Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/1a9248-ec91-43fa-86ff-4b137a4dbc6e/1/aUSJSM9NjazkdxjA9yWe3usJPns.mft
File:                     aUSJSM9NjazkdxjA9yWe3usJPns.mft (raw, json)
Hash identifier:          jUU2vmh7Z0jXV4It0W5/yiaZMx1o0t9xKhQsMZaIk/M=
Subject key identifier:   25:1B:44:CC:E0:A9:72:BE:ED:0B:C2:59:C8:58:E6:95:9D:A3:06:12
Authority key identifier: 69:44:89:48:CF:4D:8D:AC:E4:77:18:C0:F7:25:9E:DE:EB:09:3E:7B
Certificate issuer:       /CN=69448948cf4d8dace47718c0f7259edeeb093e7b
Certificate serial:       019A73014A541CA2F8FE34E4528B7C9FFEB8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aUSJSM9NjazkdxjA9yWe3usJPns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/1a9248-ec91-43fa-86ff-4b137a4dbc6e/1/aUSJSM9NjazkdxjA9yWe3usJPns.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 13:00:55 +0000
Manifest this update:     Tue 11 Nov 2025 13:00:55 +0000
Manifest next update:     Wed 12 Nov 2025 13:00:55 +0000
Files and hashes:         1: aUSJSM9NjazkdxjA9yWe3usJPns.crl (hash: RY+YY4h6FU/hq7XOQqAjS6puk7jbPqw5hLQhEZLhxe8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/1a9248-ec91-43fa-86ff-4b137a4dbc6e/1/aUSJSM9NjazkdxjA9yWe3usJPns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/1a9248-ec91-43fa-86ff-4b137a4dbc6e/1/aUSJSM9NjazkdxjA9yWe3usJPns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aUSJSM9NjazkdxjA9yWe3usJPns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:73:01:4a:54:1c:a2:f8:fe:34:e4:52:8b:7c:9f:fe:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69448948cf4d8dace47718c0f7259edeeb093e7b
        Validity
            Not Before: Nov 11 13:00:55 2025 GMT
            Not After : Nov 12 13:00:55 2025 GMT
        Subject: CN=251b44cce0a972beed0bc259c858e6959da30612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b2:30:03:be:aa:44:21:02:90:9a:00:99:47:
                    64:f6:05:21:2d:53:da:8d:73:e6:84:3d:6b:fc:50:
                    5e:66:ae:ce:07:4f:e0:a1:00:7d:f9:00:18:b1:7e:
                    ae:2b:bf:2d:94:9e:34:e4:a4:c1:3c:f6:65:35:c6:
                    76:29:bb:ba:cc:6d:81:74:c2:75:51:8e:cd:2e:72:
                    a7:14:7f:5c:1e:1d:71:5f:ab:92:96:b8:44:3b:4e:
                    8e:7b:9c:35:a5:e5:f4:30:27:a6:4d:a0:4e:9a:35:
                    e2:46:c8:4a:90:2a:8a:dc:fa:04:cc:82:31:53:26:
                    e8:b3:72:19:1a:b5:fd:84:5a:56:bb:92:a0:5e:c0:
                    33:bf:48:bf:e2:03:3c:02:e4:58:ba:61:df:23:73:
                    60:33:c3:ea:43:de:b4:fc:1c:0f:c6:c5:5a:bc:dd:
                    8a:89:bd:f9:6f:bf:38:05:51:29:07:8c:80:dc:c7:
                    89:bb:cd:19:17:00:d2:42:4c:87:99:9e:8e:d6:0f:
                    b5:6a:81:98:af:83:cf:f5:f2:2c:a5:af:57:99:1b:
                    d8:5d:b0:1a:94:9e:4a:18:a6:e1:b2:6b:da:f7:67:
                    58:1a:64:72:d1:a6:8e:82:71:8e:2a:37:91:2d:44:
                    0d:28:7a:b4:2f:2e:b2:1e:e0:f2:f2:9e:1d:ce:de:
                    39:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:1B:44:CC:E0:A9:72:BE:ED:0B:C2:59:C8:58:E6:95:9D:A3:06:12
            X509v3 Authority Key Identifier:
                keyid:69:44:89:48:CF:4D:8D:AC:E4:77:18:C0:F7:25:9E:DE:EB:09:3E:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aUSJSM9NjazkdxjA9yWe3usJPns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1a9248-ec91-43fa-86ff-4b137a4dbc6e/1/aUSJSM9NjazkdxjA9yWe3usJPns.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1a9248-ec91-43fa-86ff-4b137a4dbc6e/1/aUSJSM9NjazkdxjA9yWe3usJPns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1f:65:3c:18:06:78:0b:d5:28:e8:4b:69:90:a2:46:f8:15:3a:
         5e:25:1e:cb:b3:77:24:2e:cb:d8:5c:93:b8:5c:a8:82:9d:33:
         df:44:79:80:81:4f:51:bc:8c:75:fe:d1:99:34:ed:eb:6e:7e:
         68:f5:76:88:97:2f:9a:eb:b3:52:24:c0:f4:a4:ef:1c:07:2d:
         82:1c:97:c7:67:05:3c:d8:ed:a0:c0:59:b3:8b:34:6c:19:77:
         53:e9:0c:c3:b3:6b:84:88:8d:fa:fa:ac:72:49:69:f6:92:5b:
         97:51:49:65:90:08:87:db:b1:3d:54:24:94:24:12:20:fb:d2:
         89:b6:77:b6:2a:63:2e:99:ec:7c:35:7c:19:bf:39:30:03:f5:
         d8:32:01:75:06:c4:3a:93:f0:e5:11:6f:8f:69:66:8b:8d:dd:
         a0:ce:62:90:01:fd:ef:c3:cf:e6:bb:dd:d7:9f:52:48:47:c9:
         d4:79:c7:a5:4b:40:dc:69:69:be:61:12:e8:ae:96:4d:50:1f:
         fb:b0:f2:7c:1f:9d:aa:6c:ba:91:67:ea:34:d8:0f:7f:ec:3d:
         fe:ec:c6:cf:75:56:32:ce:b5:13:bb:7f:25:86:e7:c1:4a:d8:
         fe:31:04:36:91:c5:98:68:10:d7:07:0d:38:94:ab:55:ff:e6:
         1f:4f:34:4d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpzAUpUHKL4/jTkUot8n/64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NDQ4OTQ4Y2Y0ZDhkYWNlNDc3MThjMGY3MjU5ZWRlZWIw
OTNlN2IwHhcNMjUxMTExMTMwMDU1WhcNMjUxMTEyMTMwMDU1WjAzMTEwLwYDVQQD
EygyNTFiNDRjY2UwYTk3MmJlZWQwYmMyNTljODU4ZTY5NTlkYTMwNjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLIwA76qRCECkJoAmUdk9gUhLVPa
jXPmhD1r/FBeZq7OB0/goQB9+QAYsX6uK78tlJ405KTBPPZlNcZ2Kbu6zG2BdMJ1
UY7NLnKnFH9cHh1xX6uSlrhEO06Oe5w1peX0MCemTaBOmjXiRshKkCqK3PoEzIIx
Uybos3IZGrX9hFpWu5KgXsAzv0i/4gM8AuRYumHfI3NgM8PqQ960/BwPxsVavN2K
ib35b784BVEpB4yA3MeJu80ZFwDSQkyHmZ6O1g+1aoGYr4PP9fIspa9XmRvYXbAa
lJ5KGKbhsmva92dYGmRy0aaOgnGOKjeRLUQNKHq0Ly6yHuDy8p4dzt45AQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCUbRMzgqXK+7QvCWchY5pWdowYSMB8GA1UdIwQY
MBaAFGlEiUjPTY2s5HcYwPclnt7rCT57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVVTSlNNOU5qYXprZHhqQTl5V2UzdXNKUG5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8xYTkyNDgtZWM5MS00M2ZhLTg2ZmYt
NGIxMzdhNGRiYzZlLzEvYVVTSlNNOU5qYXprZHhqQTl5V2UzdXNKUG5zLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8xYTkyNDgtZWM5MS00M2ZhLTg2ZmYtNGIxMzdhNGRiYzZl
LzEvYVVTSlNNOU5qYXprZHhqQTl5V2UzdXNKUG5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAH2U8GAZ4
C9Uo6EtpkKJG+BU6XiUey7N3JC7L2FyTuFyogp0z30R5gIFPUbyMdf7RmTTt625+
aPV2iJcvmuuzUiTA9KTvHActghyXx2cFPNjtoMBZs4s0bBl3U+kMw7NrhIiN+vqs
cklp9pJbl1FJZZAIh9uxPVQklCQSIPvSibZ3tipjLpnsfDV8Gb85MAP12DIBdQbE
OpPw5RFvj2lmi43doM5ikAH978PP5rvd159SSEfJ1HnHpUtA3GlpvmES6K6WTVAf
+7DyfB+dqmy6kWfqNNgPf+w9/uzGz3VWMs61E7t/JYbnwUrY/jEENpHFmGgQ1wcN
OJSrVf/mH080TQ==
-----END CERTIFICATE-----