Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/4fba0b-7bee-4312-ab89-b4fcefd37ce1/1/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.mft
File:                     XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.mft (raw, json)
Hash identifier:          DWzLEDWYDsYHrBBfRrosInbzYC1rO4Vbjlg5twPdzSc=
Subject key identifier:   F4:61:12:86:33:04:CD:28:BE:58:A1:8B:F0:E7:40:D7:76:D1:E3:F5
Authority key identifier: 5D:9F:8E:85:5B:F1:B0:43:09:C4:9C:41:F7:F4:30:DC:C8:F9:45:8D
Certificate issuer:       /CN=5d9f8e855bf1b04309c49c41f7f430dcc8f9458d
Certificate serial:       019A70DC4AF6C12B0502F39429F702E0A192
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/4fba0b-7bee-4312-ab89-b4fcefd37ce1/1/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.mft
Manifest number:          021D
Signing time:             Tue 11 Nov 2025 03:01:16 +0000
Manifest this update:     Tue 11 Nov 2025 03:01:16 +0000
Manifest next update:     Wed 12 Nov 2025 03:01:16 +0000
Files and hashes:         1: XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.crl (hash: DZAfHcbYotfOftgyIn/gEtDtgepRdRmoHaTLSW5MGMU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/4fba0b-7bee-4312-ab89-b4fcefd37ce1/1/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/4fba0b-7bee-4312-ab89-b4fcefd37ce1/1/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:70:dc:4a:f6:c1:2b:05:02:f3:94:29:f7:02:e0:a1:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d9f8e855bf1b04309c49c41f7f430dcc8f9458d
        Validity
            Not Before: Nov 11 03:01:16 2025 GMT
            Not After : Nov 12 03:01:16 2025 GMT
        Subject: CN=f46112863304cd28be58a18bf0e740d776d1e3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f1:32:3a:88:bb:af:b2:6f:da:81:35:01:29:
                    c0:99:6a:84:55:c0:9d:1b:08:5e:fc:56:4e:49:f7:
                    d7:60:22:f6:92:f0:00:7b:7e:4b:62:68:36:01:2b:
                    34:ba:c2:da:95:66:24:12:97:b0:28:b9:ab:dc:4e:
                    d4:95:71:11:d2:2f:1e:e6:e2:a5:96:d9:12:ae:d7:
                    1c:bd:b9:d0:e3:3c:48:dc:41:95:0f:6b:7c:da:6e:
                    a0:5a:f1:64:c5:8f:f2:67:ea:13:f4:ee:de:64:f1:
                    8c:5d:71:1f:5d:6e:cd:b4:26:f3:1a:0e:cf:97:aa:
                    35:40:bc:eb:5f:36:42:d6:dc:f2:1a:a6:4a:6b:c5:
                    1b:d3:aa:38:bd:58:f0:00:d6:40:4c:93:70:6a:00:
                    51:c2:2d:f2:5d:a6:57:ec:31:23:e9:04:ff:de:73:
                    18:b8:ec:4e:d5:60:ac:ac:19:ab:e2:1a:bb:ab:9d:
                    ba:6f:91:34:78:8b:c0:52:e7:01:d5:0d:23:29:22:
                    67:a2:5b:3d:67:2d:6b:3b:c2:67:6d:99:b8:8d:ee:
                    66:b7:00:9f:2a:00:1e:3e:3d:0e:b0:f0:28:1f:75:
                    13:38:86:a3:4a:36:a7:3e:de:2e:b4:70:1f:ba:23:
                    85:ea:dd:da:7c:32:ff:63:6c:cf:6c:77:b7:b9:cf:
                    b2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:61:12:86:33:04:CD:28:BE:58:A1:8B:F0:E7:40:D7:76:D1:E3:F5
            X509v3 Authority Key Identifier:
                keyid:5D:9F:8E:85:5B:F1:B0:43:09:C4:9C:41:F7:F4:30:DC:C8:F9:45:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/4fba0b-7bee-4312-ab89-b4fcefd37ce1/1/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/4fba0b-7bee-4312-ab89-b4fcefd37ce1/1/XZ-OhVvxsEMJxJxB9_Qw3Mj5RY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         7f:88:11:e0:ee:cd:61:ff:a1:d3:d6:60:11:5a:29:54:49:02:
         50:57:d1:b7:ab:b1:b7:17:e8:4d:51:d4:4f:17:dd:fc:13:c1:
         76:ec:e4:da:b2:64:83:3e:a7:68:47:78:50:ea:5d:a6:51:3c:
         a1:50:07:5b:d4:89:ef:57:54:e1:2e:96:13:cb:a1:07:f4:84:
         7b:07:e7:5d:d7:1f:12:ab:62:4e:1c:f0:5c:ab:99:af:8e:b9:
         1e:99:65:cb:d0:d0:c5:ff:c9:44:f9:57:ec:2c:cb:db:97:5a:
         92:eb:ed:1e:c9:fc:54:7a:51:4f:4d:d7:0f:a9:6a:4c:75:51:
         9f:7f:79:52:b6:93:5b:d9:6a:b3:37:65:9a:20:57:6f:85:89:
         57:92:15:db:e1:f8:12:77:86:9d:d0:2c:fa:a8:33:3c:bb:59:
         95:c0:25:b2:7b:4e:c6:dc:57:2e:94:89:d4:8a:5f:ab:90:8f:
         44:88:4a:18:bb:eb:72:85:ae:03:4e:1c:49:63:dd:f4:93:a5:
         e5:e6:66:20:96:96:83:bc:67:c9:cc:f1:2f:ed:d3:2a:56:f7:
         98:0d:f2:61:1f:97:e6:88:d0:16:d0:24:87:98:49:0c:15:f9:
         65:f6:79:02:74:52:91:c2:d8:9b:6c:08:5e:db:57:72:35:b1:
         a5:70:90:18
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpw3Er2wSsFAvOUKfcC4KGSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOWY4ZTg1NWJmMWIwNDMwOWM0OWM0MWY3ZjQzMGRjYzhm
OTQ1OGQwHhcNMjUxMTExMDMwMTE2WhcNMjUxMTEyMDMwMTE2WjAzMTEwLwYDVQQD
EyhmNDYxMTI4NjMzMDRjZDI4YmU1OGExOGJmMGU3NDBkNzc2ZDFlM2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPEyOoi7r7Jv2oE1ASnAmWqEVcCd
Gwhe/FZOSffXYCL2kvAAe35LYmg2ASs0usLalWYkEpewKLmr3E7UlXER0i8e5uKl
ltkSrtccvbnQ4zxI3EGVD2t82m6gWvFkxY/yZ+oT9O7eZPGMXXEfXW7NtCbzGg7P
l6o1QLzrXzZC1tzyGqZKa8Ub06o4vVjwANZATJNwagBRwi3yXaZX7DEj6QT/3nMY
uOxO1WCsrBmr4hq7q526b5E0eIvAUucB1Q0jKSJnols9Zy1rO8JnbZm4je5mtwCf
KgAePj0OsPAoH3UTOIajSjanPt4utHAfuiOF6t3afDL/Y2zPbHe3uc+yvwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPRhEoYzBM0ovlihi/DnQNd20eP1MB8GA1UdIwQY
MBaAFF2fjoVb8bBDCcScQff0MNzI+UWNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFotT2hWdnhzRU1KeEp4QjlfUXczTWo1UlkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS80ZmJhMGItN2JlZS00MzEyLWFiODkt
YjRmY2VmZDM3Y2UxLzEvWFotT2hWdnhzRU1KeEp4QjlfUXczTWo1UlkwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS80ZmJhMGItN2JlZS00MzEyLWFiODktYjRmY2VmZDM3Y2Ux
LzEvWFotT2hWdnhzRU1KeEp4QjlfUXczTWo1UlkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAf4gR4O7N
Yf+h09ZgEVopVEkCUFfRt6uxtxfoTVHUTxfd/BPBduzk2rJkgz6naEd4UOpdplE8
oVAHW9SJ71dU4S6WE8uhB/SEewfnXdcfEqtiThzwXKuZr465Hplly9DQxf/JRPlX
7CzL25dakuvtHsn8VHpRT03XD6lqTHVRn395UraTW9lqszdlmiBXb4WJV5IV2+H4
EneGndAs+qgzPLtZlcAlsntOxtxXLpSJ1Ipfq5CPRIhKGLvrcoWuA04cSWPd9JOl
5eZmIJaWg7xnyczxL+3TKlb3mA3yYR+X5ojQFtAkh5hJDBX5ZfZ5AnRSkcLYm2wI
XttXcjWxpXCQGA==
-----END CERTIFICATE-----