: 326130343a623930303a3a2f33302d3330203d3e2038353837.roa (hash: gYkRIFE7UL0cJEwnwxVcLo1Ut87kd9a2aqmOVqa5baI=)
                          15: 3138352e34392e3134322e302f32332d3233203d3e20323131333231.roa (hash: jR+qYDFgs1RFLmTf7rqpUDak54gW5tVDwGwUk/IhO4s=)
Validation:               OK
Signature path:           rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl
                          rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 16:59:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:fe:9b:4b:91:40:10:fd:f8:58:8e:a6:ae:92:49:52:d2:81:7b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc780d9935dabc701a4c4832b16c11d7743c399a
        Validity
            Not Before: Mar  1 16:47:41 2026 GMT
            Not After : Mar  2 16:59:41 2026 GMT
        Subject: CN=46D076432C97CBCF47BF7F28EC8101E4858B903A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f7:93:83:aa:1a:42:03:f3:b5:4b:15:90:50:
                    87:01:10:c0:9d:09:fd:06:12:ed:63:b6:29:15:3d:
                    12:af:25:d0:6a:e9:b3:d7:d8:3b:86:d5:bc:db:01:
                    3c:c8:d0:c1:c3:d2:6b:09:e4:88:7c:77:47:05:89:
                    e4:a2:2c:2e:ba:ed:e8:93:06:04:11:f2:4f:16:fe:
                    3a:c9:42:64:dd:d6:44:c9:bd:9a:a2:13:41:9b:19:
                    ca:7d:f1:a2:24:29:59:bd:16:a5:0c:f2:d0:87:6f:
                    16:09:5b:a6:a8:eb:00:42:55:60:0b:a6:7b:a2:cb:
                    1d:59:d0:4e:de:11:1a:31:7f:81:2b:dd:cb:bd:8b:
                    7a:ae:ab:8b:0a:4a:bd:dd:95:03:7a:b9:33:7d:3b:
                    14:d0:d1:f1:81:ad:e6:b1:34:1e:74:1e:d8:52:11:
                    b0:e4:d3:b4:52:2f:3d:8b:e5:b0:0f:9f:2e:20:14:
                    22:61:de:51:54:33:7d:63:4d:85:be:be:e4:62:8f:
                    5c:59:39:41:45:f2:1b:2b:ec:c0:72:b7:f7:a2:a1:
                    03:39:c8:67:bb:98:07:d9:02:f7:f6:89:94:3f:81:
                    c2:d3:41:96:73:1f:95:91:11:ea:1f:86:d3:a9:76:
                    4e:2e:32:b3:fd:cd:5a:10:d7:7a:42:9c:29:bd:a2:
                    86:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:D0:76:43:2C:97:CB:CF:47:BF:7F:28:EC:81:01:E4:85:8B:90:3A
            X509v3 Authority Key Identifier:
                keyid:DC:78:0D:99:35:DA:BC:70:1A:4C:48:32:B1:6C:11:D7:74:3C:39:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3HgNmTXavHAaTEgysWwR13Q8OZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/1/DC780D9935DABC701A4C4832B16C11D7743C399A.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         79:46:7e:81:ee:43:cd:cf:3a:65:7c:00:37:b9:58:be:7d:9f:
         f1:07:4b:e0:95:14:90:1c:3b:16:4b:4d:69:5a:cf:9b:f5:5e:
         f8:a2:df:a6:82:37:7b:96:1f:19:10:d6:3f:23:24:3d:95:9a:
         68:30:55:74:b0:f4:17:66:a1:72:35:8d:90:f6:b9:0c:60:14:
         9d:b5:c9:a5:dd:d9:0a:8f:e7:23:31:05:98:55:25:df:18:36:
         24:32:9f:97:1c:4c:e0:82:44:4e:a0:45:76:00:d6:ad:86:b4:
         ba:11:20:ca:d9:83:d1:16:78:bf:e2:a8:31:e4:ed:ca:51:c9:
         16:bf:67:03:0a:0e:6c:77:df:5e:0c:8f:2f:0d:11:27:fe:43:
         c4:94:78:8d:86:e7:23:df:a2:ed:78:af:e4:36:5d:c9:6a:fa:
         1f:3a:6f:e6:f4:71:fd:95:ea:dc:7b:fb:38:33:93:6f:30:bd:
         ed:c2:c1:50:b5:c7:9a:ee:ee:da:fc:38:14:50:97:b0:2a:81:
         d5:a6:7c:e6:b8:ee:4d:70:3c:71:be:95:03:82:e5:c2:e4:5d:
         45:98:d3:af:1a:91:8b:f1:95:cf:24:50:0e:9b:b7:29:c2:a2:
         09:1e:99:7c:c4:e8:ab:e3:c2:d1:d6:f9:2c:c4:4c:c5:c8:a6:
         10:3e:2b:31
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIUEP6bS5FAEP34WI6mrpJJUtKBey0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGM3ODBkOTkzNWRhYmM3MDFhNGM0ODMyYjE2YzExZDc3
NDNjMzk5YTAeFw0yNjAzMDExNjQ3NDFaFw0yNjAzMDIxNjU5NDFaMDMxMTAvBgNV
BAMTKDQ2RDA3NjQzMkM5N0NCQ0Y0N0JGN0YyOEVDODEwMUU0ODU4QjkwM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH95ODqhpCA/O1SxWQUIcBEMCd
Cf0GEu1jtikVPRKvJdBq6bPX2DuG1bzbATzI0MHD0msJ5Ih8d0cFieSiLC667eiT
BgQR8k8W/jrJQmTd1kTJvZqiE0GbGcp98aIkKVm9FqUM8tCHbxYJW6ao6wBCVWAL
pnuiyx1Z0E7eERoxf4Er3cu9i3quq4sKSr3dlQN6uTN9OxTQ0fGBreaxNB50HthS
EbDk07RSLz2L5bAPny4gFCJh3lFUM31jTYW+vuRij1xZOUFF8hsr7MByt/eioQM5
yGe7mAfZAvf2iZQ/gcLTQZZzH5WREeofhtOpdk4uMrP9zVoQ13pCnCm9oobtAgMB
AAGjggH7MIIB9zAdBgNVHQ4EFgQURtB2QyyXy89Hv38o7IEB5IWLkDowHwYDVR0j
BBgwFoAU3HgNmTXavHAaTEgysWwR13Q8OZowDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzEvREM3ODBEOTkzNURBQkM3MDFBNEM0ODMyQjE2QzExRDc3
NDNDMzk5QS5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNIZ05tVFhhdkhBYVRF
Z3lzV3dSMTNROE9aby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5y
c3luYzovL3JzeW5jLmtyaWxsLm5sbmV0bGFicy5ubC9yZXBvL25sbmV0bGFicy8x
L0RDNzgwRDk5MzVEQUJDNzAxQTRDNDgzMkIxNkMxMUQ3NzQzQzM5OUEubWZ0MBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMAYEAgAB
BQAwBgQCAAIFADAVBggrBgEFBQcBCAEB/wQGMASgAgUAMA0GCSqGSIb3DQEBCwUA
A4IBAQB5Rn6B7kPNzzplfAA3uVi+fZ/xB0vglRSQHDsWS01pWs+b9V74ot+mgjd7
lh8ZENY/IyQ9lZpoMFV0sPQXZqFyNY2Q9rkMYBSdtcml3dkKj+cjMQWYVSXfGDYk
Mp+XHEzggkROoEV2ANathrS6ESDK2YPRFni/4qgx5O3KUckWv2cDCg5sd99eDI8v
DREn/kPElHiNhucj36LteK/kNl3JavofOm/m9HH9lerce/s4M5NvML3twsFQtcea
7u7a/DgUUJewKoHVpnzmuO5NcDxxvpUDguXC5F1FmNOvGpGL8ZXPJFAOm7cpwqIJ
Hpl8xOir48LR1vksxEzFyKYQPisx
-----END CERTIFICATE-----