Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/bc34a0-3203-43c7-919d-e4c8a18ba645/1/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.mft
File:                     B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.mft (raw, json)
Hash identifier:          /z3kOlX1WDK769DKPf/r40cjWXXqxdLhC34bfpe3lZQ=
Subject key identifier:   23:E5:AF:CE:D0:94:F6:18:AC:84:31:BE:B6:51:84:E8:72:2B:29:73
Authority key identifier: 07:76:33:4D:C6:F7:0F:56:3E:99:8F:60:80:AD:32:8A:AB:7F:8D:0E
Certificate issuer:       /CN=0776334dc6f70f563e998f6080ad328aab7f8d0e
Certificate serial:       01984A41337A6675E998C417B396BCBF9F27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/bc34a0-3203-43c7-919d-e4c8a18ba645/1/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.mft
Manifest number:          CA
Signing time:             Sun 27 Jul 2025 05:00:43 +0000
Manifest this update:     Sun 27 Jul 2025 05:00:43 +0000
Manifest next update:     Mon 28 Jul 2025 05:00:43 +0000
Files and hashes:         1: B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.crl (hash: 3axr8GCVqKwLJB/YOsBwx/iGaFuGmADcJoSemTl8tYA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/bc34a0-3203-43c7-919d-e4c8a18ba645/1/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/bc34a0-3203-43c7-919d-e4c8a18ba645/1/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4a:41:33:7a:66:75:e9:98:c4:17:b3:96:bc:bf:9f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0776334dc6f70f563e998f6080ad328aab7f8d0e
        Validity
            Not Before: Jul 27 05:00:43 2025 GMT
            Not After : Jul 28 05:00:43 2025 GMT
        Subject: CN=23e5afced094f618ac8431beb65184e8722b2973
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:47:a4:22:1a:4d:34:a0:26:20:fc:3e:c7:3d:
                    a0:d5:42:ec:23:dd:cc:a9:a7:69:b1:72:10:12:78:
                    54:20:8f:a4:18:b0:eb:03:77:5a:47:82:fd:6c:95:
                    dc:ae:0b:2a:b7:ef:6b:ae:9b:8a:61:69:69:13:6b:
                    ff:23:19:3a:0d:e1:9f:02:a2:b2:df:50:85:fb:fe:
                    db:68:89:57:69:83:61:cc:cc:bb:0e:1b:11:55:c8:
                    4b:2e:3a:be:87:12:62:93:dd:41:a8:8f:f8:eb:cc:
                    3d:e9:e6:3a:70:15:cf:05:fa:99:1d:2a:d8:e8:30:
                    87:d4:63:e8:99:14:41:8f:50:bb:db:93:85:87:a5:
                    a9:b3:bf:62:28:57:bd:e9:c5:3a:db:5f:8e:a1:25:
                    b3:08:74:d8:d6:d4:38:be:8e:2a:e7:13:ed:47:03:
                    93:4a:3a:61:a3:27:a9:9e:00:d9:78:34:61:44:72:
                    9c:10:85:65:6f:21:c5:1d:2c:3c:84:22:a7:17:27:
                    06:25:de:36:e6:97:12:54:aa:d6:3a:c4:eb:a9:a8:
                    c1:e9:62:c8:19:03:22:8c:48:ba:50:91:99:4a:32:
                    67:d7:4e:f6:c3:01:89:d8:38:8b:87:85:3e:97:42:
                    90:ed:b5:21:20:81:3b:f1:82:a0:f8:a2:e2:f4:d3:
                    3c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E5:AF:CE:D0:94:F6:18:AC:84:31:BE:B6:51:84:E8:72:2B:29:73
            X509v3 Authority Key Identifier:
                keyid:07:76:33:4D:C6:F7:0F:56:3E:99:8F:60:80:AD:32:8A:AB:7F:8D:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/bc34a0-3203-43c7-919d-e4c8a18ba645/1/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/bc34a0-3203-43c7-919d-e4c8a18ba645/1/B3YzTcb3D1Y-mY9ggK0yiqt_jQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4a:e5:4a:63:bc:29:c5:ac:e7:c2:e5:ed:0b:4d:60:14:51:1e:
         02:68:95:bb:b5:ca:e5:c7:e1:d0:7d:54:a5:ed:39:85:c5:12:
         66:c3:25:2b:35:a3:18:42:17:da:f0:2d:4a:2a:05:58:01:26:
         5e:96:c9:a7:32:3a:e3:f1:3d:f1:cf:3c:eb:0a:3c:67:63:8f:
         4b:24:1a:63:82:54:19:66:a0:eb:c1:59:b5:4a:c2:8d:f5:b4:
         ea:32:5b:6f:2a:ca:e2:8a:3e:6b:d7:fa:11:62:96:a5:db:e7:
         cb:4a:f8:82:14:8b:dd:2b:39:16:ee:a1:82:68:66:50:be:a4:
         5a:89:0a:6f:04:80:3e:f0:8f:e8:02:20:62:de:8e:b4:1b:77:
         5e:39:81:dc:53:a7:ef:61:08:cf:08:ec:22:5b:df:06:0a:0f:
         64:03:fb:b9:a1:71:35:69:0c:c0:bf:cc:65:cf:10:9c:52:29:
         cf:95:de:05:e1:67:18:f8:1a:54:6a:4c:cd:4a:ac:f2:0f:60:
         82:89:cd:40:72:40:79:0d:a2:98:ca:86:b5:fa:0b:fa:d5:4a:
         8b:96:21:b5:40:35:64:eb:79:3f:51:39:6b:11:f2:2d:9b:ca:
         34:47:8b:88:fd:57:07:85:3e:d2:c4:08:cf:66:e4:32:92:18:
         3b:67:54:74
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZhKQTN6ZnXpmMQXs5a8v58nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NzYzMzRkYzZmNzBmNTYzZTk5OGY2MDgwYWQzMjhhYWI3
ZjhkMGUwHhcNMjUwNzI3MDUwMDQzWhcNMjUwNzI4MDUwMDQzWjAzMTEwLwYDVQQD
EygyM2U1YWZjZWQwOTRmNjE4YWM4NDMxYmViNjUxODRlODcyMmIyOTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEekIhpNNKAmIPw+xz2g1ULsI93M
qadpsXIQEnhUII+kGLDrA3daR4L9bJXcrgsqt+9rrpuKYWlpE2v/Ixk6DeGfAqKy
31CF+/7baIlXaYNhzMy7DhsRVchLLjq+hxJik91BqI/468w96eY6cBXPBfqZHSrY
6DCH1GPomRRBj1C725OFh6Wps79iKFe96cU621+OoSWzCHTY1tQ4vo4q5xPtRwOT
SjphoyepngDZeDRhRHKcEIVlbyHFHSw8hCKnFycGJd425pcSVKrWOsTrqajB6WLI
GQMijEi6UJGZSjJn1072wwGJ2DiLh4U+l0KQ7bUhIIE78YKg+KLi9NM8MwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCPlr87QlPYYrIQxvrZRhOhyKylzMB8GA1UdIwQY
MBaAFAd2M03G9w9WPpmPYICtMoqrf40OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjNZelRjYjNEMVktbVk5Z2dLMHlpcXRfalE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iYzM0YTAtMzIwMy00M2M3LTkxOWQt
ZTRjOGExOGJhNjQ1LzEvQjNZelRjYjNEMVktbVk5Z2dLMHlpcXRfalE0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iYzM0YTAtMzIwMy00M2M3LTkxOWQtZTRjOGExOGJhNjQ1
LzEvQjNZelRjYjNEMVktbVk5Z2dLMHlpcXRfalE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEASuVKY7wp
xaznwuXtC01gFFEeAmiVu7XK5cfh0H1Upe05hcUSZsMlKzWjGEIX2vAtSioFWAEm
XpbJpzI64/E98c886wo8Z2OPSyQaY4JUGWag68FZtUrCjfW06jJbbyrK4oo+a9f6
EWKWpdvny0r4ghSL3Ss5Fu6hgmhmUL6kWokKbwSAPvCP6AIgYt6OtBt3XjmB3FOn
72EIzwjsIlvfBgoPZAP7uaFxNWkMwL/MZc8QnFIpz5XeBeFnGPgaVGpMzUqs8g9g
gonNQHJAeQ2imMqGtfoL+tVKi5YhtUA1ZOt5P1E5axHyLZvKNEeLiP1XB4U+0sQI
z2bkMpIYO2dUdA==
-----END CERTIFICATE-----