Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
File:                     2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft (raw, json)
Hash identifier:          +3uS3pf1HnJbb3bnPIaWmnz6F2XNHdWVudqqHQ2pX88=
Subject key identifier:   ED:05:BD:33:50:C9:04:A7:8F:BF:7D:95:48:AE:4A:74:EB:15:E6:BD
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       019750EABE6FF9835B4499711D2237339E9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
Manifest number:          1598
Signing time:             Sun 08 Jun 2025 19:00:50 +0000
Manifest this update:     Sun 08 Jun 2025 19:00:50 +0000
Manifest next update:     Mon 09 Jun 2025 19:00:50 +0000
Files and hashes:         1: 2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl (hash: +VEZMpU2j0iRBm5RITr7ffqEdWu3gQgKL5a9Q1A+mcc=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:50:ea:be:6f:f9:83:5b:44:99:71:1d:22:37:33:9e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Jun  8 19:00:50 2025 GMT
            Not After : Jun  9 19:00:50 2025 GMT
        Subject: CN=ed05bd3350c904a78fbf7d9548ae4a74eb15e6bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:12:aa:f0:f6:24:1c:b7:dc:73:90:5d:3b:d7:
                    cf:31:ea:68:ae:65:b4:4c:da:41:ff:21:30:56:74:
                    a5:4a:53:3f:86:b4:e6:02:63:0c:df:17:c5:56:fb:
                    0c:8e:61:77:37:d4:20:6e:04:d8:f4:d0:00:20:cc:
                    88:aa:1e:13:40:25:52:59:cc:1a:46:a3:49:e0:87:
                    9f:25:e4:52:ea:c5:dd:e8:37:bc:56:fc:43:2b:6d:
                    07:cd:f6:00:16:e8:9e:74:8f:17:49:f1:11:79:5b:
                    37:da:d8:0c:f3:cf:88:d1:ce:f8:e8:21:41:31:64:
                    2a:67:18:6e:1c:23:e6:4b:da:93:25:31:b9:66:90:
                    c5:4d:a5:26:63:a5:ad:01:af:81:ac:a4:07:c2:b7:
                    90:9a:5d:78:fb:8a:23:ee:5d:db:6c:27:9b:c7:0d:
                    f2:9f:53:19:1e:e6:54:e0:a3:81:68:d1:13:71:0b:
                    3d:58:05:69:bb:be:cf:5d:2b:ea:f8:ac:6b:13:1d:
                    1c:a8:6b:7b:cf:19:85:dc:49:46:47:a9:e0:8c:e3:
                    d1:a1:d9:f8:77:66:87:f7:14:45:24:c2:48:00:36:
                    df:08:fa:c1:bb:b5:39:bf:5c:71:16:e0:f0:b1:80:
                    17:c5:eb:4f:e4:74:a8:14:fa:bd:15:a1:aa:ff:34:
                    42:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:05:BD:33:50:C9:04:A7:8F:BF:7D:95:48:AE:4A:74:EB:15:E6:BD
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         69:d3:ea:a3:ed:3a:73:27:58:80:83:02:40:fd:2a:b8:b4:d6:
         f9:c8:61:20:b1:be:fc:45:7f:a3:3e:27:26:6c:37:d5:ac:37:
         05:27:3f:eb:25:48:7b:d9:9a:f8:7c:0d:1c:94:2b:b4:47:89:
         69:78:4b:6e:c7:ba:6a:34:ca:56:0c:fb:fe:56:5a:94:32:3d:
         e3:6f:d9:d8:b3:5b:2e:b8:f2:50:22:31:d0:5e:1e:96:5b:ef:
         7a:58:b3:3c:34:71:dc:84:2b:fa:c1:91:91:14:8c:29:db:80:
         fd:45:1f:60:15:d0:c9:c9:1a:67:70:d7:bc:21:db:10:e8:18:
         99:cb:25:a5:59:a3:da:8b:f6:6c:c9:29:89:1c:19:d6:51:c9:
         30:71:7e:48:f4:3d:fe:69:fe:78:7f:ed:2b:ac:8d:b6:a3:51:
         af:af:00:5d:8e:e9:01:bf:90:e2:18:77:ce:42:0a:cd:81:26:
         ef:9a:1c:f2:d5:18:b6:e8:75:e4:53:6e:c0:ee:04:7f:17:dd:
         3a:5f:8b:69:3f:b2:43:f4:c9:22:ef:df:94:32:4a:d7:24:61:
         27:a5:97:d9:9a:d5:6e:5c:7e:26:26:45:e0:f9:b6:5a:4b:23:
         00:0b:b2:22:21:8b:b4:65:24:6b:11:82:55:43:70:fa:a3:80:
         1b:06:27:6d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZdQ6r5v+YNbRJlxHSI3M56cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUwNjA4MTkwMDUwWhcNMjUwNjA5MTkwMDUwWjAzMTEwLwYDVQQD
EyhlZDA1YmQzMzUwYzkwNGE3OGZiZjdkOTU0OGFlNGE3NGViMTVlNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxKq8PYkHLfcc5BdO9fPMepormW0
TNpB/yEwVnSlSlM/hrTmAmMM3xfFVvsMjmF3N9QgbgTY9NAAIMyIqh4TQCVSWcwa
RqNJ4IefJeRS6sXd6De8VvxDK20HzfYAFuiedI8XSfEReVs32tgM88+I0c746CFB
MWQqZxhuHCPmS9qTJTG5ZpDFTaUmY6WtAa+BrKQHwreQml14+4oj7l3bbCebxw3y
n1MZHuZU4KOBaNETcQs9WAVpu77PXSvq+KxrEx0cqGt7zxmF3ElGR6ngjOPRodn4
d2aH9xRFJMJIADbfCPrBu7U5v1xxFuDwsYAXxetP5HSoFPq9FaGq/zRCOQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFO0FvTNQyQSnj799lUiuSnTrFea9MB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAadPqo+06
cydYgIMCQP0quLTW+chhILG+/EV/oz4nJmw31aw3BSc/6yVIe9ma+HwNHJQrtEeJ
aXhLbse6ajTKVgz7/lZalDI942/Z2LNbLrjyUCIx0F4ellvvelizPDRx3IQr+sGR
kRSMKduA/UUfYBXQyckaZ3DXvCHbEOgYmcslpVmj2ov2bMkpiRwZ1lHJMHF+SPQ9
/mn+eH/tK6yNtqNRr68AXY7pAb+Q4hh3zkIKzYEm75oc8tUYtuh15FNuwO4Efxfd
Ol+LaT+yQ/TJIu/flDJK1yRhJ6WX2ZrVblx+JiZF4Pm2WksjAAuyIiGLtGUkaxGC
VUNw+qOAGwYnbQ==
-----END CERTIFICATE-----