Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/bc5e2f-a4ab-4bdc-9a07-6fb10eeaf627/1/u0OX5un46iWRVggDysuzI5Ytn64.mft
File:                     u0OX5un46iWRVggDysuzI5Ytn64.mft (raw, json)
Hash identifier:          tmrDnVYpeak0mAl7550jyzioIA27dd9jZWieSap0EcU=
Subject key identifier:   CF:CA:83:AE:79:32:A1:A0:9D:A8:CA:C2:8D:91:E0:34:7A:71:F3:97
Authority key identifier: BB:43:97:E6:E9:F8:EA:25:91:56:08:03:CA:CB:B3:23:96:2D:9F:AE
Certificate issuer:       /CN=bb4397e6e9f8ea2591560803cacbb323962d9fae
Certificate serial:       0196515BB6E5F9FC16B6982B17672FF43904
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u0OX5un46iWRVggDysuzI5Ytn64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/bc5e2f-a4ab-4bdc-9a07-6fb10eeaf627/1/u0OX5un46iWRVggDysuzI5Ytn64.mft
Manifest number:          0F3C
Signing time:             Sun 20 Apr 2025 04:01:27 +0000
Manifest this update:     Sun 20 Apr 2025 04:01:27 +0000
Manifest next update:     Mon 21 Apr 2025 04:01:27 +0000
Files and hashes:         1: u0OX5un46iWRVggDysuzI5Ytn64.crl (hash: kH0jZZox/jW75H7JuJ4ZNs17K+dVz46I+pZtpdw+JYY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/bc5e2f-a4ab-4bdc-9a07-6fb10eeaf627/1/u0OX5un46iWRVggDysuzI5Ytn64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/bc5e2f-a4ab-4bdc-9a07-6fb10eeaf627/1/u0OX5un46iWRVggDysuzI5Ytn64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u0OX5un46iWRVggDysuzI5Ytn64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 04:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:51:5b:b6:e5:f9:fc:16:b6:98:2b:17:67:2f:f4:39:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb4397e6e9f8ea2591560803cacbb323962d9fae
        Validity
            Not Before: Apr 20 04:01:27 2025 GMT
            Not After : Apr 21 04:01:27 2025 GMT
        Subject: CN=cfca83ae7932a1a09da8cac28d91e0347a71f397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ef:d2:af:0d:68:e6:b3:cb:8d:d8:6b:07:33:
                    b4:8f:8b:b9:e8:1e:e3:f8:51:ac:91:b4:c6:aa:4b:
                    cb:55:35:8c:a8:ad:9d:6a:f1:ce:9b:f0:21:c3:ed:
                    4b:7b:3c:c1:ab:56:49:72:b4:80:9f:b6:6c:f3:78:
                    56:de:ad:57:ce:95:a1:d4:e7:72:35:18:3c:25:46:
                    4a:00:20:37:1d:1a:bf:7c:20:a6:62:c4:08:9c:e3:
                    ce:1a:e6:ce:ce:16:bb:84:bc:33:09:1b:91:ac:fe:
                    48:f0:2a:0c:ff:3f:bb:31:89:ca:e6:af:d0:de:08:
                    65:09:0e:39:1f:19:3a:6f:5d:70:4f:fa:71:7e:79:
                    2f:6f:08:b7:9b:74:80:b8:67:2e:f9:35:79:c4:d4:
                    2a:e8:dd:a6:26:cb:17:51:6c:02:09:36:ca:d1:e9:
                    55:09:86:f0:48:11:07:78:09:28:88:b9:5c:a8:a3:
                    6c:69:8f:91:79:cb:d4:be:ce:68:44:fb:b3:a9:93:
                    49:38:a4:85:09:09:be:71:d6:58:44:b9:08:d2:5d:
                    e3:28:a0:d9:a7:7d:73:d9:28:11:0a:a9:2b:44:3a:
                    d3:b5:57:ff:53:21:d9:d0:56:e9:40:51:46:3b:27:
                    9a:8d:f4:c7:41:a1:61:a9:49:f9:6e:16:02:06:5d:
                    c4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CA:83:AE:79:32:A1:A0:9D:A8:CA:C2:8D:91:E0:34:7A:71:F3:97
            X509v3 Authority Key Identifier:
                keyid:BB:43:97:E6:E9:F8:EA:25:91:56:08:03:CA:CB:B3:23:96:2D:9F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u0OX5un46iWRVggDysuzI5Ytn64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/bc5e2f-a4ab-4bdc-9a07-6fb10eeaf627/1/u0OX5un46iWRVggDysuzI5Ytn64.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/bc5e2f-a4ab-4bdc-9a07-6fb10eeaf627/1/u0OX5un46iWRVggDysuzI5Ytn64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         22:46:18:bc:f8:f7:8d:45:d2:fe:2b:00:80:dc:09:e7:16:b4:
         97:32:c5:81:e0:67:3b:9f:93:2e:16:17:78:4e:fa:18:50:99:
         fa:3b:68:02:45:7d:d1:f3:74:fe:de:84:97:62:f8:b1:4d:db:
         9a:7e:3c:76:42:4c:35:b9:af:7b:cd:45:a8:89:84:af:11:7c:
         6d:6a:b3:2c:94:0e:2c:93:bf:cb:0d:0d:cc:23:5d:b4:e2:65:
         83:f7:06:54:c0:88:4b:67:ca:d4:9e:80:0c:a8:21:05:73:2c:
         2b:a7:f8:26:3e:41:f6:31:0b:a5:21:b6:b1:70:dc:b0:d1:53:
         4c:04:70:a7:c2:34:f5:ed:c2:51:b3:28:40:90:d9:67:bf:69:
         b1:cd:10:85:71:1c:11:de:04:f2:d3:92:df:11:61:58:f9:70:
         ba:30:a4:73:2e:ae:35:fd:1b:2e:f6:4f:14:16:04:71:01:89:
         17:ef:a3:35:80:f8:a4:e9:47:80:a8:78:18:72:d9:23:49:bf:
         f0:98:3c:15:cb:ba:03:a9:0e:e0:17:9a:d7:4c:6f:98:14:cc:
         0d:f8:7c:7e:bd:51:65:36:71:c8:0c:63:0e:95:f5:ef:0b:57:
         dd:39:d8:b1:f0:cd:b8:dd:26:39:be:aa:ec:d8:8a:b3:07:f4:
         cc:43:80:ba
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZRW7bl+fwWtpgrF2cv9DkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNDM5N2U2ZTlmOGVhMjU5MTU2MDgwM2NhY2JiMzIzOTYy
ZDlmYWUwHhcNMjUwNDIwMDQwMTI3WhcNMjUwNDIxMDQwMTI3WjAzMTEwLwYDVQQD
EyhjZmNhODNhZTc5MzJhMWEwOWRhOGNhYzI4ZDkxZTAzNDdhNzFmMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/Srw1o5rPLjdhrBzO0j4u56B7j
+FGskbTGqkvLVTWMqK2davHOm/Ahw+1LezzBq1ZJcrSAn7Zs83hW3q1XzpWh1Ody
NRg8JUZKACA3HRq/fCCmYsQInOPOGubOzha7hLwzCRuRrP5I8CoM/z+7MYnK5q/Q
3ghlCQ45Hxk6b11wT/pxfnkvbwi3m3SAuGcu+TV5xNQq6N2mJssXUWwCCTbK0elV
CYbwSBEHeAkoiLlcqKNsaY+RecvUvs5oRPuzqZNJOKSFCQm+cdZYRLkI0l3jKKDZ
p31z2SgRCqkrRDrTtVf/UyHZ0FbpQFFGOyeajfTHQaFhqUn5bhYCBl3EvQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFM/Kg655MqGgnajKwo2R4DR6cfOXMB8GA1UdIwQY
MBaAFLtDl+bp+OolkVYIA8rLsyOWLZ+uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTBPWDV1bjQ2aVdSVmdnRHlzdXpJNVl0bjY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9iYzVlMmYtYTRhYi00YmRjLTlhMDct
NmZiMTBlZWFmNjI3LzEvdTBPWDV1bjQ2aVdSVmdnRHlzdXpJNVl0bjY0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9iYzVlMmYtYTRhYi00YmRjLTlhMDctNmZiMTBlZWFmNjI3
LzEvdTBPWDV1bjQ2aVdSVmdnRHlzdXpJNVl0bjY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIkYYvPj3
jUXS/isAgNwJ5xa0lzLFgeBnO5+TLhYXeE76GFCZ+jtoAkV90fN0/t6El2L4sU3b
mn48dkJMNbmve81FqImErxF8bWqzLJQOLJO/yw0NzCNdtOJlg/cGVMCIS2fK1J6A
DKghBXMsK6f4Jj5B9jELpSG2sXDcsNFTTARwp8I09e3CUbMoQJDZZ79psc0QhXEc
Ed4E8tOS3xFhWPlwujCkcy6uNf0bLvZPFBYEcQGJF++jNYD4pOlHgKh4GHLZI0m/
8Jg8Fcu6A6kO4Bea10xvmBTMDfh8fr1RZTZxyAxjDpX17wtX3TnYsfDNuN0mOb6q
7NiKswf0zEOAug==
-----END CERTIFICATE-----