Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft
File:                     KmU0qslEKjlNE5oagwPcBJWcHaA.mft (raw, json)
Hash identifier:          lnH05ns+V7Ih8QgWUH5tsCHJaItTRWamO3MCKFVWmyA=
Subject key identifier:   11:BB:C3:6A:29:84:09:43:96:90:7D:AE:3D:94:93:25:0B:1D:D6:A0
Authority key identifier: 2A:65:34:AA:C9:44:2A:39:4D:13:9A:1A:83:03:DC:04:95:9C:1D:A0
Certificate issuer:       /CN=2a6534aac9442a394d139a1a8303dc04959c1da0
Certificate serial:       019A71B780266A7F176A86229C8C9DB7ECCB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KmU0qslEKjlNE5oagwPcBJWcHaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft
Manifest number:          1033
Signing time:             Tue 11 Nov 2025 07:00:42 +0000
Manifest this update:     Tue 11 Nov 2025 07:00:42 +0000
Manifest next update:     Wed 12 Nov 2025 07:00:42 +0000
Files and hashes:         1: KmU0qslEKjlNE5oagwPcBJWcHaA.crl (hash: v7ezsrKxfc+/hl2djzMyH2Dg+bO7x1+28szaXF2XLhw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KmU0qslEKjlNE5oagwPcBJWcHaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b7:80:26:6a:7f:17:6a:86:22:9c:8c:9d:b7:ec:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a6534aac9442a394d139a1a8303dc04959c1da0
        Validity
            Not Before: Nov 11 07:00:42 2025 GMT
            Not After : Nov 12 07:00:42 2025 GMT
        Subject: CN=11bbc36a2984094396907dae3d9493250b1dd6a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3f:88:fe:b2:85:f3:6f:58:32:5f:0a:09:fa:
                    ac:8b:3b:80:9c:84:65:95:bd:91:94:da:61:81:c6:
                    e5:84:69:3a:75:8a:a0:2e:76:0f:41:27:e0:9f:f5:
                    7b:10:cd:6f:9a:02:cc:dc:74:71:e5:f8:47:ea:95:
                    ce:5d:a2:f0:a4:9f:ca:76:e7:26:bd:5d:0f:16:26:
                    1d:7d:f7:22:55:c4:56:3c:2c:41:4b:50:f6:13:35:
                    25:be:70:12:7a:ad:04:01:0d:e8:06:fc:b8:c0:94:
                    3a:6b:1b:26:98:6f:28:f2:ab:59:a1:bd:b4:38:db:
                    69:4e:4a:d4:d6:f8:8c:44:eb:df:cb:8e:cd:ac:c9:
                    5d:f1:0b:c8:86:08:4d:9b:15:bc:2b:aa:17:58:fd:
                    d5:f0:58:d3:7a:3b:c8:30:60:c3:be:77:af:0c:61:
                    d3:f8:46:00:3a:81:6f:1b:a6:4b:dc:ef:74:c1:b1:
                    a4:ac:11:4a:b8:19:aa:d4:6c:e7:cd:21:e7:eb:0d:
                    d4:43:ab:a0:ab:fd:72:14:7e:c1:f5:5b:95:9c:cf:
                    4f:3c:dc:f5:6f:e6:d5:67:38:80:ae:ec:30:6f:d9:
                    c6:53:2b:a9:78:fb:7e:24:9d:68:fb:31:ea:e1:2b:
                    4a:54:6f:75:2a:00:9c:53:cf:92:db:ee:aa:39:7f:
                    1e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:BB:C3:6A:29:84:09:43:96:90:7D:AE:3D:94:93:25:0B:1D:D6:A0
            X509v3 Authority Key Identifier:
                keyid:2A:65:34:AA:C9:44:2A:39:4D:13:9A:1A:83:03:DC:04:95:9C:1D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KmU0qslEKjlNE5oagwPcBJWcHaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/d2388f-f8a9-4485-937f-840fd5352dc0/1/KmU0qslEKjlNE5oagwPcBJWcHaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         39:2d:28:40:d1:e7:93:d3:d3:30:3d:e2:c9:13:a6:80:0b:b4:
         4c:03:92:61:f1:f1:08:13:2c:fd:5f:44:21:e6:f4:3c:42:60:
         e5:d5:14:81:f5:44:a0:19:28:0e:a2:01:a1:a6:0b:45:bb:e0:
         3b:ce:f5:77:be:51:01:7f:f8:17:bf:ce:08:17:97:8c:f2:2a:
         b6:fb:f8:de:ef:c0:57:4d:a0:d9:b2:39:7f:d4:50:b4:81:9e:
         3a:af:8d:39:e4:df:76:89:e5:01:1d:36:6f:71:c4:02:93:01:
         3a:9e:98:fb:cc:9e:dd:91:d7:6b:3e:76:4a:78:02:3a:64:d1:
         31:ac:6e:35:7a:5c:7f:fa:bf:8e:e7:ba:5f:ba:43:22:4f:00:
         f3:e6:7a:b7:d1:22:c1:12:03:3f:6c:de:5a:e9:cd:b5:a7:b7:
         3d:6c:b0:09:bc:51:a9:6a:65:47:13:7a:3e:90:e4:de:82:8c:
         d0:7e:cf:30:5d:0c:44:c7:60:78:4c:03:50:ea:25:e4:ee:d9:
         5a:1a:39:c5:d3:79:fc:f6:58:5f:72:1f:f7:e5:08:3f:7f:36:
         7c:74:45:0b:63:36:54:24:48:a5:58:0a:2f:9a:b5:a1:f2:cc:
         03:0a:c1:2b:3a:c9:79:b2:c2:6d:a7:2a:f9:9a:34:52:b3:0f:
         45:6b:93:73
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxt4Aman8XaoYinIydt+zLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNjUzNGFhYzk0NDJhMzk0ZDEzOWExYTgzMDNkYzA0OTU5
YzFkYTAwHhcNMjUxMTExMDcwMDQyWhcNMjUxMTEyMDcwMDQyWjAzMTEwLwYDVQQD
EygxMWJiYzM2YTI5ODQwOTQzOTY5MDdkYWUzZDk0OTMyNTBiMWRkNmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqT+I/rKF829YMl8KCfqsizuAnIRl
lb2RlNphgcblhGk6dYqgLnYPQSfgn/V7EM1vmgLM3HRx5fhH6pXOXaLwpJ/Kducm
vV0PFiYdffciVcRWPCxBS1D2EzUlvnASeq0EAQ3oBvy4wJQ6axsmmG8o8qtZob20
ONtpTkrU1viMROvfy47NrMld8QvIhghNmxW8K6oXWP3V8FjTejvIMGDDvnevDGHT
+EYAOoFvG6ZL3O90wbGkrBFKuBmq1GznzSHn6w3UQ6ugq/1yFH7B9VuVnM9PPNz1
b+bVZziAruwwb9nGUyupePt+JJ1o+zHq4StKVG91KgCcU8+S2+6qOX8enQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBG7w2ophAlDlpB9rj2UkyULHdagMB8GA1UdIwQY
MBaAFCplNKrJRCo5TROaGoMD3ASVnB2gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS21VMHFzbEVLamxORTVvYWd3UGNCSldjSGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kMjM4OGYtZjhhOS00NDg1LTkzN2Yt
ODQwZmQ1MzUyZGMwLzEvS21VMHFzbEVLamxORTVvYWd3UGNCSldjSGFBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kMjM4OGYtZjhhOS00NDg1LTkzN2YtODQwZmQ1MzUyZGMw
LzEvS21VMHFzbEVLamxORTVvYWd3UGNCSldjSGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAOS0oQNHn
k9PTMD3iyROmgAu0TAOSYfHxCBMs/V9EIeb0PEJg5dUUgfVEoBkoDqIBoaYLRbvg
O871d75RAX/4F7/OCBeXjPIqtvv43u/AV02g2bI5f9RQtIGeOq+NOeTfdonlAR02
b3HEApMBOp6Y+8ye3ZHXaz52SngCOmTRMaxuNXpcf/q/jue6X7pDIk8A8+Z6t9Ei
wRIDP2zeWunNtae3PWywCbxRqWplRxN6PpDk3oKM0H7PMF0MRMdgeEwDUOol5O7Z
Who5xdN5/PZYX3If9+UIP382fHRFC2M2VCRIpVgKL5q1ofLMAwrBKzrJebLCbacq
+Zo0UrMPRWuTcw==
-----END CERTIFICATE-----