Manifest

$ rpki-client -vvf rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
File:                     B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft (raw, json)
Hash identifier:          +lNt1yqNgjLRloR53pRIBxwWxmTnpP/RtD+0QM1vR9c=
Subject key identifier:   06:53:2D:F0:F7:7E:41:4A:E7:F5:00:02:39:53:AD:ED:13:41:E7:6F
Authority key identifier: B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4
Certificate issuer:       /CN=b60561dffbfde255fec14d4d9f0e13f4375352e4
Certificate serial:       3886404E2FBCEACA13E3557BC1026AC693AD6B3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer
Subject info access:      rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
Manifest number:          01AE
Signing time:             Sat 08 Nov 2025 14:31:10 +0000
Manifest this update:     Sat 08 Nov 2025 14:26:10 +0000
Manifest next update:     Sun 09 Nov 2025 16:14:10 +0000
Files and hashes:         1: B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl (hash: isRHa2iLVEpPtQmG5k/7O5zSO57HoXoRJKvgysDQxIc=)
                          2: 323030313a3637633a6438303a3a2f34382d3438203d3e20343031353531.roa (hash: mqadfIJnOHBwBW3bzOjsszkG4yNmowPDrD6AKDG5B1Q=)
Validation:               OK
Signature path:           rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl
                          rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Nov 2025 16:14:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:86:40:4e:2f:bc:ea:ca:13:e3:55:7b:c1:02:6a:c6:93:ad:6b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b60561dffbfde255fec14d4d9f0e13f4375352e4
        Validity
            Not Before: Nov  8 14:26:10 2025 GMT
            Not After : Nov  9 16:14:10 2025 GMT
        Subject: CN=06532DF0F77E414AE7F500023953ADED1341E76F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:bb:08:c5:fd:72:2f:0b:56:b6:55:d5:6f:f3:
                    40:ea:7c:db:04:ae:c6:d4:6a:31:cb:37:f0:cc:82:
                    c5:34:e5:ee:90:a9:24:cb:1b:60:e2:aa:06:78:a7:
                    49:67:16:ca:0f:96:9c:f3:ac:31:42:e8:0f:fd:30:
                    ed:9d:35:05:74:4b:ca:14:24:ba:74:9b:41:cf:dc:
                    81:31:dc:9e:d0:06:67:4b:5e:81:db:8a:a1:31:8a:
                    e0:02:64:09:ca:df:1a:64:89:9b:c6:45:ff:82:d1:
                    8e:03:ca:dd:ee:69:3b:57:dc:0b:74:8a:95:12:17:
                    a2:52:fa:1b:58:d3:99:4b:bf:e6:40:f1:64:a2:92:
                    c9:7e:14:1a:f0:c4:b8:0b:67:37:16:39:5d:59:a7:
                    62:0b:61:20:b6:18:26:ed:fa:1a:32:45:c5:ad:bd:
                    af:14:de:18:c6:99:74:d3:1f:e6:ab:3c:10:1e:91:
                    78:59:0b:36:54:4d:a5:df:69:a8:16:69:45:eb:79:
                    55:57:37:6d:3b:b9:79:3f:3f:4e:64:77:ae:9c:f4:
                    32:99:a2:fe:22:e1:f2:80:3d:ec:ef:28:3e:74:85:
                    51:a1:74:fe:13:e2:0e:f7:c7:d7:a0:6b:52:1a:42:
                    02:89:5e:ca:cf:ff:96:dd:0b:fa:a0:60:4c:d5:0a:
                    49:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:53:2D:F0:F7:7E:41:4A:E7:F5:00:02:39:53:AD:ED:13:41:E7:6F
            X509v3 Authority Key Identifier:
                keyid:B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4d:4a:0a:c8:1f:21:43:74:55:8e:06:ff:25:99:77:d8:7e:01:
         11:62:0e:14:fe:6f:01:61:42:6b:7f:13:ea:88:66:15:7d:76:
         19:c8:b3:04:05:b5:70:82:04:da:7c:f9:60:45:35:0c:cd:5e:
         8a:c2:df:8a:26:e3:53:00:28:9d:d8:c0:85:8f:1b:78:f5:ec:
         23:5e:85:8d:22:b5:ec:22:e9:d7:da:1c:36:dd:93:87:c6:3a:
         d8:1e:a8:38:bf:1b:49:db:9e:d5:4a:9d:1f:16:0b:30:e5:0d:
         c4:75:59:17:de:30:cc:af:e4:47:dd:2f:d2:ae:e4:17:af:b1:
         a4:69:35:d6:1c:ed:be:73:05:8e:e2:72:c7:0b:4a:bc:96:a6:
         cc:a8:0b:ce:68:77:fa:c3:4e:de:e5:35:55:63:a1:8a:7f:a5:
         38:72:e5:a2:4d:66:ca:38:80:01:4c:f3:2a:26:99:56:75:b6:
         2b:c7:90:e5:6f:5e:ab:66:8c:b7:01:38:ed:e0:eb:d3:69:fa:
         93:d3:94:90:ab:76:81:35:00:2e:ec:a9:d9:59:ec:7f:51:74:
         1f:28:cc:cd:cc:d3:0c:b4:24:f5:fd:a9:8b:93:ce:59:f3:a4:
         df:5d:d4:a3:c8:9d:f8:b4:29:93:af:d5:6e:ea:71:34:9c:36:
         67:9f:88:22
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUOIZATi+86soT41V7wQJqxpOtazwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjYwNTYxZGZmYmZkZTI1NWZlYzE0ZDRkOWYwZTEzZjQz
NzUzNTJlNDAeFw0yNTExMDgxNDI2MTBaFw0yNTExMDkxNjE0MTBaMDMxMTAvBgNV
BAMTKDA2NTMyREYwRjc3RTQxNEFFN0Y1MDAwMjM5NTNBREVEMTM0MUU3NkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmuwjF/XIvC1a2VdVv80DqfNsE
rsbUajHLN/DMgsU05e6QqSTLG2DiqgZ4p0lnFsoPlpzzrDFC6A/9MO2dNQV0S8oU
JLp0m0HP3IEx3J7QBmdLXoHbiqExiuACZAnK3xpkiZvGRf+C0Y4Dyt3uaTtX3At0
ipUSF6JS+htY05lLv+ZA8WSiksl+FBrwxLgLZzcWOV1Zp2ILYSC2GCbt+hoyRcWt
va8U3hjGmXTTH+arPBAekXhZCzZUTaXfaagWaUXreVVXN207uXk/P05kd66c9DKZ
ov4i4fKAPezvKD50hVGhdP4T4g73x9ega1IaQgKJXsrP/5bdC/qgYEzVCkkzAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUBlMt8Pd+QUrn9QACOVOt7RNB528wHwYDVR0j
BBgwFoAUtgVh3/v94lX+wU1Nnw4T9DdTUuQwDgYDVR0PAQH/BAQDAgeAMGcGA1Ud
HwRgMF4wXKBaoFiGVnJzeW5jOi8vcnBraS5uZWxsaWN1cy5uZXQvcmVwby9uZWxs
aWN1cy8wL0I2MDU2MURGRkJGREUyNTVGRUMxNEQ0RDlGMEUxM0Y0Mzc1MzUyRTQu
Y3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC90Z1ZoM192OTRsWC13VTFObnc0VDlE
ZFRVdVEuY2VyMHIGCCsGAQUFBwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly9y
cGtpLm5lbGxpY3VzLm5ldC9yZXBvL25lbGxpY3VzLzAvQjYwNTYxREZGQkZERTI1
NUZFQzE0RDREOUYwRTEzRjQzNzUzNTJFNC5tZnQwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMBUGCCsG
AQUFBwEIAQH/BAYwBKACBQAwDQYJKoZIhvcNAQELBQADggEBAE1KCsgfIUN0VY4G
/yWZd9h+ARFiDhT+bwFhQmt/E+qIZhV9dhnIswQFtXCCBNp8+WBFNQzNXorC34om
41MAKJ3YwIWPG3j17CNehY0itewi6dfaHDbdk4fGOtgeqDi/G0nbntVKnR8WCzDl
DcR1WRfeMMyv5EfdL9Ku5BevsaRpNdYc7b5zBY7icscLSryWpsyoC85od/rDTt7l
NVVjoYp/pThy5aJNZso4gAFM8yommVZ1tivHkOVvXqtmjLcBOO3g69Np+pPTlJCr
doE1AC7sqdlZ7H9RdB8ozM3M0wy0JPX9qYuTzlnzpN9d1KPInfi0KZOv1W7qcTSc
NmefiCI=
-----END CERTIFICATE-----