Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
File:                     OhsBRND2_wuDzON2eUYxdFt8p6A.mft (raw, json)
Hash identifier:          PO9CkCOdxM2hQDt97AlrYC7BenzvpxKRRAZnvfSajNY=
Subject key identifier:   40:6D:94:B6:8C:2F:EF:68:67:C2:10:49:85:7E:B6:40:51:3C:CD:B1
Authority key identifier: 3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0
Certificate issuer:       /CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
Certificate serial:       0199228C67B769DBF409EC8346C13511446A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
Manifest number:          11A2
Signing time:             Sun 07 Sep 2025 05:00:50 +0000
Manifest this update:     Sun 07 Sep 2025 05:00:50 +0000
Manifest next update:     Mon 08 Sep 2025 05:00:50 +0000
Files and hashes:         1: OhsBRND2_wuDzON2eUYxdFt8p6A.crl (hash: ORJXnMBxfAZWWqHmDIG2jvqH5Ut9YsrYGCW19CG44b8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:22:8c:67:b7:69:db:f4:09:ec:83:46:c1:35:11:44:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
        Validity
            Not Before: Sep  7 05:00:50 2025 GMT
            Not After : Sep  8 05:00:50 2025 GMT
        Subject: CN=406d94b68c2fef6867c21049857eb640513ccdb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:2a:f2:3d:3f:8f:ef:77:b5:a5:5a:3c:7b:69:
                    9f:3b:66:d8:89:ed:44:ec:33:1a:8e:75:df:0b:3c:
                    3c:90:f7:cb:4a:73:6e:13:ce:20:12:4d:a7:36:76:
                    93:de:27:d9:7c:85:b3:28:43:e1:91:1e:37:94:8f:
                    be:92:f7:69:ac:45:a2:78:e9:2e:8f:34:76:ef:e7:
                    1e:11:7d:06:80:17:c3:e8:95:66:f3:97:71:0f:70:
                    33:c9:a5:7c:d1:81:30:00:ef:4d:c1:83:86:6f:26:
                    45:d3:1c:98:3f:b8:70:51:71:ab:f3:fb:c5:45:30:
                    b1:c2:01:47:8c:4c:55:cc:54:0d:d1:c8:6a:7b:30:
                    c6:3a:87:59:f9:11:61:3a:f5:f7:02:13:46:92:e8:
                    d6:03:f3:6e:b0:82:a9:15:bc:dd:1a:a8:1a:c3:9d:
                    4e:89:16:cb:26:ae:e2:b3:49:13:92:8d:46:55:e9:
                    00:c5:95:fd:e3:55:e0:77:fa:39:56:9d:d2:ba:c8:
                    fe:a4:84:97:86:27:57:47:aa:33:e5:e6:17:ab:b6:
                    e8:25:e1:d2:5c:e0:60:e1:16:2b:4b:1e:d1:11:88:
                    5b:f5:b5:57:22:11:6f:f4:20:53:2e:22:cc:7c:f6:
                    e3:f4:23:17:01:1b:24:a6:2c:67:1c:e8:a4:a2:02:
                    d8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:6D:94:B6:8C:2F:EF:68:67:C2:10:49:85:7E:B6:40:51:3C:CD:B1
            X509v3 Authority Key Identifier:
                keyid:3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         86:36:2e:2a:08:1a:a2:08:d5:b1:96:15:89:f6:72:cc:0f:01:
         5d:91:88:a0:46:99:d5:3b:de:22:4f:c0:2e:19:58:c0:81:95:
         0c:04:13:ec:1b:f4:af:30:9c:66:6f:2a:d9:b7:50:7c:c8:70:
         c8:9d:6b:0e:75:25:9b:60:38:18:30:56:d9:23:e8:73:72:4b:
         8c:8c:d6:a9:aa:f1:ef:ea:21:fb:8e:8c:5e:71:19:ab:02:c3:
         ed:33:f2:ba:09:52:c9:a8:08:34:0f:3b:f8:1c:d8:0d:37:65:
         7d:95:0d:82:42:f8:8b:83:5e:cb:97:bd:ad:0c:34:dc:cf:e3:
         e0:22:2f:6e:f3:a8:cd:8f:6d:32:c7:0a:7d:34:31:a2:08:f1:
         c4:d9:49:97:4b:71:b0:13:af:5e:ca:6e:ea:be:0e:48:10:c6:
         75:ec:10:85:80:9f:6c:08:1a:4c:0d:e5:d9:33:ac:b0:c5:eb:
         d3:5f:3c:8f:51:df:86:fb:04:4d:a1:88:e5:13:c7:6f:b7:d3:
         26:da:55:25:16:a9:5a:f4:a2:3b:6a:f5:06:33:e2:b5:c3:b9:
         75:96:52:70:a7:36:41:57:f1:11:5d:e1:4e:9f:57:37:47:21:
         1e:a4:cb:72:1e:3b:54:07:a7:0b:1f:d9:99:99:4d:47:ce:40:
         70:d1:53:08
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZkijGe3adv0CeyDRsE1EURqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWIwMTQ0ZDBmNmZmMGI4M2NjZTM3Njc5NDYzMTc0NWI3
Y2E3YTAwHhcNMjUwOTA3MDUwMDUwWhcNMjUwOTA4MDUwMDUwWjAzMTEwLwYDVQQD
Eyg0MDZkOTRiNjhjMmZlZjY4NjdjMjEwNDk4NTdlYjY0MDUxM2NjZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiryPT+P73e1pVo8e2mfO2bYie1E
7DMajnXfCzw8kPfLSnNuE84gEk2nNnaT3ifZfIWzKEPhkR43lI++kvdprEWieOku
jzR27+ceEX0GgBfD6JVm85dxD3AzyaV80YEwAO9NwYOGbyZF0xyYP7hwUXGr8/vF
RTCxwgFHjExVzFQN0chqezDGOodZ+RFhOvX3AhNGkujWA/NusIKpFbzdGqgaw51O
iRbLJq7is0kTko1GVekAxZX941Xgd/o5Vp3Susj+pISXhidXR6oz5eYXq7boJeHS
XOBg4RYrSx7REYhb9bVXIhFv9CBTLiLMfPbj9CMXARskpixnHOikogLYkwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEBtlLaML+9oZ8IQSYV+tkBRPM2xMB8GA1UdIwQY
MBaAFDobAUTQ9v8Lg8zjdnlGMXRbfKegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEt
MjUwNTQ0Mjc3ZDVjLzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEtMjUwNTQ0Mjc3ZDVj
LzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAhjYuKgga
ogjVsZYVifZyzA8BXZGIoEaZ1TveIk/ALhlYwIGVDAQT7Bv0rzCcZm8q2bdQfMhw
yJ1rDnUlm2A4GDBW2SPoc3JLjIzWqarx7+oh+46MXnEZqwLD7TPyuglSyagINA87
+BzYDTdlfZUNgkL4i4Ney5e9rQw03M/j4CIvbvOozY9tMscKfTQxogjxxNlJl0tx
sBOvXspu6r4OSBDGdewQhYCfbAgaTA3l2TOssMXr0188j1HfhvsETaGI5RPHb7fT
JtpVJRapWvSiO2r1BjPitcO5dZZScKc2QVfxEV3hTp9XN0chHqTLch47VAenCx/Z
mZlNR85AcNFTCA==
-----END CERTIFICATE-----