Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
File:                     OhsBRND2_wuDzON2eUYxdFt8p6A.mft (raw, json)
Hash identifier:          OK+JJlQB9iV8XOHOkx9DL8zD/2yoIBNPQCYglSX3hbE=
Subject key identifier:   F0:AA:46:F4:03:3C:41:97:49:F4:C0:17:E5:A1:DE:AC:75:3C:C3:6C
Authority key identifier: 3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0
Certificate issuer:       /CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
Certificate serial:       019A725CA9877306D6B5BFB67A03A0D2AC1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
Manifest number:          1250
Signing time:             Tue 11 Nov 2025 10:01:06 +0000
Manifest this update:     Tue 11 Nov 2025 10:01:06 +0000
Manifest next update:     Wed 12 Nov 2025 10:01:06 +0000
Files and hashes:         1: OhsBRND2_wuDzON2eUYxdFt8p6A.crl (hash: 8oaXzYZZGNo+8ILd1G5r7FQ4qZPraygzac4jzhjdSP0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:a9:87:73:06:d6:b5:bf:b6:7a:03:a0:d2:ac:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
        Validity
            Not Before: Nov 11 10:01:06 2025 GMT
            Not After : Nov 12 10:01:06 2025 GMT
        Subject: CN=f0aa46f4033c419749f4c017e5a1deac753cc36c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:95:34:ee:56:1a:ab:c6:72:e4:47:c2:5f:0a:
                    4b:ec:25:28:75:ce:c9:56:90:70:0f:39:a3:bc:2c:
                    c6:a5:8a:83:b2:b3:af:a4:47:a4:d0:d4:e8:ca:1b:
                    31:d1:e6:39:5f:1c:58:14:76:83:0a:89:62:f5:35:
                    80:0b:4d:5b:aa:26:87:4d:da:1f:3f:3b:4f:ba:98:
                    86:ac:1e:31:3b:63:a2:0b:ff:91:d4:52:01:95:89:
                    12:30:8c:7f:9c:7d:ae:7a:e0:6b:63:72:fc:0a:af:
                    bd:2d:07:e8:de:1e:72:f0:57:14:ea:07:3f:c1:41:
                    03:30:a9:9d:81:f5:6e:29:7c:6e:25:3d:db:e5:92:
                    39:65:53:0c:40:ed:bb:24:ec:c5:f7:86:90:74:8a:
                    74:e1:ce:e3:0c:d5:41:c9:cb:3c:3a:8b:de:45:dc:
                    dc:a8:fe:0c:3a:9b:37:b7:01:0c:16:aa:c2:38:45:
                    44:35:62:85:16:68:58:97:4e:70:6d:4b:b5:ed:18:
                    98:e9:c2:a0:09:22:5c:28:8e:5e:cf:1b:8d:9e:a1:
                    b7:61:a5:4c:57:d6:5c:3b:cc:3f:a0:e0:ba:2e:c5:
                    a2:61:fb:c8:15:9e:77:8a:a1:9a:2e:9c:ea:0b:13:
                    e9:3b:67:56:35:84:38:8f:50:f9:93:95:9f:9c:be:
                    a5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:AA:46:F4:03:3C:41:97:49:F4:C0:17:E5:A1:DE:AC:75:3C:C3:6C
            X509v3 Authority Key Identifier:
                keyid:3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         15:4a:f5:8b:bf:a6:c7:15:04:88:27:1b:49:df:61:f1:f9:e2:
         cb:22:f0:49:8c:f5:48:d2:7f:9d:e2:d1:a2:e2:e8:03:33:aa:
         3d:0d:0c:9f:c4:a4:09:76:8f:69:30:76:92:1d:e3:48:50:72:
         af:25:44:0a:f8:14:83:98:d2:de:9b:d8:31:a5:75:e0:e4:d9:
         78:f4:62:d8:6c:99:92:cc:a9:c8:8f:25:6a:fc:27:32:c0:1b:
         41:2e:c3:11:fc:ea:43:23:9b:03:2e:f3:d5:1b:a6:93:40:fd:
         89:c0:c9:ab:67:e7:9e:28:8c:22:10:1e:f7:1a:de:cf:12:f1:
         aa:6e:0e:f5:c5:11:f0:d1:88:72:4c:4f:04:35:fe:bd:3b:15:
         83:3e:6b:75:f1:16:30:cb:b2:eb:16:db:7a:a0:78:09:8f:30:
         da:40:fe:5e:96:ba:d0:ee:c3:4f:3d:2a:e8:2b:e2:93:6e:b3:
         ab:07:2d:47:56:31:d7:00:6a:63:9c:93:f8:3a:83:40:bc:5a:
         47:cc:87:04:18:f2:ea:7e:bb:9a:52:f6:0c:10:c0:04:6f:30:
         23:1d:0f:0b:43:4a:0b:f9:19:65:09:b2:1b:6d:d1:e4:3c:cc:
         52:8f:05:f2:f9:0a:80:70:43:68:88:1a:ad:91:61:26:33:b6:
         72:28:e4:d8
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXKmHcwbWtb+2egOg0qwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWIwMTQ0ZDBmNmZmMGI4M2NjZTM3Njc5NDYzMTc0NWI3
Y2E3YTAwHhcNMjUxMTExMTAwMTA2WhcNMjUxMTEyMTAwMTA2WjAzMTEwLwYDVQQD
EyhmMGFhNDZmNDAzM2M0MTk3NDlmNGMwMTdlNWExZGVhYzc1M2NjMzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpU07lYaq8Zy5EfCXwpL7CUodc7J
VpBwDzmjvCzGpYqDsrOvpEek0NToyhsx0eY5XxxYFHaDColi9TWAC01bqiaHTdof
PztPupiGrB4xO2OiC/+R1FIBlYkSMIx/nH2ueuBrY3L8Cq+9LQfo3h5y8FcU6gc/
wUEDMKmdgfVuKXxuJT3b5ZI5ZVMMQO27JOzF94aQdIp04c7jDNVBycs8OoveRdzc
qP4MOps3twEMFqrCOEVENWKFFmhYl05wbUu17RiY6cKgCSJcKI5ezxuNnqG3YaVM
V9ZcO8w/oOC6LsWiYfvIFZ53iqGaLpzqCxPpO2dWNYQ4j1D5k5WfnL6lqQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPCqRvQDPEGXSfTAF+Wh3qx1PMNsMB8GA1UdIwQY
MBaAFDobAUTQ9v8Lg8zjdnlGMXRbfKegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEt
MjUwNTQ0Mjc3ZDVjLzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEtMjUwNTQ0Mjc3ZDVj
LzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFUr1i7+m
xxUEiCcbSd9h8fniyyLwSYz1SNJ/neLRouLoAzOqPQ0Mn8SkCXaPaTB2kh3jSFBy
ryVECvgUg5jS3pvYMaV14OTZePRi2GyZksypyI8lavwnMsAbQS7DEfzqQyObAy7z
1Rumk0D9icDJq2fnniiMIhAe9xrezxLxqm4O9cUR8NGIckxPBDX+vTsVgz5rdfEW
MMuy6xbbeqB4CY8w2kD+Xpa60O7DTz0q6Cvik26zqwctR1Yx1wBqY5yT+DqDQLxa
R8yHBBjy6n67mlL2DBDABG8wIx0PC0NKC/kZZQmyG23R5DzMUo8F8vkKgHBDaIga
rZFhJjO2cijk2A==
-----END CERTIFICATE-----