Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/916d0e-7683-41a6-96f0-ff6a1f41d1f8/1/nckgfnB-NQXfaLmlvXCtKM1N04U.mft
File:                     nckgfnB-NQXfaLmlvXCtKM1N04U.mft (raw, json)
Hash identifier:          55fmes/P8b7g2ahct24BPqhNqwDZZJ0JXA2FbWzDs3E=
Subject key identifier:   F8:F3:2A:F9:57:3C:78:00:35:10:77:5A:C1:2B:5F:AB:68:15:AB:40
Authority key identifier: 9D:C9:20:7E:70:7E:35:05:DF:68:B9:A5:BD:70:AD:28:CD:4D:D3:85
Certificate issuer:       /CN=9dc9207e707e3505df68b9a5bd70ad28cd4dd385
Certificate serial:       019A7225A304426FFFB7B7E8F1FCEB65248C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nckgfnB-NQXfaLmlvXCtKM1N04U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/916d0e-7683-41a6-96f0-ff6a1f41d1f8/1/nckgfnB-NQXfaLmlvXCtKM1N04U.mft
Manifest number:          171C
Signing time:             Tue 11 Nov 2025 09:01:00 +0000
Manifest this update:     Tue 11 Nov 2025 09:01:00 +0000
Manifest next update:     Wed 12 Nov 2025 09:01:00 +0000
Files and hashes:         1: nckgfnB-NQXfaLmlvXCtKM1N04U.crl (hash: XbwTmUiXl5QwITOHb8gyXEpeUNo8/FI2D5If4/HWU6w=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/916d0e-7683-41a6-96f0-ff6a1f41d1f8/1/nckgfnB-NQXfaLmlvXCtKM1N04U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/916d0e-7683-41a6-96f0-ff6a1f41d1f8/1/nckgfnB-NQXfaLmlvXCtKM1N04U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nckgfnB-NQXfaLmlvXCtKM1N04U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:25:a3:04:42:6f:ff:b7:b7:e8:f1:fc:eb:65:24:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dc9207e707e3505df68b9a5bd70ad28cd4dd385
        Validity
            Not Before: Nov 11 09:01:00 2025 GMT
            Not After : Nov 12 09:01:00 2025 GMT
        Subject: CN=f8f32af9573c78003510775ac12b5fab6815ab40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e3:5e:2e:87:6c:5e:fc:7c:cb:d0:76:a2:f5:
                    64:94:b0:44:26:79:2d:ce:00:ee:0a:3d:da:39:16:
                    70:a4:47:b3:26:00:a5:dc:7e:aa:0c:dc:99:af:f7:
                    3b:d5:30:35:6b:cf:cc:03:b5:f6:db:c5:01:25:04:
                    aa:db:4d:8e:7b:84:56:26:e3:66:77:85:df:05:2d:
                    d5:e7:5b:65:57:ed:0e:f8:f5:de:2c:43:ff:37:63:
                    00:f2:bc:e3:13:58:5e:fc:b5:97:6d:05:f8:73:ba:
                    d5:08:58:00:99:c0:23:3b:30:2c:47:a7:35:86:25:
                    15:2d:26:fe:c8:00:3d:db:fb:dc:a3:71:50:91:e5:
                    77:4d:c2:00:ef:b2:6b:6d:2f:22:55:53:2f:a2:3d:
                    7b:39:c6:5a:fc:97:6b:36:a6:f7:4a:0b:e6:ac:02:
                    c0:d6:b9:3c:cc:5b:06:ef:e0:f2:8c:cf:e8:9a:0d:
                    10:a8:3e:39:51:d3:e3:3b:62:fe:c4:bb:77:84:30:
                    b9:42:09:fa:05:31:98:08:5a:17:5a:88:10:32:50:
                    dd:d0:10:28:fd:a1:e4:91:f1:d8:41:ac:3d:2b:fe:
                    cd:14:e0:e2:c0:d4:c1:5d:63:14:89:1b:1a:a0:eb:
                    9b:b5:45:e0:3b:20:c3:33:ab:fd:d6:53:aa:85:3f:
                    2a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F3:2A:F9:57:3C:78:00:35:10:77:5A:C1:2B:5F:AB:68:15:AB:40
            X509v3 Authority Key Identifier:
                keyid:9D:C9:20:7E:70:7E:35:05:DF:68:B9:A5:BD:70:AD:28:CD:4D:D3:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nckgfnB-NQXfaLmlvXCtKM1N04U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/916d0e-7683-41a6-96f0-ff6a1f41d1f8/1/nckgfnB-NQXfaLmlvXCtKM1N04U.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/916d0e-7683-41a6-96f0-ff6a1f41d1f8/1/nckgfnB-NQXfaLmlvXCtKM1N04U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         d6:a6:3a:94:14:0b:25:b7:74:bb:f7:77:f4:7a:53:a4:43:0d:
         64:8e:4e:aa:08:e8:a6:e8:7b:47:62:ce:46:67:f5:cb:5b:1b:
         ad:7d:cc:91:12:10:09:20:96:62:6a:ca:ed:5c:e3:fb:09:c2:
         cf:ed:b1:28:64:fe:3e:e2:e8:61:ae:b4:7c:11:3e:86:af:54:
         48:d0:ef:aa:81:bf:04:a6:89:1b:15:82:7d:c0:aa:8c:d3:35:
         f0:d5:6d:11:cf:33:ae:69:94:9a:33:ac:b1:6b:5f:c9:f5:52:
         97:3e:47:aa:08:83:5d:eb:08:7a:fb:60:6a:75:20:ea:13:02:
         a5:6f:6b:32:55:08:c1:ea:e0:9b:81:8d:f1:ff:3b:3b:54:2d:
         e6:ab:ba:a4:b1:43:eb:c8:9b:b4:38:ee:70:1d:1c:3a:a0:c4:
         f2:1b:b8:95:cf:c7:be:68:8e:a4:31:c5:b2:fa:91:61:04:97:
         6a:04:cb:5d:2d:9f:28:f5:48:f4:ba:03:1d:b8:0e:1a:6b:ad:
         6f:60:62:48:c2:78:8e:39:b4:aa:84:8f:fd:75:41:22:d9:7a:
         59:cd:98:da:cd:96:d0:47:f7:60:93:ed:e7:fe:96:d1:1b:63:
         f4:cb:78:c5:45:30:cd:83:2d:44:d6:78:e5:f6:0f:ad:23:41:
         4a:a5:fd:58
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyJaMEQm//t7fo8fzrZSSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzkyMDdlNzA3ZTM1MDVkZjY4YjlhNWJkNzBhZDI4Y2Q0
ZGQzODUwHhcNMjUxMTExMDkwMTAwWhcNMjUxMTEyMDkwMTAwWjAzMTEwLwYDVQQD
EyhmOGYzMmFmOTU3M2M3ODAwMzUxMDc3NWFjMTJiNWZhYjY4MTVhYjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+NeLodsXvx8y9B2ovVklLBEJnkt
zgDuCj3aORZwpEezJgCl3H6qDNyZr/c71TA1a8/MA7X228UBJQSq202Oe4RWJuNm
d4XfBS3V51tlV+0O+PXeLEP/N2MA8rzjE1he/LWXbQX4c7rVCFgAmcAjOzAsR6c1
hiUVLSb+yAA92/vco3FQkeV3TcIA77JrbS8iVVMvoj17OcZa/JdrNqb3SgvmrALA
1rk8zFsG7+DyjM/omg0QqD45UdPjO2L+xLt3hDC5Qgn6BTGYCFoXWogQMlDd0BAo
/aHkkfHYQaw9K/7NFODiwNTBXWMUiRsaoOubtUXgOyDDM6v91lOqhT8qfQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPjzKvlXPHgANRB3WsErX6toFatAMB8GA1UdIwQY
MBaAFJ3JIH5wfjUF32i5pb1wrSjNTdOFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNrZ2ZuQi1OUVhmYUxtbHZYQ3RLTTFOMDRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MTZkMGUtNzY4My00MWE2LTk2ZjAt
ZmY2YTFmNDFkMWY4LzEvbmNrZ2ZuQi1OUVhmYUxtbHZYQ3RLTTFOMDRVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MTZkMGUtNzY4My00MWE2LTk2ZjAtZmY2YTFmNDFkMWY4
LzEvbmNrZ2ZuQi1OUVhmYUxtbHZYQ3RLTTFOMDRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEA1qY6lBQL
Jbd0u/d39HpTpEMNZI5Oqgjopuh7R2LORmf1y1sbrX3MkRIQCSCWYmrK7Vzj+wnC
z+2xKGT+PuLoYa60fBE+hq9USNDvqoG/BKaJGxWCfcCqjNM18NVtEc8zrmmUmjOs
sWtfyfVSlz5HqgiDXesIevtganUg6hMCpW9rMlUIwergm4GN8f87O1Qt5qu6pLFD
68ibtDjucB0cOqDE8hu4lc/HvmiOpDHFsvqRYQSXagTLXS2fKPVI9LoDHbgOGmut
b2BiSMJ4jjm0qoSP/XVBItl6Wc2Y2s2W0Ef3YJPt5/6W0Rtj9Mt4xUUwzYMtRNZ4
5fYPrSNBSqX9WA==
-----END CERTIFICATE-----