Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/27ba68-f178-4991-96a7-442a03b7f084/1/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.mft
File:                     3TmeSUGJ9pGl7WTzvjpqO1AiUJE.mft (raw, json)
Hash identifier:          tMYpaliRe2Q4GmKsReCnkgET24A7rKoFAH3j0hrCWyw=
Subject key identifier:   AE:9C:C0:1F:79:F3:B5:3A:C6:A7:85:B2:94:0A:58:A8:8B:4D:29:5E
Authority key identifier: DD:39:9E:49:41:89:F6:91:A5:ED:64:F3:BE:3A:6A:3B:50:22:50:91
Certificate issuer:       /CN=dd399e494189f691a5ed64f3be3a6a3b50225091
Certificate serial:       019A725C792C8DA834E3A1F6CAE4BF6703EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/27ba68-f178-4991-96a7-442a03b7f084/1/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.mft
Manifest number:          068C
Signing time:             Tue 11 Nov 2025 10:00:54 +0000
Manifest this update:     Tue 11 Nov 2025 10:00:54 +0000
Manifest next update:     Wed 12 Nov 2025 10:00:54 +0000
Files and hashes:         1: 3TmeSUGJ9pGl7WTzvjpqO1AiUJE.crl (hash: Hl774/Xg+ryl2VjPX3K20ICyfHJsx1ZObCw0UeEQzBg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/27ba68-f178-4991-96a7-442a03b7f084/1/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/27ba68-f178-4991-96a7-442a03b7f084/1/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:79:2c:8d:a8:34:e3:a1:f6:ca:e4:bf:67:03:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd399e494189f691a5ed64f3be3a6a3b50225091
        Validity
            Not Before: Nov 11 10:00:54 2025 GMT
            Not After : Nov 12 10:00:54 2025 GMT
        Subject: CN=ae9cc01f79f3b53ac6a785b2940a58a88b4d295e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:39:6a:99:d7:ad:8e:94:53:88:75:7b:46:18:
                    f5:74:38:c2:45:7f:4f:40:24:04:45:ce:d3:ea:82:
                    e8:ba:95:b6:41:59:09:3a:01:a2:ce:b6:4e:47:2a:
                    08:89:34:3f:32:04:9c:5a:ea:58:e3:39:ff:2d:49:
                    e6:97:7e:e1:df:71:7b:fd:15:d0:fd:00:03:96:ab:
                    d4:02:36:f8:8f:dc:10:d2:5b:b8:f4:fa:c5:4b:8d:
                    ce:de:ac:8f:e8:6f:f2:30:e1:b7:25:16:fa:66:df:
                    ed:6f:dd:26:d5:a8:cd:75:74:2b:34:23:1e:2e:65:
                    ca:a3:6a:1d:c8:b1:6e:32:32:cb:08:06:60:d2:23:
                    33:5c:da:44:08:03:0f:20:26:71:1e:63:eb:d9:d9:
                    14:d4:c7:60:0a:85:6a:3f:dc:b3:54:45:51:22:13:
                    9e:14:bd:9b:d9:54:9e:d5:36:c7:a9:08:52:27:ab:
                    dd:fc:92:79:ae:fc:7e:a3:3b:ab:dd:f9:a6:c2:81:
                    c6:4e:dc:d3:c8:29:c7:2f:86:07:89:23:29:98:3e:
                    b4:bb:82:96:9b:25:1b:a6:3b:42:70:0e:40:65:bc:
                    88:34:e7:44:8b:4a:25:4e:43:0f:dc:92:92:37:2d:
                    96:9e:01:c9:8b:db:fc:89:67:c4:b8:0a:59:f6:c3:
                    c5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:9C:C0:1F:79:F3:B5:3A:C6:A7:85:B2:94:0A:58:A8:8B:4D:29:5E
            X509v3 Authority Key Identifier:
                keyid:DD:39:9E:49:41:89:F6:91:A5:ED:64:F3:BE:3A:6A:3B:50:22:50:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/27ba68-f178-4991-96a7-442a03b7f084/1/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/27ba68-f178-4991-96a7-442a03b7f084/1/3TmeSUGJ9pGl7WTzvjpqO1AiUJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         55:88:cf:de:3e:1b:6a:14:05:af:af:bf:b6:76:6b:98:67:62:
         04:32:21:12:bc:9a:3d:96:51:f3:56:f4:68:73:7c:d0:3e:cf:
         b8:12:8e:69:c9:da:00:b7:8f:6d:ef:2a:33:3c:8a:05:5a:99:
         c0:70:09:81:b1:b5:23:99:47:09:88:bd:9a:7e:9a:13:44:7a:
         b8:40:ac:97:5f:d5:34:62:3f:31:c3:f6:71:2f:ac:94:11:7a:
         bf:86:9f:2e:a9:3f:13:98:a0:41:d6:90:c4:07:5a:39:7a:c2:
         fd:e7:fc:56:bd:80:53:4d:cb:76:b5:cf:50:a5:d0:cc:ae:c3:
         7c:82:27:f7:95:b7:72:4a:a6:56:1c:a9:22:27:d2:11:97:3e:
         b3:e9:59:e7:35:be:4a:38:98:62:6e:6c:dd:47:68:66:b1:59:
         45:74:c6:ae:43:fb:75:d3:5b:ba:ac:de:40:f2:0c:3b:0b:e8:
         53:95:27:ba:39:05:d8:63:10:83:78:ac:41:18:8a:ac:ef:d7:
         7d:2d:85:00:69:ec:17:c2:d6:05:54:73:5c:94:b6:93:57:72:
         6f:26:dd:75:60:0d:9c:ec:aa:4b:3a:2e:e9:79:57:f7:5a:82:
         ea:3d:02:c3:d7:94:f5:31:7c:03:61:26:ec:fa:c8:98:d9:37:
         a5:fd:09:17
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXHksjag046H2yuS/ZwPuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMzk5ZTQ5NDE4OWY2OTFhNWVkNjRmM2JlM2E2YTNiNTAy
MjUwOTEwHhcNMjUxMTExMTAwMDU0WhcNMjUxMTEyMTAwMDU0WjAzMTEwLwYDVQQD
EyhhZTljYzAxZjc5ZjNiNTNhYzZhNzg1YjI5NDBhNThhODhiNGQyOTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDlqmdetjpRTiHV7Rhj1dDjCRX9P
QCQERc7T6oLoupW2QVkJOgGizrZORyoIiTQ/MgScWupY4zn/LUnml37h33F7/RXQ
/QADlqvUAjb4j9wQ0lu49PrFS43O3qyP6G/yMOG3JRb6Zt/tb90m1ajNdXQrNCMe
LmXKo2odyLFuMjLLCAZg0iMzXNpECAMPICZxHmPr2dkU1MdgCoVqP9yzVEVRIhOe
FL2b2VSe1TbHqQhSJ6vd/JJ5rvx+ozur3fmmwoHGTtzTyCnHL4YHiSMpmD60u4KW
myUbpjtCcA5AZbyINOdEi0olTkMP3JKSNy2WngHJi9v8iWfEuApZ9sPF4QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFK6cwB9587U6xqeFspQKWKiLTSleMB8GA1UdIwQY
MBaAFN05nklBifaRpe1k8746ajtQIlCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1RtZVNVR0o5cEdsN1dUenZqcHFPMUFpVUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8yN2JhNjgtZjE3OC00OTkxLTk2YTct
NDQyYTAzYjdmMDg0LzEvM1RtZVNVR0o5cEdsN1dUenZqcHFPMUFpVUpFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8yN2JhNjgtZjE3OC00OTkxLTk2YTctNDQyYTAzYjdmMDg0
LzEvM1RtZVNVR0o5cEdsN1dUenZqcHFPMUFpVUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAVYjP3j4b
ahQFr6+/tnZrmGdiBDIhEryaPZZR81b0aHN80D7PuBKOacnaALePbe8qMzyKBVqZ
wHAJgbG1I5lHCYi9mn6aE0R6uECsl1/VNGI/McP2cS+slBF6v4afLqk/E5igQdaQ
xAdaOXrC/ef8Vr2AU03LdrXPUKXQzK7DfIIn95W3ckqmVhypIifSEZc+s+lZ5zW+
SjiYYm5s3UdoZrFZRXTGrkP7ddNbuqzeQPIMOwvoU5UnujkF2GMQg3isQRiKrO/X
fS2FAGnsF8LWBVRzXJS2k1dybybddWANnOyqSzou6XlX91qC6j0Cw9eU9TF8A2Em
7PrImNk3pf0JFw==
-----END CERTIFICATE-----