Manifest

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/2ed4b7eb-17a7-44e1-9ca2-098a32383c90/1/34DEF610B33BA719BA344A660C4BDA8333112372.mft
File:                     34DEF610B33BA719BA344A660C4BDA8333112372.mft (raw, json)
Hash identifier:          TFxeQlbyFtk4d+qlHrXV7Y95ai1An7zUwnds7uBMu2A=
Subject key identifier:   BE:D1:0C:0F:A1:73:AC:B1:B0:63:5B:FF:32:8E:AA:A6:4D:5A:31:1A
Authority key identifier: 34:DE:F6:10:B3:3B:A7:19:BA:34:4A:66:0C:4B:DA:83:33:11:23:72
Certificate issuer:       /CN=34DEF610B33BA719BA344A660C4BDA8333112372
Certificate serial:       29E2AEB1025EA65AE93378BA669EA531FF392891
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/34DEF610B33BA719BA344A660C4BDA8333112372.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/2ed4b7eb-17a7-44e1-9ca2-098a32383c90/1/34DEF610B33BA719BA344A660C4BDA8333112372.mft
Manifest number:          74
Signing time:             Thu 26 Mar 2026 02:44:30 +0000
Manifest this update:     Thu 26 Mar 2026 02:39:30 +0000
Manifest next update:     Fri 27 Mar 2026 04:21:30 +0000
Files and hashes:         1: 326131343a373538363a393162303a3a2f34342d3438203d3e20323134323233.roa (hash: ZO9VHs/jdkk6zzSYMSYZUdvcDq76KLDhmDYi/qPc0gQ=)
                          2: 326131343a373538363a373030303a3a2f33362d3438203d3e20323134323233.roa (hash: pCJnPNsZB30IXmBLO9EkDOhxW1xXJNPlCqoAbVJT2Wc=)
                          3: 326131343a373538363a393030303a3a2f34302d3438203d3e20323134323233.roa (hash: sK/28IbuKKKyA7SCTgY03EIdfGQ4xy21thbu3jiR9Kc=)
                          4: 326131343a373538363a393030303a3a2f33362d3438203d3e20323134323233.roa (hash: iA4p3IYifVrgGD3/GcCBblPOiSEiC+VZIiOYTHmZ3ew=)
                          5: 326131343a373538363a393161303a3a2f34342d3438203d3e20323134323233.roa (hash: czMZ6yHzk1H5R4x8pCiKnN7yebua0d7E2WPcIPaQbQU=)
                          6: 34DEF610B33BA719BA344A660C4BDA8333112372.crl (hash: frZcYD39A1DH5BBm0VZBKUqMqp3F9nrvxrDPj3UezIk=)
                          7: 326131343a373538313a396631303a3a2f34342d3438203d3e20323134323233.roa (hash: /757R/290q7lxAjREfkIn9O/IfjmifWYIYI5Pedt0xY=)
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:e2:ae:b1:02:5e:a6:5a:e9:33:78:ba:66:9e:a5:31:ff:39:28:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34DEF610B33BA719BA344A660C4BDA8333112372
        Validity
            Not Before: Mar 26 02:39:30 2026 GMT
            Not After : Mar 27 04:21:30 2026 GMT
        Subject: CN=BED10C0FA173ACB1B0635BFF328EAAA64D5A311A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3e:b3:8d:be:68:75:b9:dc:55:f2:9e:18:84:
                    83:22:69:a8:2e:b9:ec:fe:6a:17:e2:96:5a:75:1c:
                    74:b3:d3:63:2d:82:f5:87:ce:0b:5f:76:b3:77:86:
                    39:04:a6:a6:ca:8d:75:e5:0e:04:32:d6:43:43:35:
                    f7:82:fc:bf:ef:94:ab:5b:b1:45:dd:ec:d0:31:2d:
                    1a:b1:00:ac:c0:7b:6c:ec:fd:46:7e:0e:f4:8d:88:
                    b7:24:f0:f5:bc:81:90:74:fa:9e:14:4e:55:57:55:
                    c7:08:54:48:c4:10:a4:1c:f1:c9:72:e5:78:92:72:
                    b0:c4:62:61:38:a1:ea:a4:11:a5:17:84:b9:0c:3f:
                    8d:4e:fe:bd:89:4e:e4:9a:1b:bc:3b:d5:df:42:41:
                    9f:65:79:41:67:52:f2:3e:c9:9e:4c:7f:7c:36:60:
                    aa:01:02:3b:05:cd:d8:77:92:f7:aa:76:9f:5e:bb:
                    54:37:15:ae:ac:62:1b:13:a3:8e:e4:1a:76:d4:80:
                    b1:4d:9c:48:48:3c:9f:0d:58:09:9c:5d:c2:1e:17:
                    92:2a:1d:99:31:30:71:a2:4c:6c:5c:bb:e5:2a:05:
                    bd:b3:51:d0:3f:6d:07:d5:8e:31:ac:19:ff:15:b0:
                    1f:b0:73:0a:a0:9c:b9:87:01:44:66:28:e3:64:b5:
                    e2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D1:0C:0F:A1:73:AC:B1:B0:63:5B:FF:32:8E:AA:A6:4D:5A:31:1A
            X509v3 Authority Key Identifier:
                keyid:34:DE:F6:10:B3:3B:A7:19:BA:34:4A:66:0C:4B:DA:83:33:11:23:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/2ed4b7eb-17a7-44e1-9ca2-098a32383c90/1/34DEF610B33BA719BA344A660C4BDA8333112372.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/34DEF610B33BA719BA344A660C4BDA8333112372.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/2ed4b7eb-17a7-44e1-9ca2-098a32383c90/1/34DEF610B33BA719BA344A660C4BDA8333112372.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6b:ab:19:95:27:b4:c0:54:41:92:cc:1c:85:0d:28:88:e5:aa:
         30:a5:84:f8:7d:ce:0b:b2:29:13:91:d7:0f:0f:21:ae:a9:c5:
         30:5d:af:9f:86:dc:87:e9:31:4e:69:78:36:e7:61:0d:80:7c:
         87:02:ff:17:ac:e6:21:ab:2a:7c:90:26:3c:a9:4f:0e:89:00:
         83:f3:d9:09:9f:ab:51:5f:be:53:b3:8d:c3:c0:4b:82:36:6d:
         48:2d:07:63:28:a7:a2:21:b5:01:03:a8:87:33:aa:8d:0c:8c:
         34:5c:f8:39:29:0d:3c:be:09:84:7f:53:40:30:7b:6e:18:dd:
         f3:78:9b:df:37:4a:66:c7:b2:52:b4:d3:4c:be:ac:a0:dc:5b:
         2b:33:8c:a3:4d:cb:ed:0b:95:45:60:53:5e:0a:cc:d1:1d:36:
         b1:67:3e:64:77:39:66:11:e6:3e:96:00:a6:b5:8f:84:0d:bc:
         2b:d2:22:ac:84:f9:67:d6:e3:da:bd:a7:9d:e0:5c:74:13:dd:
         a9:55:35:cf:92:73:08:e2:74:86:5a:3e:29:82:ba:c2:75:93:
         62:82:22:22:8e:36:c2:03:8d:61:9f:ee:9a:85:1d:b9:b1:d9:
         d3:14:b6:36:38:c2:7f:ba:47:a0:1f:54:44:25:77:df:ed:d0:
         ab:5e:cb:d2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUKeKusQJeplrpM3i6Zp6lMf85KJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzRERUY2MTBCMzNCQTcxOUJBMzQ0QTY2MEM0QkRBODMz
MzExMjM3MjAeFw0yNjAzMjYwMjM5MzBaFw0yNjAzMjcwNDIxMzBaMDMxMTAvBgNV
BAMTKEJFRDEwQzBGQTE3M0FDQjFCMDYzNUJGRjMyOEVBQUE2NEQ1QTMxMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRPrONvmh1udxV8p4YhIMiaagu
uez+ahfillp1HHSz02MtgvWHzgtfdrN3hjkEpqbKjXXlDgQy1kNDNfeC/L/vlKtb
sUXd7NAxLRqxAKzAe2zs/UZ+DvSNiLck8PW8gZB0+p4UTlVXVccIVEjEEKQc8cly
5XiScrDEYmE4oeqkEaUXhLkMP41O/r2JTuSaG7w71d9CQZ9leUFnUvI+yZ5Mf3w2
YKoBAjsFzdh3kveqdp9eu1Q3Fa6sYhsTo47kGnbUgLFNnEhIPJ8NWAmcXcIeF5Iq
HZkxMHGiTGxcu+UqBb2zUdA/bQfVjjGsGf8VsB+wcwqgnLmHAURmKONkteLnAgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUvtEMD6FzrLGwY1v/Mo6qpk1aMRowHwYDVR0j
BBgwFoAUNN72ELM7pxm6NEpmDEvagzMRI3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMmVkNGI3ZWItMTdhNy00NGUxLTljYTItMDk4YTMyMzgz
YzkwLzEvMzRERUY2MTBCMzNCQTcxOUJBMzQ0QTY2MEM0QkRBODMzMzExMjM3Mi5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zNERFRjYxMEIzM0JBNzE5QkEzNDRBNjYw
QzRCREE4MzMzMTEyMzcyLmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzJlZDRiN2ViLTE3YTctNDRlMS05Y2EyLTA5OGEzMjM4M2M5MC8xLzM0REVGNjEw
QjMzQkE3MTlCQTM0NEE2NjBDNEJEQTgzMzMxMTIzNzIubWZ0MBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMAYEAgABBQAwBgQCAAIF
ADAVBggrBgEFBQcBCAEB/wQGMASgAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQBrqxmV
J7TAVEGSzByFDSiI5aowpYT4fc4LsikTkdcPDyGuqcUwXa+fhtyH6TFOaXg252EN
gHyHAv8XrOYhqyp8kCY8qU8OiQCD89kJn6tRX75Ts43DwEuCNm1ILQdjKKeiIbUB
A6iHM6qNDIw0XPg5KQ08vgmEf1NAMHtuGN3zeJvfN0pmx7JStNNMvqyg3FsrM4yj
TcvtC5VFYFNeCszRHTaxZz5kdzlmEeY+lgCmtY+EDbwr0iKshPln1uPavaed4Fx0
E92pVTXPknMI4nSGWj4pgrrCdZNigiIijjbCA41hn+6ahR25sdnTFLY2OMJ/ukeg
H1REJXff7dCrXsvS
-----END CERTIFICATE-----