Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          hnwd72p/Cc1NdlIPVHZKnwFNPO2mm9ibdKyGa4I3stQ=
Subject key identifier:   DB:8E:EE:B7:0E:59:17:2C:BD:80:5C:73:95:D7:4A:34:44:7C:18:55
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       019A71B9301456FC25ABA4E3ACB20BCE2705
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          171B
Signing time:             Tue 11 Nov 2025 07:02:33 +0000
Manifest this update:     Tue 11 Nov 2025 07:02:33 +0000
Manifest next update:     Wed 12 Nov 2025 07:02:33 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: 1WBWr0uXvWSgzlSjdz1P9J6O3N/ST+THcSuI+TSjR94=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b9:30:14:56:fc:25:ab:a4:e3:ac:b2:0b:ce:27:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Nov 11 07:02:33 2025 GMT
            Not After : Nov 12 07:02:33 2025 GMT
        Subject: CN=db8eeeb70e59172cbd805c7395d74a34447c1855
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1e:60:d0:22:e2:70:9e:d4:4f:b6:ad:82:80:
                    28:ee:57:3b:97:1b:fb:e5:98:a5:06:b0:26:9b:e9:
                    fd:93:6c:07:04:18:a2:b0:38:84:6d:49:c5:16:34:
                    67:dc:3b:4b:e6:72:e1:6d:09:16:0d:54:01:82:1c:
                    1d:a9:53:9e:58:bc:90:5a:41:c4:6c:99:ab:cf:cb:
                    98:5b:ce:d4:4c:ce:fe:64:b6:79:74:ac:e9:fd:f3:
                    60:63:dd:4b:11:26:15:6d:bf:30:34:7a:43:95:05:
                    f2:75:cf:19:5b:9d:d0:3e:c1:b0:cd:74:cb:09:3b:
                    32:57:d0:87:41:f6:f3:88:9d:27:9a:67:9f:f6:09:
                    c9:b1:a2:b5:a7:68:4c:d1:56:b0:c9:f9:db:a3:61:
                    00:18:26:8d:47:78:5c:36:4a:c9:68:d1:71:32:1a:
                    9a:1d:c7:ea:0c:32:eb:ef:37:6a:86:b9:f5:bb:c5:
                    c8:1b:9d:dd:c2:8c:93:76:97:26:a2:32:b6:da:07:
                    82:f5:3f:3e:4a:37:26:0c:e0:1f:e8:be:46:ac:53:
                    02:16:4f:da:c6:4d:0e:17:96:01:90:73:dc:4b:3f:
                    ab:b4:60:3f:46:07:e2:01:78:7b:9e:9e:85:82:a6:
                    2a:29:53:97:79:20:e9:91:e4:60:43:9b:10:b0:e5:
                    59:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8E:EE:B7:0E:59:17:2C:BD:80:5C:73:95:D7:4A:34:44:7C:18:55
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         29:24:94:d6:55:86:f5:ac:dd:fc:0d:2b:98:80:1c:1e:1f:36:
         f1:0b:48:1a:52:17:6b:d2:3e:f1:b5:8b:e7:94:1c:43:e7:3c:
         41:e8:7d:0e:6e:55:89:50:b8:f2:82:a9:5c:de:e6:c2:e4:a5:
         b7:dc:a7:84:b7:5c:46:f2:bc:4e:ac:f4:f5:62:db:eb:07:ec:
         88:34:75:47:4e:d0:93:69:81:69:7f:75:8d:2f:83:28:ce:58:
         84:92:e8:61:97:e9:7b:3e:62:88:34:93:4f:7e:2a:37:f4:58:
         8e:07:d8:6a:89:be:b6:ad:39:6b:d0:03:c3:7c:51:87:0f:f1:
         f2:93:b7:2b:e9:16:46:78:2b:df:fd:50:11:1a:36:91:20:65:
         4a:8a:58:57:96:d2:bb:fb:ad:a5:b0:99:87:97:4c:d9:44:25:
         b0:1e:29:25:f2:b5:14:10:60:ed:14:fe:f9:04:d8:83:32:4d:
         61:84:3a:c0:81:2b:61:87:87:10:a6:7d:6b:0d:65:29:21:70:
         ed:10:9b:46:fc:f4:0d:65:ef:60:43:3e:e9:d4:5d:db:e9:e3:
         46:7a:c2:fe:d6:2a:86:5b:b4:9f:44:dc:91:a3:b6:df:5f:06:
         2a:16:ca:65:e1:3f:4e:bc:42:11:55:82:10:cd:fe:3a:a4:14:
         04:0e:3b:13
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuTAUVvwlq6TjrLILzicFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjUxMTExMDcwMjMzWhcNMjUxMTEyMDcwMjMzWjAzMTEwLwYDVQQD
EyhkYjhlZWViNzBlNTkxNzJjYmQ4MDVjNzM5NWQ3NGEzNDQ0N2MxODU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB5g0CLicJ7UT7atgoAo7lc7lxv7
5ZilBrAmm+n9k2wHBBiisDiEbUnFFjRn3DtL5nLhbQkWDVQBghwdqVOeWLyQWkHE
bJmrz8uYW87UTM7+ZLZ5dKzp/fNgY91LESYVbb8wNHpDlQXydc8ZW53QPsGwzXTL
CTsyV9CHQfbziJ0nmmef9gnJsaK1p2hM0Vawyfnbo2EAGCaNR3hcNkrJaNFxMhqa
HcfqDDLr7zdqhrn1u8XIG53dwoyTdpcmojK22geC9T8+SjcmDOAf6L5GrFMCFk/a
xk0OF5YBkHPcSz+rtGA/RgfiAXh7np6FgqYqKVOXeSDpkeRgQ5sQsOVZuQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNuO7rcOWRcsvYBcc5XXSjREfBhVMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAKSSU1lWG
9azd/A0rmIAcHh828QtIGlIXa9I+8bWL55QcQ+c8Qeh9Dm5ViVC48oKpXN7mwuSl
t9ynhLdcRvK8Tqz09WLb6wfsiDR1R07Qk2mBaX91jS+DKM5YhJLoYZfpez5iiDST
T34qN/RYjgfYaom+tq05a9ADw3xRhw/x8pO3K+kWRngr3/1QERo2kSBlSopYV5bS
u/utpbCZh5dM2UQlsB4pJfK1FBBg7RT++QTYgzJNYYQ6wIErYYeHEKZ9aw1lKSFw
7RCbRvz0DWXvYEM+6dRd2+njRnrC/tYqhlu0n0TckaO2318GKhbKZeE/TrxCEVWC
EM3+OqQUBA47Ew==
-----END CERTIFICATE-----