Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
File:                     OhsBRND2_wuDzON2eUYxdFt8p6A.mft (raw, json)
Hash identifier:          WRnpMRQTbXT1Ls1ubp6mbBETrhsF5v4cg84s+v9wL4c=
Subject key identifier:   29:90:63:A1:7D:55:1D:21:02:A5:12:4A:1F:B7:70:49:85:6F:85:03
Authority key identifier: 3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0
Certificate issuer:       /CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
Certificate serial:       01935764809805D80B7B95ADA29E315BFA8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
Manifest number:          0EA2
Signing time:             Sat 23 Nov 2024 05:00:24 +0000
Manifest this update:     Sat 23 Nov 2024 05:00:24 +0000
Manifest next update:     Sun 24 Nov 2024 05:00:24 +0000
Files and hashes:         1: OhsBRND2_wuDzON2eUYxdFt8p6A.crl (hash: No3lcQUeegew8Tw+M7kO5hWVbjoqiZ/xzd7lLs/YPrE=)

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:57:64:80:98:05:d8:0b:7b:95:ad:a2:9e:31:5b:fa:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
        Validity
            Not Before: Nov 23 05:00:24 2024 GMT
            Not After : Nov 24 05:00:24 2024 GMT
        Subject: CN=299063a17d551d2102a5124a1fb77049856f8503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a3:94:73:8a:0d:b3:9e:70:5c:63:12:a4:5a:
                    92:1f:58:a7:0b:30:dd:48:60:54:ea:76:b5:f5:01:
                    99:34:72:c3:57:d7:d9:4b:57:be:36:5e:a3:09:49:
                    93:f0:b4:55:7c:d6:a8:fe:d8:b6:7b:99:e2:96:e1:
                    f3:e3:10:02:7f:62:74:38:94:a9:2f:b1:81:60:38:
                    9a:97:df:7a:60:41:7c:37:af:43:3e:e6:e2:df:f8:
                    ba:30:d5:98:3e:a0:9f:e9:54:53:41:c4:18:cd:5a:
                    db:71:9d:8d:6f:d3:a7:5a:6d:43:4b:e0:46:cf:76:
                    50:aa:91:f9:2c:5a:fb:cb:b3:a6:4f:a5:a5:74:49:
                    2b:da:2a:50:da:b1:b2:7f:53:29:84:a9:90:99:d8:
                    31:0f:0b:5a:27:50:05:86:bc:42:0d:2b:6b:2b:32:
                    6b:ab:74:ed:5d:d8:1b:50:11:b9:da:83:4a:d8:47:
                    3e:1a:a0:77:55:33:b6:11:75:47:99:a8:6e:da:cf:
                    33:8f:35:96:25:1b:37:25:35:57:bd:0a:85:e3:70:
                    02:cb:e2:00:0f:21:50:a9:90:36:47:58:c3:c4:f6:
                    f7:42:d6:14:ad:53:8e:ce:07:c3:29:aa:ed:fd:c9:
                    94:17:11:e3:da:70:23:f3:b2:51:e6:45:ae:e6:9a:
                    be:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:90:63:A1:7D:55:1D:21:02:A5:12:4A:1F:B7:70:49:85:6F:85:03
            X509v3 Authority Key Identifier:
                keyid:3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         68:1a:c8:33:97:f9:d3:67:13:d3:29:6c:75:8d:05:a3:c3:3f:
         f7:d1:47:17:bb:2f:c2:1b:d6:cc:2c:6e:50:70:b0:20:f4:be:
         0b:c6:07:e4:67:d8:db:16:0d:3d:64:52:70:d4:42:08:81:8b:
         15:46:5a:ea:af:14:a9:00:f2:2b:53:54:6d:f4:6c:03:cb:2a:
         18:17:58:a5:ec:6d:89:fe:91:db:a8:30:3b:0e:1c:47:c7:3e:
         e5:6e:9a:c5:7e:fd:0a:22:e2:81:9f:13:d2:d1:44:c7:1b:ff:
         58:95:66:71:46:15:08:bd:21:b1:36:d8:6c:cc:c7:41:fd:05:
         82:c9:12:99:9b:60:76:19:84:25:52:b0:e9:e7:91:d0:7e:b4:
         78:eb:ed:dd:30:3a:fc:46:c4:37:e7:7d:ec:c7:e9:3e:18:b1:
         37:93:ea:e0:02:3f:c6:52:74:de:0b:47:8f:61:9d:c1:f1:32:
         b4:80:86:d7:db:76:5e:a8:7f:20:cf:04:64:fd:18:24:5f:3e:
         0e:1e:24:8d:94:29:f8:08:56:f0:a7:47:72:f0:53:60:95:85:
         59:e7:d7:a1:74:cc:a9:fd:e4:65:8c:31:7a:08:5b:1e:e6:e8:
         ba:63:f1:a3:14:db:e5:ab:7a:62:32:f8:37:85:46:ae:31:0f:
         17:6c:91:5b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZNXZICYBdgLe5Wtop4xW/qOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWIwMTQ0ZDBmNmZmMGI4M2NjZTM3Njc5NDYzMTc0NWI3
Y2E3YTAwHhcNMjQxMTIzMDUwMDI0WhcNMjQxMTI0MDUwMDI0WjAzMTEwLwYDVQQD
EygyOTkwNjNhMTdkNTUxZDIxMDJhNTEyNGExZmI3NzA0OTg1NmY4NTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6OUc4oNs55wXGMSpFqSH1inCzDd
SGBU6na19QGZNHLDV9fZS1e+Nl6jCUmT8LRVfNao/ti2e5niluHz4xACf2J0OJSp
L7GBYDial996YEF8N69DPubi3/i6MNWYPqCf6VRTQcQYzVrbcZ2Nb9OnWm1DS+BG
z3ZQqpH5LFr7y7OmT6WldEkr2ipQ2rGyf1MphKmQmdgxDwtaJ1AFhrxCDStrKzJr
q3TtXdgbUBG52oNK2Ec+GqB3VTO2EXVHmahu2s8zjzWWJRs3JTVXvQqF43ACy+IA
DyFQqZA2R1jDxPb3QtYUrVOOzgfDKart/cmUFxHj2nAj87JR5kWu5pq+0QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCmQY6F9VR0hAqUSSh+3cEmFb4UDMB8GA1UdIwQY
MBaAFDobAUTQ9v8Lg8zjdnlGMXRbfKegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEt
MjUwNTQ0Mjc3ZDVjLzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEtMjUwNTQ0Mjc3ZDVj
LzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAaBrIM5f5
02cT0ylsdY0Fo8M/99FHF7svwhvWzCxuUHCwIPS+C8YH5GfY2xYNPWRScNRCCIGL
FUZa6q8UqQDyK1NUbfRsA8sqGBdYpextif6R26gwOw4cR8c+5W6axX79CiLigZ8T
0tFExxv/WJVmcUYVCL0hsTbYbMzHQf0FgskSmZtgdhmEJVKw6eeR0H60eOvt3TA6
/EbEN+d97MfpPhixN5Pq4AI/xlJ03gtHj2GdwfEytICG19t2Xqh/IM8EZP0YJF8+
Dh4kjZQp+AhW8KdHcvBTYJWFWefXoXTMqf3kZYwxeghbHuboumPxoxTb5at6YjL4
N4VGrjEPF2yRWw==
-----END CERTIFICATE-----