Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
File:                     2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft (raw, json)
Hash identifier:          kZORqvvp06o92zdhInt0rjfJAnVTI+LftQud1QHAbXg=
Subject key identifier:   C1:7B:9F:3F:A9:AC:C2:49:27:AB:C7:32:09:4C:0E:97:C9:BF:54:B9
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       019A725C556C753FF5C4E89CC27C7C51C0B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
Manifest number:          1737
Signing time:             Tue 11 Nov 2025 10:00:45 +0000
Manifest this update:     Tue 11 Nov 2025 10:00:45 +0000
Manifest next update:     Wed 12 Nov 2025 10:00:45 +0000
Files and hashes:         1: 2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl (hash: 0Gm27jBhcByzFabGQRwCaOB/6N10FYY6xOsIZe6axlk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:55:6c:75:3f:f5:c4:e8:9c:c2:7c:7c:51:c0:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Nov 11 10:00:45 2025 GMT
            Not After : Nov 12 10:00:45 2025 GMT
        Subject: CN=c17b9f3fa9acc24927abc732094c0e97c9bf54b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:33:3a:7a:03:d1:1c:3e:5f:8b:d5:cb:a7:a5:
                    ce:3f:20:df:06:1f:8d:0c:1a:28:00:30:64:64:21:
                    42:0a:b5:40:15:9a:32:29:74:2a:d5:d5:f6:a5:a5:
                    2a:ec:b2:ee:1b:3c:93:b8:b8:b4:51:0b:84:b6:e2:
                    8c:bb:90:7b:02:74:f1:51:7d:33:11:47:d4:54:e4:
                    ce:88:de:85:b6:19:20:06:b2:e1:3c:9c:8a:32:93:
                    79:ae:bd:22:90:b2:5d:04:35:5f:1a:cf:26:8e:0a:
                    11:db:01:29:8e:b9:13:d2:fa:1f:26:9d:5c:e6:c3:
                    c6:27:63:df:9c:0e:06:59:1d:1a:d9:e2:b8:c2:35:
                    03:23:14:47:12:3a:61:9b:1d:64:a5:20:44:d3:52:
                    f9:c0:c9:f4:ee:59:a8:b7:19:2b:a4:9c:65:98:2d:
                    51:ca:15:e3:77:54:4f:f5:35:f8:78:04:0c:47:e9:
                    cc:a2:26:70:ca:37:f1:32:09:64:3c:a4:56:17:f4:
                    1f:e0:f1:6f:fd:a0:1a:e0:3f:d8:e2:0b:ee:6f:77:
                    6e:15:b6:6a:19:b9:40:3d:9c:a1:bb:c7:c2:4f:63:
                    ff:ae:39:dc:93:03:85:d4:0d:cf:b3:c3:21:78:e5:
                    0c:42:b8:f3:4c:cd:c1:90:eb:c4:7a:78:ed:cd:40:
                    5f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:7B:9F:3F:A9:AC:C2:49:27:AB:C7:32:09:4C:0E:97:C9:BF:54:B9
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         2a:85:79:d7:04:3a:2d:7b:37:84:4e:e4:62:53:1b:b2:b2:2e:
         45:69:fe:f9:bc:84:f0:3b:07:26:db:fc:a2:83:1c:ce:13:a0:
         d8:ce:c8:f7:60:e1:21:7e:24:e5:64:d1:c4:b0:d3:fa:fe:82:
         98:e3:47:61:6c:0a:15:1c:68:88:bd:dc:da:c5:c8:e8:d4:a7:
         1a:7c:5d:92:e7:33:9e:21:27:97:2b:4c:9c:0e:cc:a5:68:b0:
         12:69:cc:68:2b:03:7e:b9:61:de:fc:f4:45:cb:2c:92:44:5e:
         07:2d:8e:98:01:94:70:35:e2:ee:76:d4:4b:7b:0d:b4:b7:20:
         8f:5f:c9:2c:cc:90:1e:54:ce:19:eb:04:86:cb:04:f1:81:48:
         c4:51:cb:58:c9:f8:4b:03:4b:02:e1:2d:b1:cf:80:92:10:92:
         a1:b8:07:5a:9b:ba:41:73:dd:fc:a5:85:c4:f9:ee:e5:0e:b5:
         cd:78:df:0d:58:f9:73:f9:28:40:57:d1:49:54:f0:97:bf:44:
         af:5d:0c:8a:fd:16:76:0e:69:6b:12:3a:90:87:ff:49:92:7c:
         2d:e6:ca:23:da:46:f3:24:0a:b2:08:3c:5f:9a:f5:09:e2:21:
         35:69:84:11:ec:6c:cb:26:0a:2d:8a:53:83:49:b4:81:07:6c:
         1a:18:9b:f2
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXFVsdT/1xOicwnx8UcCzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUxMTExMTAwMDQ1WhcNMjUxMTEyMTAwMDQ1WjAzMTEwLwYDVQQD
EyhjMTdiOWYzZmE5YWNjMjQ5MjdhYmM3MzIwOTRjMGU5N2M5YmY1NGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyDM6egPRHD5fi9XLp6XOPyDfBh+N
DBooADBkZCFCCrVAFZoyKXQq1dX2paUq7LLuGzyTuLi0UQuEtuKMu5B7AnTxUX0z
EUfUVOTOiN6FthkgBrLhPJyKMpN5rr0ikLJdBDVfGs8mjgoR2wEpjrkT0vofJp1c
5sPGJ2PfnA4GWR0a2eK4wjUDIxRHEjphmx1kpSBE01L5wMn07lmotxkrpJxlmC1R
yhXjd1RP9TX4eAQMR+nMoiZwyjfxMglkPKRWF/Qf4PFv/aAa4D/Y4gvub3duFbZq
GblAPZyhu8fCT2P/rjnckwOF1A3Ps8MheOUMQrjzTM3BkOvEenjtzUBfEQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMF7nz+prMJJJ6vHMglMDpfJv1S5MB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAKoV51wQ6
LXs3hE7kYlMbsrIuRWn++byE8DsHJtv8ooMczhOg2M7I92DhIX4k5WTRxLDT+v6C
mONHYWwKFRxoiL3c2sXI6NSnGnxdkuczniEnlytMnA7MpWiwEmnMaCsDfrlh3vz0
RcsskkReBy2OmAGUcDXi7nbUS3sNtLcgj1/JLMyQHlTOGesEhssE8YFIxFHLWMn4
SwNLAuEtsc+AkhCSobgHWpu6QXPd/KWFxPnu5Q61zXjfDVj5c/koQFfRSVTwl79E
r10Miv0Wdg5paxI6kIf/SZJ8LebKI9pG8yQKsgg8X5r1CeIhNWmEEexsyyYKLYpT
g0m0gQdsGhib8g==
-----END CERTIFICATE-----