Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft
File:                     d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft (raw, json)
Hash identifier:          I6aig/DYOqRJhE3QCUeKr0FphY2GxHwyXgGlRPo+Od4=
Subject key identifier:   9A:9F:6A:C8:2A:F7:EA:70:40:F4:AC:35:4F:3A:45:8C:A3:A4:12:B8
Authority key identifier: 77:63:E4:7F:C8:50:AC:C8:FF:DA:06:E3:DA:23:A4:A4:44:C2:D6:FC
Certificate issuer:       /CN=7763e47fc850acc8ffda06e3da23a4a444c2d6fc
Certificate serial:       019A71B87D9EC2C111B1985C722E7C8EFDFB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2Pkf8hQrMj_2gbj2iOkpETC1vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft
Manifest number:          0948
Signing time:             Tue 11 Nov 2025 07:01:47 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:47 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:47 +0000
Files and hashes:         1: d2Pkf8hQrMj_2gbj2iOkpETC1vw.crl (hash: 0NGGCS1AcWQSFyoMUnYafEarEMKUIjZpPy4/haxew+g=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d2Pkf8hQrMj_2gbj2iOkpETC1vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:7d:9e:c2:c1:11:b1:98:5c:72:2e:7c:8e:fd:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7763e47fc850acc8ffda06e3da23a4a444c2d6fc
        Validity
            Not Before: Nov 11 07:01:47 2025 GMT
            Not After : Nov 12 07:01:47 2025 GMT
        Subject: CN=9a9f6ac82af7ea7040f4ac354f3a458ca3a412b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ed:b4:79:29:50:4d:86:70:90:eb:3a:07:d5:
                    db:34:1d:c3:dd:a0:ed:ee:e9:a6:53:bb:34:60:a1:
                    fe:c4:fa:e9:67:c4:69:e1:36:e1:70:89:79:83:81:
                    4a:cd:96:bc:a8:a5:4a:5c:51:b1:df:0d:65:e8:12:
                    cb:4f:fa:30:e8:24:d1:16:7f:05:70:9d:b3:17:9e:
                    11:4b:9a:e3:18:b3:0b:22:88:0b:5e:67:1c:39:e1:
                    8b:ba:b5:41:9d:27:ac:8f:17:9c:62:9b:23:43:8e:
                    e8:54:9c:b2:c8:34:16:f8:21:81:4f:8f:27:8e:66:
                    b5:7f:80:02:ae:33:ab:8a:dc:5e:cb:f7:08:14:5d:
                    a9:27:a0:41:5c:a7:4b:d8:e7:62:22:f1:bb:2a:eb:
                    5b:00:43:d4:e4:96:fb:1a:f5:49:1f:54:1e:a4:b0:
                    ef:9c:22:39:6c:f4:2f:98:d7:b5:b5:15:fd:4a:89:
                    b9:ae:19:75:5d:46:ea:a4:13:1b:f5:74:80:24:bc:
                    30:9f:9c:d1:5e:a3:ad:7b:da:e1:93:67:6d:3f:68:
                    be:34:7a:1d:18:ad:ca:a8:2e:11:a7:00:22:74:7d:
                    27:e4:80:14:01:7b:9c:99:8f:16:a0:35:d3:29:b4:
                    21:ad:4d:0b:33:bb:4a:94:af:d7:b1:75:72:81:07:
                    40:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:9F:6A:C8:2A:F7:EA:70:40:F4:AC:35:4F:3A:45:8C:A3:A4:12:B8
            X509v3 Authority Key Identifier:
                keyid:77:63:E4:7F:C8:50:AC:C8:FF:DA:06:E3:DA:23:A4:A4:44:C2:D6:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2Pkf8hQrMj_2gbj2iOkpETC1vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/aabb5f-72f2-4928-92a9-2ff9d42ee213/1/d2Pkf8hQrMj_2gbj2iOkpETC1vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         68:b4:70:72:06:45:9b:00:95:76:48:bc:47:c5:e0:b7:eb:c2:
         bc:a5:4f:47:c5:62:5e:ae:b4:31:01:c0:6a:6b:61:bf:f2:1c:
         10:6f:96:a3:25:f0:ea:12:e0:f7:63:6a:75:07:fa:85:15:36:
         c9:5a:8a:4d:ba:6d:df:fc:fb:4c:b1:b5:80:a2:68:77:bd:d9:
         94:21:cb:3e:97:b4:0d:f8:9a:98:17:00:f0:1a:3f:f8:a5:cb:
         9c:fa:38:10:ad:96:91:c8:8e:18:96:ae:03:ec:c3:b5:dc:26:
         2e:34:50:63:a5:6e:74:e8:36:4d:67:fe:dd:f4:28:e0:4f:c1:
         78:dd:03:d1:f9:f1:9f:45:73:3f:c7:56:f7:7b:4b:2d:de:55:
         da:f1:72:08:48:ad:2e:56:e6:f9:69:fd:f4:aa:24:f0:54:d5:
         53:c9:8c:99:26:6e:1e:f0:a5:be:f1:92:78:2b:52:f3:69:f9:
         38:ed:6a:a9:aa:d1:8a:c0:21:e5:28:51:48:02:4b:d0:b0:61:
         9d:cd:4a:5a:fb:a0:e1:d9:4c:19:16:3c:41:13:87:a4:39:38:
         62:d2:af:2c:a0:68:3b:2d:09:1c:4c:4f:97:3d:89:41:78:95:
         f1:62:2a:0e:bf:00:01:2e:27:97:f9:0c:da:72:ff:f1:9f:12:
         d8:33:b9:c9
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuH2ewsERsZhcci58jv37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NjNlNDdmYzg1MGFjYzhmZmRhMDZlM2RhMjNhNGE0NDRj
MmQ2ZmMwHhcNMjUxMTExMDcwMTQ3WhcNMjUxMTEyMDcwMTQ3WjAzMTEwLwYDVQQD
Eyg5YTlmNmFjODJhZjdlYTcwNDBmNGFjMzU0ZjNhNDU4Y2EzYTQxMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9e20eSlQTYZwkOs6B9XbNB3D3aDt
7ummU7s0YKH+xPrpZ8Rp4TbhcIl5g4FKzZa8qKVKXFGx3w1l6BLLT/ow6CTRFn8F
cJ2zF54RS5rjGLMLIogLXmccOeGLurVBnSesjxecYpsjQ47oVJyyyDQW+CGBT48n
jma1f4ACrjOritxey/cIFF2pJ6BBXKdL2OdiIvG7KutbAEPU5Jb7GvVJH1QepLDv
nCI5bPQvmNe1tRX9Som5rhl1XUbqpBMb9XSAJLwwn5zRXqOte9rhk2dtP2i+NHod
GK3KqC4RpwAidH0n5IAUAXucmY8WoDXTKbQhrU0LM7tKlK/XsXVygQdAxwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJqfasgq9+pwQPSsNU86RYyjpBK4MB8GA1UdIwQY
MBaAFHdj5H/IUKzI/9oG49ojpKREwtb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDJQa2Y4aFFyTWpfMmdiajJpT2twRVRDMXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9hYWJiNWYtNzJmMi00OTI4LTkyYTkt
MmZmOWQ0MmVlMjEzLzEvZDJQa2Y4aFFyTWpfMmdiajJpT2twRVRDMXZ3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9hYWJiNWYtNzJmMi00OTI4LTkyYTktMmZmOWQ0MmVlMjEz
LzEvZDJQa2Y4aFFyTWpfMmdiajJpT2twRVRDMXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAaLRwcgZF
mwCVdki8R8Xgt+vCvKVPR8ViXq60MQHAamthv/IcEG+WoyXw6hLg92NqdQf6hRU2
yVqKTbpt3/z7TLG1gKJod73ZlCHLPpe0DfiamBcA8Bo/+KXLnPo4EK2WkciOGJau
A+zDtdwmLjRQY6VudOg2TWf+3fQo4E/BeN0D0fnxn0VzP8dW93tLLd5V2vFyCEit
Llbm+Wn99Kok8FTVU8mMmSZuHvClvvGSeCtS82n5OO1qqarRisAh5ShRSAJL0LBh
nc1KWvug4dlMGRY8QROHpDk4YtKvLKBoOy0JHExPlz2JQXiV8WIqDr8AAS4nl/kM
2nL/8Z8S2DO5yQ==
-----END CERTIFICATE-----