Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e2d8fe-01f1-4c56-91f8-ded743147d58/1/Q94YPxSj8k-bhtBE-HcphoC1Ers.mft
File:                     Q94YPxSj8k-bhtBE-HcphoC1Ers.mft (raw, json)
Hash identifier:          mEWXrRK9JUo/dK/tok7EgtTEnTd17cUlPGnEDQyuhoM=
Subject key identifier:   92:0E:7D:78:D1:4D:FB:99:FE:4D:92:D5:85:84:2E:13:B5:64:FB:9E
Authority key identifier: 43:DE:18:3F:14:A3:F2:4F:9B:86:D0:44:F8:77:29:86:80:B5:12:BB
Certificate issuer:       /CN=43de183f14a3f24f9b86d044f877298680b512bb
Certificate serial:       019A71EEB9F492A5F85269AEE567DE46D011
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q94YPxSj8k-bhtBE-HcphoC1Ers.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e2d8fe-01f1-4c56-91f8-ded743147d58/1/Q94YPxSj8k-bhtBE-HcphoC1Ers.mft
Manifest number:          0588
Signing time:             Tue 11 Nov 2025 08:01:01 +0000
Manifest this update:     Tue 11 Nov 2025 08:01:01 +0000
Manifest next update:     Wed 12 Nov 2025 08:01:01 +0000
Files and hashes:         1: Q94YPxSj8k-bhtBE-HcphoC1Ers.crl (hash: IOD51tNNUT9zNsBooe5NObSeI7g0mfUgIA0uvCrUBCI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e2d8fe-01f1-4c56-91f8-ded743147d58/1/Q94YPxSj8k-bhtBE-HcphoC1Ers.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e2d8fe-01f1-4c56-91f8-ded743147d58/1/Q94YPxSj8k-bhtBE-HcphoC1Ers.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q94YPxSj8k-bhtBE-HcphoC1Ers.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 08:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:ee:b9:f4:92:a5:f8:52:69:ae:e5:67:de:46:d0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43de183f14a3f24f9b86d044f877298680b512bb
        Validity
            Not Before: Nov 11 08:01:01 2025 GMT
            Not After : Nov 12 08:01:01 2025 GMT
        Subject: CN=920e7d78d14dfb99fe4d92d585842e13b564fb9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b3:8e:6a:bb:1c:1c:3f:aa:3a:4d:6f:22:c7:
                    67:20:32:23:2f:89:49:0b:9b:52:d1:e9:6c:60:a3:
                    bc:bf:73:92:46:dc:1f:72:57:fb:8f:6d:1b:37:3c:
                    0a:42:b7:6b:cc:fd:af:5e:3c:06:ca:e8:66:f2:0c:
                    12:a9:96:9e:f6:a2:6d:9f:37:8b:e9:ef:aa:28:48:
                    ef:cc:ae:c4:7e:9b:99:f0:0a:55:d2:9e:2f:44:4e:
                    ac:18:48:ac:b0:d6:89:f9:3b:0e:c8:a2:54:b3:30:
                    12:4e:42:56:b2:1c:9d:48:16:89:08:f8:13:79:c2:
                    81:70:e4:7e:14:b8:15:da:6a:fc:e4:90:d2:f1:2f:
                    7f:ff:37:81:1f:00:e0:a8:d5:c6:cb:8a:e1:23:79:
                    7a:15:03:7f:8b:82:d0:06:67:c2:79:8b:93:e6:a0:
                    6c:78:19:b0:e5:ae:87:a6:06:86:e5:3b:a6:ed:75:
                    2d:fa:09:d5:d5:1d:0e:5b:ef:5e:39:ce:fe:0a:0f:
                    c3:72:58:61:80:0b:6e:c4:1a:69:0f:86:b4:e9:67:
                    cc:a5:98:0e:bc:3d:6b:84:4c:59:f8:4d:2b:d2:5e:
                    a7:8b:e8:b7:e1:a8:c7:bd:b6:de:28:db:40:05:e0:
                    46:3a:61:fa:a2:8b:61:af:4f:16:56:ad:ff:7e:00:
                    5d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:0E:7D:78:D1:4D:FB:99:FE:4D:92:D5:85:84:2E:13:B5:64:FB:9E
            X509v3 Authority Key Identifier:
                keyid:43:DE:18:3F:14:A3:F2:4F:9B:86:D0:44:F8:77:29:86:80:B5:12:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q94YPxSj8k-bhtBE-HcphoC1Ers.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e2d8fe-01f1-4c56-91f8-ded743147d58/1/Q94YPxSj8k-bhtBE-HcphoC1Ers.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e2d8fe-01f1-4c56-91f8-ded743147d58/1/Q94YPxSj8k-bhtBE-HcphoC1Ers.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         03:6f:cf:b1:31:b3:66:06:77:3c:ec:1c:ed:5e:d7:12:88:16:
         95:39:5b:08:fb:7d:6e:f8:05:e5:30:e0:96:1d:4f:c0:e7:cc:
         a7:cb:29:49:77:2e:a9:d8:eb:a6:fa:4d:b3:c4:f4:4d:cb:67:
         69:4c:e3:e6:17:f2:14:13:d2:83:70:91:8e:4a:76:14:68:c4:
         98:53:9d:f4:f8:f9:82:e4:e8:9f:bb:a5:7b:09:db:66:d2:ee:
         bd:f2:08:70:f5:c2:85:17:64:f4:1c:03:fd:b3:ff:f6:f3:86:
         7e:53:81:20:86:d1:a6:79:f8:3d:24:52:97:fe:04:3d:15:67:
         d8:e4:19:4d:b3:91:46:cc:4f:e7:df:b3:9b:e5:bf:00:b6:12:
         a4:a5:56:ae:eb:84:96:9c:5b:6b:c5:15:3c:f6:d5:ff:fa:6e:
         c8:d2:2f:fb:49:a1:23:bc:70:61:fd:07:53:ee:2b:83:5d:ed:
         1c:36:40:06:d2:38:26:c0:80:3a:4e:3d:b3:3a:7a:c5:ca:9d:
         32:9b:88:35:eb:88:a7:5b:12:c6:9b:3b:d6:78:d8:21:26:dc:
         56:c1:6e:c5:e5:05:3a:72:92:dd:11:c9:1f:03:67:1a:78:8c:
         92:53:ff:c3:05:1c:40:63:a9:2e:eb:38:a2:da:f9:ff:6c:3c:
         71:19:a6:f5
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpx7rn0kqX4Ummu5WfeRtARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZGUxODNmMTRhM2YyNGY5Yjg2ZDA0NGY4NzcyOTg2ODBi
NTEyYmIwHhcNMjUxMTExMDgwMTAxWhcNMjUxMTEyMDgwMTAxWjAzMTEwLwYDVQQD
Eyg5MjBlN2Q3OGQxNGRmYjk5ZmU0ZDkyZDU4NTg0MmUxM2I1NjRmYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7OOarscHD+qOk1vIsdnIDIjL4lJ
C5tS0elsYKO8v3OSRtwfclf7j20bNzwKQrdrzP2vXjwGyuhm8gwSqZae9qJtnzeL
6e+qKEjvzK7EfpuZ8ApV0p4vRE6sGEissNaJ+TsOyKJUszASTkJWshydSBaJCPgT
ecKBcOR+FLgV2mr85JDS8S9//zeBHwDgqNXGy4rhI3l6FQN/i4LQBmfCeYuT5qBs
eBmw5a6HpgaG5Tum7XUt+gnV1R0OW+9eOc7+Cg/DclhhgAtuxBppD4a06WfMpZgO
vD1rhExZ+E0r0l6ni+i34ajHvbbeKNtABeBGOmH6oothr08WVq3/fgBd4QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJIOfXjRTfuZ/k2S1YWELhO1ZPueMB8GA1UdIwQY
MBaAFEPeGD8Uo/JPm4bQRPh3KYaAtRK7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTk0WVB4U2o4ay1iaHRCRS1IY3Bob0MxRXJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lMmQ4ZmUtMDFmMS00YzU2LTkxZjgt
ZGVkNzQzMTQ3ZDU4LzEvUTk0WVB4U2o4ay1iaHRCRS1IY3Bob0MxRXJzLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lMmQ4ZmUtMDFmMS00YzU2LTkxZjgtZGVkNzQzMTQ3ZDU4
LzEvUTk0WVB4U2o4ay1iaHRCRS1IY3Bob0MxRXJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAA2/PsTGz
ZgZ3POwc7V7XEogWlTlbCPt9bvgF5TDglh1PwOfMp8spSXcuqdjrpvpNs8T0Tctn
aUzj5hfyFBPSg3CRjkp2FGjEmFOd9Pj5guTon7ulewnbZtLuvfIIcPXChRdk9BwD
/bP/9vOGflOBIIbRpnn4PSRSl/4EPRVn2OQZTbORRsxP59+zm+W/ALYSpKVWruuE
lpxba8UVPPbV//puyNIv+0mhI7xwYf0HU+4rg13tHDZABtI4JsCAOk49szp6xcqd
MpuINeuIp1sSxps71njYISbcVsFuxeUFOnKS3RHJHwNnGniMklP/wwUcQGOpLus4
otr5/2w8cRmm9Q==
-----END CERTIFICATE-----