Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft
File:                     QpeJWSkM6bssG1thREOEQVta-tY.mft (raw, json)
Hash identifier:          rCHAHlDDbVuCjngPr28950IFAT3TQIyGspij0XVntTA=
Subject key identifier:   8F:FD:DA:DB:1C:3B:E5:43:BF:6C:32:37:12:AF:A5:54:5F:EA:EA:F7
Authority key identifier: 42:97:89:59:29:0C:E9:BB:2C:1B:5B:61:44:43:84:41:5B:5A:FA:D6
Certificate issuer:       /CN=42978959290ce9bb2c1b5b61444384415b5afad6
Certificate serial:       019A71B8D7849E9B7B4CDCD772D6414EBDE7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpeJWSkM6bssG1thREOEQVta-tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft
Manifest number:          171B
Signing time:             Tue 11 Nov 2025 07:02:10 +0000
Manifest this update:     Tue 11 Nov 2025 07:02:10 +0000
Manifest next update:     Wed 12 Nov 2025 07:02:10 +0000
Files and hashes:         1: QpeJWSkM6bssG1thREOEQVta-tY.crl (hash: cZauar7O1A5z1LicHbNNpKTYEfaBJ1YWrBbKIsbWI9k=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpeJWSkM6bssG1thREOEQVta-tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:d7:84:9e:9b:7b:4c:dc:d7:72:d6:41:4e:bd:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42978959290ce9bb2c1b5b61444384415b5afad6
        Validity
            Not Before: Nov 11 07:02:10 2025 GMT
            Not After : Nov 12 07:02:10 2025 GMT
        Subject: CN=8ffddadb1c3be543bf6c323712afa5545feaeaf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:30:25:c1:22:da:69:ef:59:22:59:da:d7:99:
                    e7:ec:e6:21:72:36:47:39:0d:97:41:5e:fe:83:7e:
                    28:c2:56:78:e8:bd:ac:2a:af:3b:2d:40:9c:2c:f3:
                    60:99:4d:c8:99:7c:c8:ff:d6:b3:d7:59:8f:db:49:
                    42:67:e7:49:5b:10:25:95:56:59:3f:a8:6d:1d:2f:
                    02:5f:d1:11:05:d7:b8:fb:34:26:8c:73:63:6d:82:
                    2c:50:f8:94:fb:45:72:b0:ff:2a:e6:4b:01:af:d7:
                    ba:e5:dc:93:c8:d7:23:a6:85:ee:a0:27:5f:44:9c:
                    9d:47:89:d6:43:90:e0:54:be:ea:5d:c6:1e:49:74:
                    fe:3f:2a:bb:fa:d6:89:1b:bf:ea:b5:53:3e:aa:5f:
                    3b:76:60:c8:8c:8a:03:77:13:54:88:e2:3f:3f:53:
                    c3:df:12:2c:00:21:43:c2:0d:a3:58:b7:70:41:f1:
                    21:c3:36:aa:1b:9d:49:61:10:83:d3:22:4c:92:bf:
                    e1:6c:dd:68:87:03:c8:f8:d0:11:ee:f7:0f:0c:40:
                    8c:62:d0:fa:32:64:3a:9c:3f:72:c7:fa:13:ec:b6:
                    77:60:9c:0e:0d:ba:c1:52:32:f1:f2:51:a3:46:ee:
                    0f:8c:c6:99:6c:b2:7b:a3:ce:6f:cd:df:5a:63:60:
                    84:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:FD:DA:DB:1C:3B:E5:43:BF:6C:32:37:12:AF:A5:54:5F:EA:EA:F7
            X509v3 Authority Key Identifier:
                keyid:42:97:89:59:29:0C:E9:BB:2C:1B:5B:61:44:43:84:41:5B:5A:FA:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpeJWSkM6bssG1thREOEQVta-tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6b:30:6b:bf:f0:ad:09:c1:a4:ce:3b:1d:cd:8d:d5:51:ab:25:
         9c:5b:d4:6f:9b:97:31:52:78:c8:a9:e2:7f:93:b4:fa:82:f3:
         11:57:21:7c:6d:58:16:24:c7:6e:82:34:3d:48:74:13:ca:83:
         5d:3b:86:e3:ad:33:fd:05:5a:85:30:bb:b4:34:f9:0a:43:d1:
         b1:32:b1:32:47:58:18:44:df:55:71:d8:ce:3a:8c:9e:6d:e9:
         68:52:a9:a3:64:c9:da:ce:0e:d8:0c:38:02:a1:9c:3a:39:dd:
         a8:be:29:b3:74:7b:14:e8:56:e0:b7:dc:82:bf:40:ac:a3:ae:
         99:31:52:68:86:a9:0f:0c:38:84:4c:c0:fa:f1:9f:af:64:6a:
         ed:4b:fb:15:38:67:c5:92:2d:74:e4:30:e9:be:6a:3f:7b:16:
         b3:f8:7c:53:fa:1a:99:49:86:a0:fb:c8:62:03:ab:31:a4:dc:
         24:76:e2:03:5a:42:0d:a2:b2:61:96:89:59:19:5f:94:7f:7a:
         ad:f1:a1:2c:7f:72:1a:65:d4:2a:ef:94:09:2e:f5:cb:41:8e:
         70:62:1c:92:3b:0e:62:40:b9:89:4d:df:05:5c:ce:c6:40:76:
         a1:b8:39:3a:c8:83:2a:c3:73:f1:ca:20:2c:4d:a6:ed:43:15:
         2a:b7:76:2f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuNeEnpt7TNzXctZBTr3nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTc4OTU5MjkwY2U5YmIyYzFiNWI2MTQ0NDM4NDQxNWI1
YWZhZDYwHhcNMjUxMTExMDcwMjEwWhcNMjUxMTEyMDcwMjEwWjAzMTEwLwYDVQQD
Eyg4ZmZkZGFkYjFjM2JlNTQzYmY2YzMyMzcxMmFmYTU1NDVmZWFlYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jAlwSLaae9ZIlna15nn7OYhcjZH
OQ2XQV7+g34owlZ46L2sKq87LUCcLPNgmU3ImXzI/9az11mP20lCZ+dJWxAllVZZ
P6htHS8CX9ERBde4+zQmjHNjbYIsUPiU+0VysP8q5ksBr9e65dyTyNcjpoXuoCdf
RJydR4nWQ5DgVL7qXcYeSXT+Pyq7+taJG7/qtVM+ql87dmDIjIoDdxNUiOI/P1PD
3xIsACFDwg2jWLdwQfEhwzaqG51JYRCD0yJMkr/hbN1ohwPI+NAR7vcPDECMYtD6
MmQ6nD9yx/oT7LZ3YJwODbrBUjLx8lGjRu4PjMaZbLJ7o85vzd9aY2CEHwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFI/92tscO+VDv2wyNxKvpVRf6ur3MB8GA1UdIwQY
MBaAFEKXiVkpDOm7LBtbYURDhEFbWvrWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBlSldTa002YnNzRzF0aFJFT0VRVnRhLXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9hYzBiMGEtMmU4My00NjlkLWI4OWIt
MzI2ODA4ZWNjY2NjLzEvUXBlSldTa002YnNzRzF0aFJFT0VRVnRhLXRZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9hYzBiMGEtMmU4My00NjlkLWI4OWItMzI2ODA4ZWNjY2Nj
LzEvUXBlSldTa002YnNzRzF0aFJFT0VRVnRhLXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAazBrv/Ct
CcGkzjsdzY3VUaslnFvUb5uXMVJ4yKnif5O0+oLzEVchfG1YFiTHboI0PUh0E8qD
XTuG460z/QVahTC7tDT5CkPRsTKxMkdYGETfVXHYzjqMnm3paFKpo2TJ2s4O2Aw4
AqGcOjndqL4ps3R7FOhW4Lfcgr9ArKOumTFSaIapDww4hEzA+vGfr2Rq7Uv7FThn
xZItdOQw6b5qP3sWs/h8U/oamUmGoPvIYgOrMaTcJHbiA1pCDaKyYZaJWRlflH96
rfGhLH9yGmXUKu+UCS71y0GOcGIckjsOYkC5iU3fBVzOxkB2obg5OsiDKsNz8cog
LE2m7UMVKrd2Lw==
-----END CERTIFICATE-----