Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft
File:                     X765nwZBwgALrAWjJrQYpMApS3o.mft (raw, json)
Hash identifier:          pkVnKtQWbnDT6D+X2z1StEWeB8Tn4aNg9V/iNTWWbUA=
Subject key identifier:   72:F2:CA:DA:84:73:EA:C3:2E:8D:AC:9F:8E:42:C8:E3:62:95:DD:79
Authority key identifier: 5F:BE:B9:9F:06:41:C2:00:0B:AC:05:A3:26:B4:18:A4:C0:29:4B:7A
Certificate issuer:       /CN=5fbeb99f0641c2000bac05a326b418a4c0294b7a
Certificate serial:       019A71B8EF1517A78FAED3AC4B1C0FFD77E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X765nwZBwgALrAWjJrQYpMApS3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft
Manifest number:          0211
Signing time:             Tue 11 Nov 2025 07:02:16 +0000
Manifest this update:     Tue 11 Nov 2025 07:02:16 +0000
Manifest next update:     Wed 12 Nov 2025 07:02:16 +0000
Files and hashes:         1: X765nwZBwgALrAWjJrQYpMApS3o.crl (hash: wZXgNe4CV2Kl2RQuXLoDZ6+BWi3w/UjjqHGDUUj+KS4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X765nwZBwgALrAWjJrQYpMApS3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:ef:15:17:a7:8f:ae:d3:ac:4b:1c:0f:fd:77:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fbeb99f0641c2000bac05a326b418a4c0294b7a
        Validity
            Not Before: Nov 11 07:02:16 2025 GMT
            Not After : Nov 12 07:02:16 2025 GMT
        Subject: CN=72f2cada8473eac32e8dac9f8e42c8e36295dd79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ac:59:8e:3a:92:d1:88:01:09:3f:d3:7d:dc:
                    8c:45:f5:de:11:41:35:bc:43:87:c9:6b:d5:25:3d:
                    b8:02:46:f4:9b:4d:0a:4f:fd:4d:a2:61:3f:09:63:
                    a4:b5:ef:ff:5c:34:aa:8c:0d:15:70:2a:55:a6:04:
                    5f:33:87:0d:8c:0a:f7:0e:7d:da:82:5e:0d:b5:85:
                    cd:f2:96:23:7a:0b:9a:71:c9:e1:27:15:82:71:1f:
                    c8:30:26:a7:59:11:89:1d:c5:be:2f:e7:c3:65:4e:
                    9d:c2:3d:e9:85:6d:6f:79:b2:8d:52:13:da:d6:aa:
                    6e:dd:9f:4c:3f:cf:dc:eb:76:f6:70:37:ba:21:d5:
                    bb:d8:17:9f:3a:50:3f:9b:9d:c1:26:25:42:20:99:
                    a2:ae:2b:da:7c:94:12:9e:34:d3:82:01:f6:32:e2:
                    cf:fc:9f:cf:79:67:98:45:55:5b:1c:2a:07:28:ff:
                    67:24:c4:4c:87:b6:70:52:49:2f:f1:e8:2d:8b:f0:
                    d8:09:12:0b:5e:fa:7a:75:a8:d2:73:0f:15:f0:33:
                    66:dd:8b:9c:6f:26:7f:69:46:57:5e:88:b8:06:56:
                    d6:52:09:b5:5c:75:64:23:9f:44:2e:1c:fe:ac:76:
                    bf:fe:e7:5f:50:fb:05:60:81:05:2e:84:39:16:a0:
                    3c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F2:CA:DA:84:73:EA:C3:2E:8D:AC:9F:8E:42:C8:E3:62:95:DD:79
            X509v3 Authority Key Identifier:
                keyid:5F:BE:B9:9F:06:41:C2:00:0B:AC:05:A3:26:B4:18:A4:C0:29:4B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X765nwZBwgALrAWjJrQYpMApS3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         16:2c:f0:38:66:15:d2:37:39:77:60:c9:3e:6f:59:b0:fe:c1:
         20:eb:30:aa:42:19:3d:fa:ac:2b:d5:3d:bf:8e:a1:43:af:81:
         64:67:fe:fb:e5:ce:e8:17:d4:69:aa:79:97:9e:07:71:15:a0:
         d8:9f:9a:68:78:bc:f2:59:a1:75:5d:b1:21:c7:19:1a:0c:81:
         a1:61:e8:f0:ac:85:37:43:c8:79:8d:68:c3:6f:e7:22:68:70:
         80:9a:49:ed:49:f4:c5:c3:78:31:ae:fe:cd:1a:7b:30:74:57:
         71:28:84:89:ec:aa:23:02:e4:a4:43:7e:e1:f5:4b:aa:25:e6:
         ea:89:e1:3d:30:21:61:39:cf:87:bc:00:85:56:fa:08:e0:93:
         ac:49:fa:b7:20:31:79:bc:50:34:1a:69:84:05:02:f0:9c:df:
         58:24:f0:ce:d2:29:0b:2a:7b:82:80:5e:5f:14:73:77:78:6d:
         28:a2:65:ec:e9:84:24:32:65:09:6a:88:76:97:3f:33:31:b0:
         6c:40:7c:e7:9c:e8:0c:b7:36:3e:f7:68:a0:c2:5f:53:e3:98:
         7b:14:c1:e0:88:73:60:b3:16:cf:24:71:d1:76:66:83:02:dd:
         5e:39:83:d8:09:fa:08:fc:a1:3f:c3:33:a8:cc:7e:9b:cf:a3:
         f9:a9:61:22
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuO8VF6ePrtOsSxwP/XfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmViOTlmMDY0MWMyMDAwYmFjMDVhMzI2YjQxOGE0YzAy
OTRiN2EwHhcNMjUxMTExMDcwMjE2WhcNMjUxMTEyMDcwMjE2WjAzMTEwLwYDVQQD
Eyg3MmYyY2FkYTg0NzNlYWMzMmU4ZGFjOWY4ZTQyYzhlMzYyOTVkZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46xZjjqS0YgBCT/TfdyMRfXeEUE1
vEOHyWvVJT24Akb0m00KT/1NomE/CWOkte//XDSqjA0VcCpVpgRfM4cNjAr3Dn3a
gl4NtYXN8pYjeguaccnhJxWCcR/IMCanWRGJHcW+L+fDZU6dwj3phW1vebKNUhPa
1qpu3Z9MP8/c63b2cDe6IdW72BefOlA/m53BJiVCIJmirivafJQSnjTTggH2MuLP
/J/PeWeYRVVbHCoHKP9nJMRMh7ZwUkkv8egti/DYCRILXvp6dajScw8V8DNm3Yuc
byZ/aUZXXoi4BlbWUgm1XHVkI59ELhz+rHa//udfUPsFYIEFLoQ5FqA8QQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHLyytqEc+rDLo2sn45CyONild15MB8GA1UdIwQY
MBaAFF++uZ8GQcIAC6wFoya0GKTAKUt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc2NW53WkJ3Z0FMckFXakpyUVlwTUFwUzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS82NTNkYWMtYTY5Yy00OGU1LWI3Yzgt
NTc1YTIwODA4OTZhLzEvWDc2NW53WkJ3Z0FMckFXakpyUVlwTUFwUzNvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS82NTNkYWMtYTY5Yy00OGU1LWI3YzgtNTc1YTIwODA4OTZh
LzEvWDc2NW53WkJ3Z0FMckFXakpyUVlwTUFwUzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFizwOGYV
0jc5d2DJPm9ZsP7BIOswqkIZPfqsK9U9v46hQ6+BZGf+++XO6BfUaap5l54HcRWg
2J+aaHi88lmhdV2xIccZGgyBoWHo8KyFN0PIeY1ow2/nImhwgJpJ7Un0xcN4Ma7+
zRp7MHRXcSiEieyqIwLkpEN+4fVLqiXm6onhPTAhYTnPh7wAhVb6COCTrEn6tyAx
ebxQNBpphAUC8JzfWCTwztIpCyp7goBeXxRzd3htKKJl7OmEJDJlCWqIdpc/MzGw
bEB855zoDLc2PvdooMJfU+OYexTB4IhzYLMWzyRx0XZmgwLdXjmD2An6CPyhP8Mz
qMx+m8+j+alhIg==
-----END CERTIFICATE-----