Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
File:                     2bN6OM6IfTdjYEau84ehwjMVLkE.mft (raw, json)
Hash identifier:          gGEzzSlIwFBlScpVBO7gsvAi/sRNVkFegHXj8w4t/qQ=
Subject key identifier:   01:B3:7E:C6:F7:E0:AE:93:BA:8A:5D:B8:D1:C2:44:1B:66:1A:9E:33
Authority key identifier: D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41
Certificate issuer:       /CN=d9b37a38ce887d37636046aef387a1c233152e41
Certificate serial:       01965914AA2E7C876E43D91283D242F9AD15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
Manifest number:          0591
Signing time:             Mon 21 Apr 2025 16:00:48 +0000
Manifest this update:     Mon 21 Apr 2025 16:00:48 +0000
Manifest next update:     Tue 22 Apr 2025 16:00:48 +0000
Files and hashes:         1: 2bN6OM6IfTdjYEau84ehwjMVLkE.crl (hash: 3yFuVY+5GFXGIr9DsHnM+vNszyvGpoTeaXTNEWsNr30=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:59:14:aa:2e:7c:87:6e:43:d9:12:83:d2:42:f9:ad:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9b37a38ce887d37636046aef387a1c233152e41
        Validity
            Not Before: Apr 21 16:00:48 2025 GMT
            Not After : Apr 22 16:00:48 2025 GMT
        Subject: CN=01b37ec6f7e0ae93ba8a5db8d1c2441b661a9e33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:08:58:18:06:cd:84:aa:34:b3:92:e7:8f:9e:
                    83:35:a6:cd:d5:32:02:db:e7:d3:29:c3:49:15:15:
                    7f:a8:75:6d:36:b7:7c:69:a4:98:60:c8:5a:fb:9a:
                    99:a6:04:0b:fc:4b:ff:8c:a5:89:46:9a:08:87:33:
                    2c:47:f8:1c:8e:d3:ff:99:24:cc:89:77:11:26:12:
                    6e:bb:fd:b8:d0:57:bc:42:e4:c8:3c:63:aa:94:1e:
                    ea:05:c0:a6:61:1c:94:c6:cf:74:0b:88:f4:1e:56:
                    f2:83:12:aa:bf:f6:89:fe:a7:d4:1d:e0:c5:b4:c3:
                    2d:a4:03:82:91:a6:9c:1f:29:9c:e8:2d:0f:41:22:
                    f5:35:c4:f2:3e:20:41:50:fe:4e:47:96:3e:4a:71:
                    c3:81:d6:26:68:ba:e0:65:9f:2b:1c:03:40:e1:0f:
                    74:5a:8e:5f:42:f8:80:ad:1c:d0:29:12:dc:c4:cb:
                    55:4c:f9:63:c1:d8:ae:68:73:60:00:59:80:bf:c3:
                    f6:02:f1:de:81:c5:40:5f:1e:31:3b:ab:6a:47:4d:
                    e9:9b:b5:40:6d:90:ce:a8:09:4e:44:5f:49:b2:51:
                    28:fe:d1:0d:9b:4c:05:33:be:12:91:98:db:d6:59:
                    05:e8:f8:bd:4d:8f:3d:b2:a3:f6:4d:d5:66:94:ff:
                    5b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B3:7E:C6:F7:E0:AE:93:BA:8A:5D:B8:D1:C2:44:1B:66:1A:9E:33
            X509v3 Authority Key Identifier:
                keyid:D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         60:c3:50:d9:85:68:0c:76:82:ac:49:9e:e4:3b:34:5b:72:ff:
         3a:59:cd:0f:49:b8:18:e2:95:94:e1:e2:f1:01:6b:5b:ac:76:
         3d:6e:5d:2d:df:2b:52:28:50:d3:39:a8:7e:5c:26:ad:31:d6:
         5f:cf:e5:d5:1c:95:6b:17:aa:a2:ed:90:00:ed:b9:93:3d:54:
         52:4f:69:8d:be:2d:36:82:1e:fa:56:c3:68:86:df:2e:c7:57:
         0a:51:82:7f:84:5e:d9:a1:e6:bd:3c:1d:55:cb:00:c6:c4:29:
         86:39:d9:12:b4:e2:13:f3:c0:7b:72:d2:45:83:b5:52:03:c5:
         86:37:8d:56:39:3f:30:f4:6c:b0:11:4d:75:b9:8c:55:f1:7a:
         06:3e:5e:2e:c8:45:f6:da:da:d2:17:39:45:76:35:ab:04:82:
         99:f5:4a:80:e5:25:42:4d:52:d4:93:66:32:ea:c2:b7:f4:2a:
         82:9f:4f:a6:19:72:62:a8:84:bc:08:87:cc:cf:8a:ee:be:1f:
         22:73:eb:a7:43:32:57:0b:23:dd:48:4e:6f:bd:85:a8:04:18:
         94:5c:3a:c9:69:80:14:40:7a:8f:92:ba:71:6a:d7:89:4e:dd:
         21:49:13:5d:50:62:26:51:5f:b4:a9:c3:49:f8:24:08:cd:c3:
         a6:97:13:c7
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZZFKoufIduQ9kSg9JC+a0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YjM3YTM4Y2U4ODdkMzc2MzYwNDZhZWYzODdhMWMyMzMx
NTJlNDEwHhcNMjUwNDIxMTYwMDQ4WhcNMjUwNDIyMTYwMDQ4WjAzMTEwLwYDVQQD
EygwMWIzN2VjNmY3ZTBhZTkzYmE4YTVkYjhkMWMyNDQxYjY2MWE5ZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQhYGAbNhKo0s5Lnj56DNabN1TIC
2+fTKcNJFRV/qHVtNrd8aaSYYMha+5qZpgQL/Ev/jKWJRpoIhzMsR/gcjtP/mSTM
iXcRJhJuu/240Fe8QuTIPGOqlB7qBcCmYRyUxs90C4j0HlbygxKqv/aJ/qfUHeDF
tMMtpAOCkaacHymc6C0PQSL1NcTyPiBBUP5OR5Y+SnHDgdYmaLrgZZ8rHANA4Q90
Wo5fQviArRzQKRLcxMtVTPljwdiuaHNgAFmAv8P2AvHegcVAXx4xO6tqR03pm7VA
bZDOqAlORF9JslEo/tENm0wFM74SkZjb1lkF6Pi9TY89sqP2TdVmlP9bOQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAGzfsb34K6TuopduNHCRBtmGp4zMB8GA1UdIwQY
MBaAFNmzejjOiH03Y2BGrvOHocIzFS5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgt
ZDZhYWM2MTM4MzBiLzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgtZDZhYWM2MTM4MzBi
LzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAYMNQ2YVo
DHaCrEme5Ds0W3L/OlnND0m4GOKVlOHi8QFrW6x2PW5dLd8rUihQ0zmoflwmrTHW
X8/l1RyVaxeqou2QAO25kz1UUk9pjb4tNoIe+lbDaIbfLsdXClGCf4Re2aHmvTwd
VcsAxsQphjnZErTiE/PAe3LSRYO1UgPFhjeNVjk/MPRssBFNdbmMVfF6Bj5eLshF
9tra0hc5RXY1qwSCmfVKgOUlQk1S1JNmMurCt/Qqgp9PphlyYqiEvAiHzM+K7r4f
InPrp0MyVwsj3UhOb72FqAQYlFw6yWmAFEB6j5K6cWrXiU7dIUkTXVBiJlFftKnD
SfgkCM3DppcTxw==
-----END CERTIFICATE-----