Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/9af033-234d-4404-8096-c73bedcdca6d/1/_oN5mWfs0ExTYUie5M-gmM5DaHE.mft
File:                     _oN5mWfs0ExTYUie5M-gmM5DaHE.mft (raw, json)
Hash identifier:          2+zgxj+NNFOE28AeAxXnGymFbuQ+xZWXUsj3ZLBCLuI=
Subject key identifier:   6E:02:97:E1:8D:00:CD:CC:ED:D9:67:04:76:EF:C2:90:E3:4B:0F:BD
Authority key identifier: FE:83:79:99:67:EC:D0:4C:53:61:48:9E:E4:CF:A0:98:CE:43:68:71
Certificate issuer:       /CN=fe83799967ecd04c5361489ee4cfa098ce436871
Certificate serial:       019A71B90023E0198149E6AA1868A4005CE7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_oN5mWfs0ExTYUie5M-gmM5DaHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/9af033-234d-4404-8096-c73bedcdca6d/1/_oN5mWfs0ExTYUie5M-gmM5DaHE.mft
Manifest number:          171B
Signing time:             Tue 11 Nov 2025 07:02:20 +0000
Manifest this update:     Tue 11 Nov 2025 07:02:20 +0000
Manifest next update:     Wed 12 Nov 2025 07:02:20 +0000
Files and hashes:         1: _oN5mWfs0ExTYUie5M-gmM5DaHE.crl (hash: DuRNUl8XHBvr627Vz6+5VyDlif//oZpDPsZRhb/ITOI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/9af033-234d-4404-8096-c73bedcdca6d/1/_oN5mWfs0ExTYUie5M-gmM5DaHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/9af033-234d-4404-8096-c73bedcdca6d/1/_oN5mWfs0ExTYUie5M-gmM5DaHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_oN5mWfs0ExTYUie5M-gmM5DaHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b9:00:23:e0:19:81:49:e6:aa:18:68:a4:00:5c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe83799967ecd04c5361489ee4cfa098ce436871
        Validity
            Not Before: Nov 11 07:02:20 2025 GMT
            Not After : Nov 12 07:02:20 2025 GMT
        Subject: CN=6e0297e18d00cdccedd9670476efc290e34b0fbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:4f:fa:cc:b4:86:64:3e:61:b7:02:7c:aa:b8:
                    16:68:3e:e8:f5:c1:3a:5a:d8:d0:8b:d7:12:db:6f:
                    46:3e:19:70:e1:eb:f5:09:3e:7b:59:79:6f:b0:35:
                    ab:41:6d:e9:d4:fa:10:67:6d:4d:8a:04:94:a2:58:
                    96:b2:83:ea:f2:f6:97:a2:fc:95:61:fd:e0:0f:78:
                    77:8f:4b:c2:ee:e2:d4:55:4a:44:61:15:bf:26:72:
                    ce:aa:a1:4e:e7:6c:8a:12:1b:a4:2c:aa:87:15:a2:
                    64:92:d1:2b:9f:d9:86:04:18:b3:9b:e6:eb:ee:35:
                    f1:6c:f4:61:31:04:5e:b7:f1:f2:5a:d5:db:d3:f0:
                    29:4f:62:02:98:c3:65:fc:67:88:cf:f6:04:5f:c6:
                    96:da:48:a4:a2:67:1f:fb:b5:e9:d0:ff:39:f3:1b:
                    7e:08:97:1e:24:4e:3c:eb:56:6a:3e:fc:61:90:fa:
                    13:58:91:c0:94:ac:66:37:aa:24:10:8e:86:b0:3c:
                    e1:0a:d7:f6:c9:da:27:96:63:60:81:e3:76:d0:87:
                    ce:4c:9f:cb:b6:c9:9f:f2:0b:d0:b9:6a:da:86:91:
                    85:f1:3c:2b:13:8e:b2:b3:d0:92:eb:19:8e:89:62:
                    40:bc:3e:43:62:ab:9e:7b:94:b2:a9:db:01:3d:38:
                    42:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:02:97:E1:8D:00:CD:CC:ED:D9:67:04:76:EF:C2:90:E3:4B:0F:BD
            X509v3 Authority Key Identifier:
                keyid:FE:83:79:99:67:EC:D0:4C:53:61:48:9E:E4:CF:A0:98:CE:43:68:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_oN5mWfs0ExTYUie5M-gmM5DaHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9af033-234d-4404-8096-c73bedcdca6d/1/_oN5mWfs0ExTYUie5M-gmM5DaHE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/9af033-234d-4404-8096-c73bedcdca6d/1/_oN5mWfs0ExTYUie5M-gmM5DaHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         ba:5e:98:31:c1:44:09:ad:c2:1c:11:37:83:8a:74:dc:49:80:
         5b:52:94:b5:d5:80:27:81:3e:a7:0d:ce:67:71:e6:75:ee:e3:
         e0:4c:46:28:d5:6b:ac:1c:ba:bd:71:b8:12:96:2f:26:b2:56:
         f5:cb:33:7b:b2:87:65:1c:7b:a8:30:f3:ed:f5:7b:a4:45:42:
         e0:d6:3e:c2:aa:63:03:2b:d4:20:02:11:6e:a9:ac:34:ae:3e:
         e2:39:29:5d:d4:ce:5e:36:dc:39:6a:32:8b:82:05:6f:82:62:
         a3:59:3b:e5:83:36:d8:6e:ba:83:67:9b:63:64:94:cc:b5:7a:
         8d:1c:94:33:09:25:fc:10:6e:1d:32:9b:3b:9a:2a:90:ec:a9:
         82:1b:e7:7c:5c:90:98:38:0e:12:10:89:61:cd:6a:61:57:dd:
         a4:d2:c5:49:7c:4b:f5:50:40:dd:ee:61:9e:c1:4a:ee:04:57:
         c4:58:fb:55:50:69:28:0c:8e:0d:a5:0f:2b:4e:e9:2c:fc:69:
         28:7d:f0:e8:53:09:1c:ad:1c:3d:98:2e:c9:66:bb:58:26:23:
         44:57:72:73:e8:13:f3:c7:ca:53:cf:78:d3:8a:8a:30:ad:cb:
         68:15:bf:d7:35:14:35:ad:03:cd:a3:d1:b2:4b:1e:31:7c:2a:
         4d:35:10:1b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuQAj4BmBSeaqGGikAFznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlODM3OTk5NjdlY2QwNGM1MzYxNDg5ZWU0Y2ZhMDk4Y2U0
MzY4NzEwHhcNMjUxMTExMDcwMjIwWhcNMjUxMTEyMDcwMjIwWjAzMTEwLwYDVQQD
Eyg2ZTAyOTdlMThkMDBjZGNjZWRkOTY3MDQ3NmVmYzI5MGUzNGIwZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0/6zLSGZD5htwJ8qrgWaD7o9cE6
WtjQi9cS229GPhlw4ev1CT57WXlvsDWrQW3p1PoQZ21NigSUoliWsoPq8vaXovyV
Yf3gD3h3j0vC7uLUVUpEYRW/JnLOqqFO52yKEhukLKqHFaJkktErn9mGBBizm+br
7jXxbPRhMQRet/HyWtXb0/ApT2ICmMNl/GeIz/YEX8aW2kikomcf+7Xp0P858xt+
CJceJE4861ZqPvxhkPoTWJHAlKxmN6okEI6GsDzhCtf2ydonlmNggeN20IfOTJ/L
tsmf8gvQuWrahpGF8TwrE46ys9CS6xmOiWJAvD5DYquee5SyqdsBPThCCwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFG4Cl+GNAM3M7dlnBHbvwpDjSw+9MB8GA1UdIwQY
MBaAFP6DeZln7NBMU2FInuTPoJjOQ2hxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX29ONW1XZnMwRXhUWVVpZTVNLWdtTTVEYUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC85YWYwMzMtMjM0ZC00NDA0LTgwOTYt
YzczYmVkY2RjYTZkLzEvX29ONW1XZnMwRXhUWVVpZTVNLWdtTTVEYUhFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC85YWYwMzMtMjM0ZC00NDA0LTgwOTYtYzczYmVkY2RjYTZk
LzEvX29ONW1XZnMwRXhUWVVpZTVNLWdtTTVEYUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAul6YMcFE
Ca3CHBE3g4p03EmAW1KUtdWAJ4E+pw3OZ3Hmde7j4ExGKNVrrBy6vXG4EpYvJrJW
9csze7KHZRx7qDDz7fV7pEVC4NY+wqpjAyvUIAIRbqmsNK4+4jkpXdTOXjbcOWoy
i4IFb4Jio1k75YM22G66g2ebY2SUzLV6jRyUMwkl/BBuHTKbO5oqkOypghvnfFyQ
mDgOEhCJYc1qYVfdpNLFSXxL9VBA3e5hnsFK7gRXxFj7VVBpKAyODaUPK07pLPxp
KH3w6FMJHK0cPZguyWa7WCYjRFdyc+gT88fKU89404qKMK3LaBW/1zUUNa0DzaPR
skseMXwqTTUQGw==
-----END CERTIFICATE-----