Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/ea1072-f326-4e51-adf1-ba9b0fa1b7a2/1/QnbajwSHyFCAm0qYcoysIXKycD0.mft
File:                     QnbajwSHyFCAm0qYcoysIXKycD0.mft (raw, json)
Hash identifier:          Zvx0130ufsWH5bC2UQD0FeaGIILZRAr/zJBb0Vg+imc=
Subject key identifier:   8A:15:EC:AB:DB:5D:8A:DC:04:DD:61:B5:89:AD:A4:E5:09:F8:76:52
Authority key identifier: 42:76:DA:8F:04:87:C8:50:80:9B:4A:98:72:8C:AC:21:72:B2:70:3D
Certificate issuer:       /CN=4276da8f0487c850809b4a98728cac2172b2703d
Certificate serial:       019A71B8AA3B8BFBC1385B5D4AD726D143E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnbajwSHyFCAm0qYcoysIXKycD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/ea1072-f326-4e51-adf1-ba9b0fa1b7a2/1/QnbajwSHyFCAm0qYcoysIXKycD0.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 07:01:58 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:58 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:58 +0000
Files and hashes:         1: QnbajwSHyFCAm0qYcoysIXKycD0.crl (hash: Rpxo0Cbnb7fLwMEMTRDRXktHxwjquWMD4wSTAE+9Ois=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/ea1072-f326-4e51-adf1-ba9b0fa1b7a2/1/QnbajwSHyFCAm0qYcoysIXKycD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/ea1072-f326-4e51-adf1-ba9b0fa1b7a2/1/QnbajwSHyFCAm0qYcoysIXKycD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnbajwSHyFCAm0qYcoysIXKycD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:aa:3b:8b:fb:c1:38:5b:5d:4a:d7:26:d1:43:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4276da8f0487c850809b4a98728cac2172b2703d
        Validity
            Not Before: Nov 11 07:01:58 2025 GMT
            Not After : Nov 12 07:01:58 2025 GMT
        Subject: CN=8a15ecabdb5d8adc04dd61b589ada4e509f87652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a5:61:63:92:da:39:ae:75:4d:1e:15:2b:1a:
                    c8:cc:74:42:19:61:ed:4e:fd:13:14:89:93:ed:2b:
                    7b:cb:c7:44:92:77:0a:ca:3f:9f:2b:58:63:4b:6b:
                    0e:2a:60:eb:39:f3:e4:b5:19:62:2c:70:97:0b:d2:
                    b4:e3:79:32:39:f7:58:fe:aa:8c:18:b8:c1:ec:c7:
                    43:01:4c:bc:5a:20:64:4c:bf:67:d5:a7:6a:fb:e8:
                    f3:5d:5d:6d:4e:5a:76:f6:e2:c2:e9:cf:77:db:05:
                    3e:08:28:81:f7:13:26:a3:24:76:10:06:6a:df:77:
                    1d:13:4c:62:49:24:b3:1c:38:7d:c4:96:27:39:9d:
                    b5:a0:7a:59:be:66:77:a0:84:39:2b:22:6c:ab:3d:
                    ac:4b:cc:a6:ae:1a:e7:ff:e2:a8:12:2e:49:c2:01:
                    1b:ce:dc:d1:5d:d0:ed:56:b5:20:d6:f7:52:f4:36:
                    0d:fc:3f:86:ba:a2:15:32:48:fd:cb:fd:da:c1:0d:
                    fa:02:dc:25:38:ce:ca:ac:fb:4b:26:02:21:04:da:
                    25:73:ed:7f:70:5e:79:ad:79:b6:1c:91:51:73:21:
                    66:c0:91:da:82:35:dd:9b:f9:70:99:e2:41:1b:3c:
                    af:76:31:6a:d9:45:cc:8b:32:db:01:c2:20:21:ff:
                    94:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:15:EC:AB:DB:5D:8A:DC:04:DD:61:B5:89:AD:A4:E5:09:F8:76:52
            X509v3 Authority Key Identifier:
                keyid:42:76:DA:8F:04:87:C8:50:80:9B:4A:98:72:8C:AC:21:72:B2:70:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnbajwSHyFCAm0qYcoysIXKycD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ea1072-f326-4e51-adf1-ba9b0fa1b7a2/1/QnbajwSHyFCAm0qYcoysIXKycD0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ea1072-f326-4e51-adf1-ba9b0fa1b7a2/1/QnbajwSHyFCAm0qYcoysIXKycD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         48:1d:a1:d4:ae:72:12:37:86:a1:d4:dc:34:ab:c1:ab:e8:2b:
         65:1f:44:44:96:90:80:e0:4e:29:eb:21:d0:9c:75:2b:8a:d8:
         bc:bc:02:ad:14:5a:57:21:87:39:fa:e4:9e:ae:38:30:57:d3:
         51:66:08:0b:41:58:65:6c:21:da:fc:9f:73:bf:58:12:52:99:
         d3:4d:81:34:24:89:68:1d:02:fc:7c:45:ba:ee:61:3b:92:1d:
         85:1f:47:79:21:2c:fc:53:9a:75:76:b6:e2:16:51:a4:9b:5c:
         49:54:0a:97:61:23:80:2e:ed:03:e7:aa:7e:69:42:6e:b7:1e:
         c9:11:2b:37:cc:c8:1a:9c:f4:4a:03:4d:5e:43:92:3f:9d:e6:
         7e:75:d2:cf:cb:30:66:4c:ae:6a:ba:1d:d6:6f:14:fa:f6:84:
         b2:36:23:ed:eb:87:c0:af:60:b2:fe:4d:fa:f3:68:c1:db:69:
         80:65:c9:fc:9e:4e:bb:b6:eb:d9:b0:fd:5d:d1:52:72:e7:b1:
         e9:8f:9c:74:c4:51:92:cb:b1:e5:cf:a3:d0:60:d0:2c:d9:ff:
         77:e0:d7:65:8b:2b:a9:c3:62:61:d4:f8:51:70:cb:cb:23:a6:
         9d:dd:b3:c5:5c:46:87:f7:af:3a:81:78:3b:6b:13:25:42:dc:
         d4:f4:c4:23
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuKo7i/vBOFtdStcm0UPmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNzZkYThmMDQ4N2M4NTA4MDliNGE5ODcyOGNhYzIxNzJi
MjcwM2QwHhcNMjUxMTExMDcwMTU4WhcNMjUxMTEyMDcwMTU4WjAzMTEwLwYDVQQD
Eyg4YTE1ZWNhYmRiNWQ4YWRjMDRkZDYxYjU4OWFkYTRlNTA5Zjg3NjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6VhY5LaOa51TR4VKxrIzHRCGWHt
Tv0TFImT7St7y8dEkncKyj+fK1hjS2sOKmDrOfPktRliLHCXC9K043kyOfdY/qqM
GLjB7MdDAUy8WiBkTL9n1adq++jzXV1tTlp29uLC6c932wU+CCiB9xMmoyR2EAZq
33cdE0xiSSSzHDh9xJYnOZ21oHpZvmZ3oIQ5KyJsqz2sS8ymrhrn/+KoEi5JwgEb
ztzRXdDtVrUg1vdS9DYN/D+GuqIVMkj9y/3awQ36AtwlOM7KrPtLJgIhBNolc+1/
cF55rXm2HJFRcyFmwJHagjXdm/lwmeJBGzyvdjFq2UXMizLbAcIgIf+UyQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIoV7KvbXYrcBN1htYmtpOUJ+HZSMB8GA1UdIwQY
MBaAFEJ22o8Eh8hQgJtKmHKMrCFysnA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW5iYWp3U0h5RkNBbTBxWWNveXNJWEt5Y0QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9lYTEwNzItZjMyNi00ZTUxLWFkZjEt
YmE5YjBmYTFiN2EyLzEvUW5iYWp3U0h5RkNBbTBxWWNveXNJWEt5Y0QwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9lYTEwNzItZjMyNi00ZTUxLWFkZjEtYmE5YjBmYTFiN2Ey
LzEvUW5iYWp3U0h5RkNBbTBxWWNveXNJWEt5Y0QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEASB2h1K5y
EjeGodTcNKvBq+grZR9ERJaQgOBOKesh0Jx1K4rYvLwCrRRaVyGHOfrknq44MFfT
UWYIC0FYZWwh2vyfc79YElKZ002BNCSJaB0C/HxFuu5hO5IdhR9HeSEs/FOadXa2
4hZRpJtcSVQKl2EjgC7tA+eqfmlCbrceyRErN8zIGpz0SgNNXkOSP53mfnXSz8sw
Zkyuarod1m8U+vaEsjYj7euHwK9gsv5N+vNowdtpgGXJ/J5Ou7br2bD9XdFScuex
6Y+cdMRRksux5c+j0GDQLNn/d+DXZYsrqcNiYdT4UXDLyyOmnd2zxVxGh/evOoF4
O2sTJULc1PTEIw==
-----END CERTIFICATE-----