Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft
File:                     upsYDHz0DC3X-keDflGa37wisD0.mft (raw, json)
Hash identifier:          X3RCVJVf1Lc2pLAB7kARZnq5YrkTEeQ+kEoXQFdxKwg=
Subject key identifier:   1F:8D:CE:AA:A3:A7:73:16:90:7E:E6:B4:1B:52:CD:B4:63:36:BF:F9
Authority key identifier: BA:9B:18:0C:7C:F4:0C:2D:D7:FA:47:83:7E:51:9A:DF:BC:22:B0:3D
Certificate issuer:       /CN=ba9b180c7cf40c2dd7fa47837e519adfbc22b03d
Certificate serial:       019A725C7BE575E2CBD2C2C422F4BFFB776C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upsYDHz0DC3X-keDflGa37wisD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft
Manifest number:          8B
Signing time:             Tue 11 Nov 2025 10:00:54 +0000
Manifest this update:     Tue 11 Nov 2025 10:00:54 +0000
Manifest next update:     Wed 12 Nov 2025 10:00:54 +0000
Files and hashes:         1: upsYDHz0DC3X-keDflGa37wisD0.crl (hash: 71pldPnDAJmLxDffLX3X0IdyY8+HJ4x3VEK3gA5jI/c=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/upsYDHz0DC3X-keDflGa37wisD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:7b:e5:75:e2:cb:d2:c2:c4:22:f4:bf:fb:77:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9b180c7cf40c2dd7fa47837e519adfbc22b03d
        Validity
            Not Before: Nov 11 10:00:54 2025 GMT
            Not After : Nov 12 10:00:54 2025 GMT
        Subject: CN=1f8dceaaa3a77316907ee6b41b52cdb46336bff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1f:03:1f:6c:8f:9b:7c:2a:65:c3:89:25:f3:
                    5d:1e:ba:96:8c:b9:af:04:93:e8:ef:85:6d:37:04:
                    15:01:38:ef:56:e6:48:66:ea:58:02:fd:fd:80:2f:
                    21:99:fd:7a:40:c6:25:22:c5:2d:f0:49:aa:62:f9:
                    8b:8a:0e:34:1c:0d:9d:3e:1c:5c:9c:5a:19:54:a9:
                    4e:98:54:ff:52:87:d9:dc:f2:a4:4c:58:ab:a6:c3:
                    66:21:3a:34:aa:a7:4e:05:31:97:36:01:2e:eb:9a:
                    ba:cb:d8:32:33:a9:a1:35:73:f3:40:6f:78:3c:1a:
                    6f:4a:a2:0d:c7:3f:e1:40:1c:dc:b3:b9:1f:a0:9a:
                    3b:04:04:3b:81:a9:8c:df:9c:da:2d:42:7c:c4:00:
                    aa:9a:3b:95:ed:61:87:b2:07:27:5a:c2:58:9b:71:
                    ec:89:03:ca:34:ef:2c:d1:95:6f:a4:ff:61:a8:bf:
                    a3:48:bb:be:11:f3:48:a6:eb:6e:42:ff:89:36:e1:
                    fb:3f:60:6c:cc:4e:32:de:90:62:4e:19:c4:f6:c4:
                    23:68:52:94:fa:7c:28:10:3b:e7:37:7d:92:b7:bd:
                    9d:aa:65:07:27:6a:54:00:4c:d7:6b:63:f3:0f:63:
                    b4:f0:03:60:ce:d7:00:85:1e:a8:92:62:74:13:e9:
                    80:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8D:CE:AA:A3:A7:73:16:90:7E:E6:B4:1B:52:CD:B4:63:36:BF:F9
            X509v3 Authority Key Identifier:
                keyid:BA:9B:18:0C:7C:F4:0C:2D:D7:FA:47:83:7E:51:9A:DF:BC:22:B0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upsYDHz0DC3X-keDflGa37wisD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a1:81:21:a3:3f:04:8b:9a:7d:d5:f2:d6:1f:3c:58:96:fd:5f:
         49:5a:ae:a4:7e:38:8f:58:da:f6:a2:76:02:8e:02:18:70:5b:
         1c:8b:b9:0e:8c:f6:e1:f3:b8:4a:2b:6f:2e:11:e2:82:1f:d0:
         3e:52:44:4f:49:62:e2:73:0c:16:63:20:c8:88:e5:78:39:ed:
         5e:12:07:be:be:f2:04:cd:32:40:db:d1:20:09:92:05:9a:2c:
         51:2f:f1:7a:ee:c2:e4:8c:5f:dc:55:85:8a:bf:35:72:6e:9d:
         fa:91:da:0e:c3:f4:93:bc:79:76:cf:31:08:30:b5:c1:c6:7e:
         d4:b2:bb:2b:94:c8:1c:23:86:66:71:80:0a:85:78:20:93:38:
         15:44:7c:e3:33:6d:14:6e:8a:c0:73:dd:5e:85:4b:ce:7e:a1:
         59:9b:c7:53:a9:67:a8:16:77:02:28:4d:9a:29:54:8a:f8:da:
         ee:ff:35:b3:ce:02:74:29:bb:8e:2f:8d:d2:e8:83:51:6f:ff:
         a7:74:25:c2:4a:77:c4:4f:8d:d0:62:b5:25:ff:19:87:16:e4:
         18:ee:c4:ac:de:43:fb:98:5e:a7:26:a0:63:71:1b:3f:6b:26:
         a2:4e:40:4e:3d:d8:8a:31:b3:c9:51:ca:ff:d0:f5:a0:76:a2:
         0d:83:4c:5e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXHvldeLL0sLEIvS/+3dsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWIxODBjN2NmNDBjMmRkN2ZhNDc4MzdlNTE5YWRmYmMy
MmIwM2QwHhcNMjUxMTExMTAwMDU0WhcNMjUxMTEyMTAwMDU0WjAzMTEwLwYDVQQD
EygxZjhkY2VhYWEzYTc3MzE2OTA3ZWU2YjQxYjUyY2RiNDYzMzZiZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR8DH2yPm3wqZcOJJfNdHrqWjLmv
BJPo74VtNwQVATjvVuZIZupYAv39gC8hmf16QMYlIsUt8EmqYvmLig40HA2dPhxc
nFoZVKlOmFT/UofZ3PKkTFirpsNmITo0qqdOBTGXNgEu65q6y9gyM6mhNXPzQG94
PBpvSqINxz/hQBzcs7kfoJo7BAQ7gamM35zaLUJ8xACqmjuV7WGHsgcnWsJYm3Hs
iQPKNO8s0ZVvpP9hqL+jSLu+EfNIputuQv+JNuH7P2BszE4y3pBiThnE9sQjaFKU
+nwoEDvnN32St72dqmUHJ2pUAEzXa2PzD2O08ANgztcAhR6okmJ0E+mA7QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFB+Nzqqjp3MWkH7mtBtSzbRjNr/5MB8GA1UdIwQY
MBaAFLqbGAx89Awt1/pHg35Rmt+8IrA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXBzWURIejBEQzNYLWtlRGZsR2EzN3dpc0QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80NTEyYTAtNzNmYS00NDI2LWI1ZTkt
NzRiNzc4YzBiNTQ2LzEvdXBzWURIejBEQzNYLWtlRGZsR2EzN3dpc0QwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80NTEyYTAtNzNmYS00NDI2LWI1ZTktNzRiNzc4YzBiNTQ2
LzEvdXBzWURIejBEQzNYLWtlRGZsR2EzN3dpc0QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAoYEhoz8E
i5p91fLWHzxYlv1fSVqupH44j1ja9qJ2Ao4CGHBbHIu5Doz24fO4SitvLhHigh/Q
PlJET0li4nMMFmMgyIjleDntXhIHvr7yBM0yQNvRIAmSBZosUS/xeu7C5Ixf3FWF
ir81cm6d+pHaDsP0k7x5ds8xCDC1wcZ+1LK7K5TIHCOGZnGACoV4IJM4FUR84zNt
FG6KwHPdXoVLzn6hWZvHU6lnqBZ3AihNmilUivja7v81s84CdCm7ji+N0uiDUW//
p3Qlwkp3xE+N0GK1Jf8ZhxbkGO7ErN5D+5hepyagY3EbP2smok5ATj3YijGzyVHK
/9D1oHaiDYNMXg==
-----END CERTIFICATE-----