Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.mft
File:                     QBMclDl36gqT787s000dXRyxgq8.mft (raw, json)
Hash identifier:          Ujll7AZu2JAyciXm3AQeB5wTDHHb/+RL9a/UzMCISls=
Subject key identifier:   70:7B:2D:C8:0C:81:C3:F2:69:72:F2:C2:79:65:29:76:13:07:A9:15
Authority key identifier: 40:13:1C:94:39:77:EA:0A:93:EF:CE:EC:D3:4D:1D:5D:1C:B1:82:AF
Certificate issuer:       /CN=40131c943977ea0a93efceecd34d1d5d1cb182af
Certificate serial:       01965D963DED4FAC37195B3BBC8D9E7E6D58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QBMclDl36gqT787s000dXRyxgq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.mft
Manifest number:          0DAF
Signing time:             Tue 22 Apr 2025 13:00:49 +0000
Manifest this update:     Tue 22 Apr 2025 13:00:49 +0000
Manifest next update:     Wed 23 Apr 2025 13:00:49 +0000
Files and hashes:         1: QBMclDl36gqT787s000dXRyxgq8.crl (hash: 0vu5WuZ5y4foa6WVFa3f50OF7GYhAm5E9SUCos8X1bA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QBMclDl36gqT787s000dXRyxgq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5d:96:3d:ed:4f:ac:37:19:5b:3b:bc:8d:9e:7e:6d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40131c943977ea0a93efceecd34d1d5d1cb182af
        Validity
            Not Before: Apr 22 13:00:49 2025 GMT
            Not After : Apr 23 13:00:49 2025 GMT
        Subject: CN=707b2dc80c81c3f26972f2c2796529761307a915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:94:39:ef:20:1a:b5:a7:7d:db:b2:f4:9c:71:
                    fd:77:dc:21:0f:ea:21:88:e5:c1:10:d2:17:cf:3e:
                    17:1d:d5:cc:b0:43:87:5e:4c:bf:f0:65:a1:00:e8:
                    58:18:39:c5:56:ce:b4:94:02:16:c8:90:2d:32:35:
                    5f:0d:81:e5:aa:13:5f:b6:e9:ed:4c:8d:f3:df:56:
                    4c:5a:2b:1b:0a:ed:f6:2e:94:08:f1:24:8a:e8:38:
                    6f:0b:21:d5:3d:c2:f3:17:47:0b:43:6b:b4:f0:01:
                    33:c4:5c:f5:66:91:15:0d:56:76:df:17:23:a7:a3:
                    47:ec:6a:5c:ea:2d:b7:7a:e3:e2:ae:01:04:ef:76:
                    53:9c:9b:c4:be:ca:35:4a:ed:b4:c5:7b:b3:28:cc:
                    06:f7:02:32:e1:1e:fa:a7:0b:64:05:83:47:46:45:
                    21:33:17:ce:ac:57:ee:4c:ea:9d:e1:ba:42:ff:b8:
                    69:2b:b7:0f:78:1d:80:fd:41:e2:5c:4f:cb:fe:f2:
                    51:3c:3a:d3:26:25:74:db:01:f0:92:79:8f:6d:33:
                    b1:3e:e2:46:ed:cd:a7:2f:c9:20:df:94:55:b2:7e:
                    0a:f5:e0:d8:50:39:d0:b5:6e:7b:b2:c8:ce:20:e6:
                    78:d7:89:d8:d3:13:e6:58:19:c4:35:cc:f1:c7:69:
                    20:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:7B:2D:C8:0C:81:C3:F2:69:72:F2:C2:79:65:29:76:13:07:A9:15
            X509v3 Authority Key Identifier:
                keyid:40:13:1C:94:39:77:EA:0A:93:EF:CE:EC:D3:4D:1D:5D:1C:B1:82:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QBMclDl36gqT787s000dXRyxgq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/5c9b74-753b-42e2-b41a-2b649d5ebaf3/1/QBMclDl36gqT787s000dXRyxgq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         62:ff:c4:5f:65:19:cb:f4:8d:ae:ac:70:73:25:87:cd:72:9f:
         24:d4:41:65:a3:b3:fe:e2:94:9c:f3:49:c5:25:cb:7d:cd:18:
         be:30:f6:5a:37:cf:d8:ee:0e:3f:5c:3b:6e:db:6b:fa:84:e2:
         54:23:fb:16:c7:15:bb:81:1e:8b:09:cd:62:db:ab:0e:8c:ec:
         22:be:f9:5e:c9:18:c9:12:42:2c:2b:9d:11:dd:f6:5a:9e:3d:
         69:68:6f:d7:59:65:cc:a3:85:50:e3:70:65:14:13:58:4b:f8:
         be:44:9e:f2:60:8a:52:09:c9:33:ae:99:75:1e:ad:0e:4c:f9:
         68:16:78:ba:8c:2c:c7:9f:1a:09:32:ce:59:65:34:48:77:e8:
         57:58:2c:ad:76:e5:4d:e2:fd:eb:6c:13:91:5a:f7:8a:e5:24:
         46:94:a2:04:99:6a:ca:5c:c0:95:ec:e8:1f:c2:b8:4a:25:37:
         5c:2a:dd:17:a7:fa:0f:66:ee:cd:df:4e:d1:8a:0c:da:5b:bd:
         a6:c8:bd:ec:e6:ec:e1:b8:9c:23:30:83:4a:b4:47:00:c7:08:
         f4:93:ab:1f:d0:1f:78:d0:5e:1f:c4:4f:31:0f:de:70:9d:99:
         dd:4f:7b:0a:f9:b5:e9:23:57:73:58:a7:5a:76:ff:b7:42:3b:
         c3:10:52:78
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZdlj3tT6w3GVs7vI2efm1YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMTMxYzk0Mzk3N2VhMGE5M2VmY2VlY2QzNGQxZDVkMWNi
MTgyYWYwHhcNMjUwNDIyMTMwMDQ5WhcNMjUwNDIzMTMwMDQ5WjAzMTEwLwYDVQQD
Eyg3MDdiMmRjODBjODFjM2YyNjk3MmYyYzI3OTY1Mjk3NjEzMDdhOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pQ57yAatad927L0nHH9d9whD+oh
iOXBENIXzz4XHdXMsEOHXky/8GWhAOhYGDnFVs60lAIWyJAtMjVfDYHlqhNftunt
TI3z31ZMWisbCu32LpQI8SSK6DhvCyHVPcLzF0cLQ2u08AEzxFz1ZpEVDVZ23xcj
p6NH7Gpc6i23euPirgEE73ZTnJvEvso1Su20xXuzKMwG9wIy4R76pwtkBYNHRkUh
MxfOrFfuTOqd4bpC/7hpK7cPeB2A/UHiXE/L/vJRPDrTJiV02wHwknmPbTOxPuJG
7c2nL8kg35RVsn4K9eDYUDnQtW57ssjOIOZ414nY0xPmWBnENczxx2kg/QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHB7LcgMgcPyaXLywnllKXYTB6kVMB8GA1UdIwQY
MBaAFEATHJQ5d+oKk+/O7NNNHV0csYKvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUJNY2xEbDM2Z3FUNzg3czAwMGRYUnl4Z3E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC81YzliNzQtNzUzYi00MmUyLWI0MWEt
MmI2NDlkNWViYWYzLzEvUUJNY2xEbDM2Z3FUNzg3czAwMGRYUnl4Z3E4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC81YzliNzQtNzUzYi00MmUyLWI0MWEtMmI2NDlkNWViYWYz
LzEvUUJNY2xEbDM2Z3FUNzg3czAwMGRYUnl4Z3E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAYv/EX2UZ
y/SNrqxwcyWHzXKfJNRBZaOz/uKUnPNJxSXLfc0YvjD2WjfP2O4OP1w7bttr+oTi
VCP7FscVu4EeiwnNYturDozsIr75XskYyRJCLCudEd32Wp49aWhv11llzKOFUONw
ZRQTWEv4vkSe8mCKUgnJM66ZdR6tDkz5aBZ4uowsx58aCTLOWWU0SHfoV1gsrXbl
TeL962wTkVr3iuUkRpSiBJlqylzAlezoH8K4SiU3XCrdF6f6D2buzd9O0YoM2lu9
psi97Obs4bicIzCDSrRHAMcI9JOrH9AfeNBeH8RPMQ/ecJ2Z3U97Cvm16SNXc1in
Wnb/t0I7wxBSeA==
-----END CERTIFICATE-----