Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          qKNIPYTngF+MfD0OFx994eBkkVQrY8UywWTSxWQMHjc=
Subject key identifier:   69:CE:E2:E8:93:5E:21:E3:E8:04:65:EC:4E:90:FB:9B:63:73:9F:0A
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       0199239F77644F2A060397C526B4AE140DE6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          166E
Signing time:             Sun 07 Sep 2025 10:01:17 +0000
Manifest this update:     Sun 07 Sep 2025 10:01:17 +0000
Manifest next update:     Mon 08 Sep 2025 10:01:17 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: bA4ujd5sezlYlmEijHxZvZvKRKXLcvfE5d1TNPrO9Fc=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:23:9f:77:64:4f:2a:06:03:97:c5:26:b4:ae:14:0d:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Sep  7 10:01:17 2025 GMT
            Not After : Sep  8 10:01:17 2025 GMT
        Subject: CN=69cee2e8935e21e3e80465ec4e90fb9b63739f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:2d:4c:fc:ae:20:a1:ca:f0:e3:aa:cd:f3:5c:
                    f9:8c:91:4c:16:de:2c:48:00:99:3e:f0:83:3d:c6:
                    86:75:13:ea:a7:e4:e7:ff:d8:c1:e4:f3:22:86:8c:
                    73:24:06:c4:30:16:cf:62:10:7e:ed:d4:02:13:09:
                    9b:8a:03:86:99:e3:fb:c8:3a:50:f8:c3:da:12:db:
                    8d:ed:f3:8b:4c:bf:e6:40:b7:62:be:e2:27:51:be:
                    85:74:5a:6b:70:15:c9:0d:57:e6:34:41:12:ec:ae:
                    6b:96:50:cc:bc:06:d8:c2:6f:a2:bf:04:dc:65:ec:
                    13:a3:c5:f1:70:d5:da:fc:a6:1f:03:8f:e8:0e:32:
                    d5:d6:1d:88:51:57:83:0f:89:42:97:ea:db:b7:94:
                    44:58:34:e3:5a:6f:eb:d0:25:c4:89:41:bf:8e:15:
                    f7:17:c5:fc:82:25:bc:28:68:33:4c:46:f3:4b:f7:
                    6c:0c:61:ff:c5:b8:19:54:05:e9:c3:e3:16:02:b2:
                    9e:2e:b5:0f:68:e8:4d:0a:fa:32:70:4b:1b:b6:af:
                    4f:d3:c3:a3:a7:eb:f2:c9:c5:c2:3e:36:db:2b:f2:
                    e0:61:00:af:ed:1f:ef:7b:39:56:89:85:63:2a:71:
                    ac:5f:6a:00:43:80:ee:93:57:a6:be:c0:27:fd:4f:
                    f9:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:CE:E2:E8:93:5E:21:E3:E8:04:65:EC:4E:90:FB:9B:63:73:9F:0A
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4f:56:12:e0:98:ee:42:1c:77:39:ee:4e:e8:0a:cc:1f:7d:01:
         04:4c:87:38:dc:a9:6b:02:2a:c0:fa:89:cb:6c:c2:c7:91:31:
         31:1f:01:68:8a:8e:69:f9:f1:11:5f:3c:60:98:bb:fd:56:66:
         b2:5d:ec:f7:11:93:c6:b2:d3:af:0e:83:70:03:e3:e1:cc:43:
         5b:fe:e1:38:2b:8e:73:6a:f5:62:65:f0:28:91:31:24:4d:da:
         74:d4:14:7f:0f:63:25:ea:db:1d:e1:8b:52:7b:09:0c:8f:4f:
         85:ac:a6:d8:34:97:df:9d:17:14:b4:ec:fb:8d:87:70:4b:92:
         31:18:57:7f:b7:d4:46:b7:a1:8f:f0:64:ae:8a:8a:99:27:80:
         23:26:fc:3f:79:94:d2:41:7a:ed:4f:78:7e:c2:0f:c0:0c:eb:
         3a:b2:06:9c:5d:e2:15:8d:34:c4:7b:a5:2f:bd:61:ec:ff:9f:
         c0:0c:b3:4b:64:b7:fa:4d:46:3c:15:e4:0a:ff:01:c9:a2:ce:
         40:c0:8e:d7:7e:f5:38:52:5b:c9:e5:e1:96:4b:e0:66:6d:13:
         96:07:b8:41:44:7b:c9:5a:00:e8:4f:f2:83:a6:53:fc:ec:0e:
         f6:e8:f6:80:82:f4:09:d8:10:36:c8:e8:6a:97:64:71:9f:77:
         31:5f:06:ec
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZkjn3dkTyoGA5fFJrSuFA3mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjUwOTA3MTAwMTE3WhcNMjUwOTA4MTAwMTE3WjAzMTEwLwYDVQQD
Eyg2OWNlZTJlODkzNWUyMWUzZTgwNDY1ZWM0ZTkwZmI5YjYzNzM5ZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3i1M/K4gocrw46rN81z5jJFMFt4s
SACZPvCDPcaGdRPqp+Tn/9jB5PMihoxzJAbEMBbPYhB+7dQCEwmbigOGmeP7yDpQ
+MPaEtuN7fOLTL/mQLdivuInUb6FdFprcBXJDVfmNEES7K5rllDMvAbYwm+ivwTc
ZewTo8XxcNXa/KYfA4/oDjLV1h2IUVeDD4lCl+rbt5REWDTjWm/r0CXEiUG/jhX3
F8X8giW8KGgzTEbzS/dsDGH/xbgZVAXpw+MWArKeLrUPaOhNCvoycEsbtq9P08Oj
p+vyycXCPjbbK/LgYQCv7R/vezlWiYVjKnGsX2oAQ4Duk1emvsAn/U/5EwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGnO4uiTXiHj6ARl7E6Q+5tjc58KMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAT1YS4Jju
Qhx3Oe5O6ArMH30BBEyHONypawIqwPqJy2zCx5ExMR8BaIqOafnxEV88YJi7/VZm
sl3s9xGTxrLTrw6DcAPj4cxDW/7hOCuOc2r1YmXwKJExJE3adNQUfw9jJerbHeGL
UnsJDI9Phaym2DSX350XFLTs+42HcEuSMRhXf7fURrehj/BkroqKmSeAIyb8P3mU
0kF67U94fsIPwAzrOrIGnF3iFY00xHulL71h7P+fwAyzS2S3+k1GPBXkCv8ByaLO
QMCO1371OFJbyeXhlkvgZm0Tlge4QUR7yVoA6E/yg6ZT/OwO9uj2gIL0CdgQNsjo
apdkcZ93MV8G7A==
-----END CERTIFICATE-----