Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/854660-5fa6-427e-a5e8-654da8b40716/1/KyO4dALEaK1icsN77YjlzcbkwGE.mft
File:                     KyO4dALEaK1icsN77YjlzcbkwGE.mft (raw, json)
Hash identifier:          4ygHoejFRpqYy8hVDSnMGaCPCXjRRmoqs/iMv+7OvZA=
Subject key identifier:   28:EB:E3:E0:FD:50:2C:7A:52:47:FC:45:33:E5:B4:15:13:EE:29:6C
Authority key identifier: 2B:23:B8:74:02:C4:68:AD:62:72:C3:7B:ED:88:E5:CD:C6:E4:C0:61
Certificate issuer:       /CN=2b23b87402c468ad6272c37bed88e5cdc6e4c061
Certificate serial:       019A72939A3B037AC9FDA8E20AD387E183EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KyO4dALEaK1icsN77YjlzcbkwGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/854660-5fa6-427e-a5e8-654da8b40716/1/KyO4dALEaK1icsN77YjlzcbkwGE.mft
Manifest number:          01F4
Signing time:             Tue 11 Nov 2025 11:01:07 +0000
Manifest this update:     Tue 11 Nov 2025 11:01:07 +0000
Manifest next update:     Wed 12 Nov 2025 11:01:07 +0000
Files and hashes:         1: KyO4dALEaK1icsN77YjlzcbkwGE.crl (hash: P4VhSanlLdtPCQitM/rVHpvgO+Bt25IAxj92GrCzZck=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/854660-5fa6-427e-a5e8-654da8b40716/1/KyO4dALEaK1icsN77YjlzcbkwGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/854660-5fa6-427e-a5e8-654da8b40716/1/KyO4dALEaK1icsN77YjlzcbkwGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KyO4dALEaK1icsN77YjlzcbkwGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:93:9a:3b:03:7a:c9:fd:a8:e2:0a:d3:87:e1:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b23b87402c468ad6272c37bed88e5cdc6e4c061
        Validity
            Not Before: Nov 11 11:01:07 2025 GMT
            Not After : Nov 12 11:01:07 2025 GMT
        Subject: CN=28ebe3e0fd502c7a5247fc4533e5b41513ee296c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f5:71:1b:e8:e0:f9:9e:35:94:bd:3d:a7:c1:
                    7a:5b:7f:d9:72:4d:99:cf:4c:9a:be:0d:29:d2:24:
                    fa:79:0d:42:02:85:eb:c3:3d:15:0e:71:0b:bf:c9:
                    36:30:13:dc:fa:d9:b1:91:d8:fa:d1:d8:6d:6a:b2:
                    3f:5e:b8:aa:25:fd:33:e9:6d:46:f7:4f:1c:03:4c:
                    a6:fc:ec:af:df:5d:1d:a1:3f:2c:6e:dc:29:de:08:
                    96:df:08:be:f1:17:10:b7:de:da:e9:1f:80:a4:ea:
                    e4:59:6b:42:69:27:45:62:7e:98:32:68:7c:5b:82:
                    f4:e9:59:c3:5a:93:94:36:f1:5e:cb:42:2b:da:e2:
                    dc:de:71:8c:ae:56:8b:32:90:19:20:f2:f2:2d:d9:
                    dc:4a:41:4e:38:69:8c:bc:b4:ee:ab:6d:5e:7c:86:
                    d5:12:76:1b:3f:d3:f3:45:73:83:95:43:d5:54:68:
                    39:ec:92:a5:b7:f0:cd:b7:73:2a:f1:63:7c:b6:dc:
                    32:6b:83:f3:ea:28:69:6e:1a:e1:4c:74:37:0f:b0:
                    40:b0:50:18:aa:47:d0:8c:58:89:c1:83:ea:af:cc:
                    c0:b0:08:bd:15:79:62:39:3d:7b:a3:6e:51:61:07:
                    1b:be:e2:4e:b3:04:fb:2b:37:e4:52:66:77:6a:2b:
                    6a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:EB:E3:E0:FD:50:2C:7A:52:47:FC:45:33:E5:B4:15:13:EE:29:6C
            X509v3 Authority Key Identifier:
                keyid:2B:23:B8:74:02:C4:68:AD:62:72:C3:7B:ED:88:E5:CD:C6:E4:C0:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KyO4dALEaK1icsN77YjlzcbkwGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/854660-5fa6-427e-a5e8-654da8b40716/1/KyO4dALEaK1icsN77YjlzcbkwGE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/854660-5fa6-427e-a5e8-654da8b40716/1/KyO4dALEaK1icsN77YjlzcbkwGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5f:b5:1b:29:03:06:4f:50:8c:bf:04:31:67:5c:98:00:a3:f4:
         1a:66:7a:bf:90:7c:0e:df:d2:d7:22:09:92:83:d2:ed:4f:ff:
         9c:b2:78:3c:8e:1a:7e:d9:60:b3:a9:5c:7d:4f:25:18:a6:0e:
         1b:59:a2:f7:e1:fc:60:b3:9d:2f:bd:5e:1c:54:2f:19:0b:3d:
         b7:16:ba:c8:b7:15:4e:be:47:42:02:aa:7e:14:41:76:8e:57:
         89:c3:1e:4c:6b:4e:31:9a:76:76:06:a0:56:4d:48:80:f6:ca:
         9a:e9:63:40:05:1f:47:6f:8c:f5:87:68:16:e8:25:f8:8c:8b:
         7d:7c:2a:f8:3a:5f:a4:18:80:ff:68:be:3f:01:b2:ec:84:c8:
         e6:09:0a:d0:6e:fb:65:56:64:3f:75:9d:a4:cb:13:55:3f:44:
         bc:d3:1a:e5:a5:70:c4:e8:56:4e:2b:d1:01:b2:d5:eb:25:a7:
         05:14:50:ed:dc:80:3a:2c:37:07:f8:21:f4:c9:0c:28:a6:b7:
         2c:21:5f:5f:f3:40:14:aa:d0:85:dc:d8:63:e4:68:07:c5:23:
         98:8a:a6:b1:b5:a1:1d:e5:87:18:4c:e0:75:fc:3d:94:9d:e2:
         6f:30:09:64:6b:c9:af:8d:fa:ca:5f:59:90:8b:9e:45:09:c0:
         34:da:e2:39
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyk5o7A3rJ/ajiCtOH4YPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMjNiODc0MDJjNDY4YWQ2MjcyYzM3YmVkODhlNWNkYzZl
NGMwNjEwHhcNMjUxMTExMTEwMTA3WhcNMjUxMTEyMTEwMTA3WjAzMTEwLwYDVQQD
EygyOGViZTNlMGZkNTAyYzdhNTI0N2ZjNDUzM2U1YjQxNTEzZWUyOTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PVxG+jg+Z41lL09p8F6W3/Zck2Z
z0yavg0p0iT6eQ1CAoXrwz0VDnELv8k2MBPc+tmxkdj60dhtarI/XriqJf0z6W1G
908cA0ym/Oyv310doT8sbtwp3giW3wi+8RcQt97a6R+ApOrkWWtCaSdFYn6YMmh8
W4L06VnDWpOUNvFey0Ir2uLc3nGMrlaLMpAZIPLyLdncSkFOOGmMvLTuq21efIbV
EnYbP9PzRXODlUPVVGg57JKlt/DNt3Mq8WN8ttwya4Pz6ihpbhrhTHQ3D7BAsFAY
qkfQjFiJwYPqr8zAsAi9FXliOT17o25RYQcbvuJOswT7KzfkUmZ3aitqkQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCjr4+D9UCx6Ukf8RTPltBUT7ilsMB8GA1UdIwQY
MBaAFCsjuHQCxGitYnLDe+2I5c3G5MBhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3lPNGRBTEVhSzFpY3NONzdZamx6Y2Jrd0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS84NTQ2NjAtNWZhNi00MjdlLWE1ZTgt
NjU0ZGE4YjQwNzE2LzEvS3lPNGRBTEVhSzFpY3NONzdZamx6Y2Jrd0dFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS84NTQ2NjAtNWZhNi00MjdlLWE1ZTgtNjU0ZGE4YjQwNzE2
LzEvS3lPNGRBTEVhSzFpY3NONzdZamx6Y2Jrd0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAX7UbKQMG
T1CMvwQxZ1yYAKP0GmZ6v5B8Dt/S1yIJkoPS7U//nLJ4PI4aftlgs6lcfU8lGKYO
G1mi9+H8YLOdL71eHFQvGQs9txa6yLcVTr5HQgKqfhRBdo5XicMeTGtOMZp2dgag
Vk1IgPbKmuljQAUfR2+M9YdoFugl+IyLfXwq+DpfpBiA/2i+PwGy7ITI5gkK0G77
ZVZkP3WdpMsTVT9EvNMa5aVwxOhWTivRAbLV6yWnBRRQ7dyAOiw3B/gh9MkMKKa3
LCFfX/NAFKrQhdzYY+RoB8UjmIqmsbWhHeWHGEzgdfw9lJ3ibzAJZGvJr436yl9Z
kIueRQnANNriOQ==
-----END CERTIFICATE-----