Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/9675ce-8b5a-401d-a497-964e5f1bafef/1/xDGln2B5ajI2rhAIwtXGxHC8sEU.mft
File:                     xDGln2B5ajI2rhAIwtXGxHC8sEU.mft (raw, json)
Hash identifier:          hlqsvsBdvf6sT8ijUtqaZjt2fk/kJwR0SkhL3fuw0ww=
Subject key identifier:   8A:22:4B:DF:E1:11:28:EE:7A:43:A5:ED:B4:4E:D4:E9:25:1F:D7:DE
Authority key identifier: C4:31:A5:9F:60:79:6A:32:36:AE:10:08:C2:D5:C6:C4:70:BC:B0:45
Certificate issuer:       /CN=c431a59f60796a3236ae1008c2d5c6c470bcb045
Certificate serial:       019A7293A2E56571F6D612B48C3070F28411
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xDGln2B5ajI2rhAIwtXGxHC8sEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/9675ce-8b5a-401d-a497-964e5f1bafef/1/xDGln2B5ajI2rhAIwtXGxHC8sEU.mft
Manifest number:          07BA
Signing time:             Tue 11 Nov 2025 11:01:09 +0000
Manifest this update:     Tue 11 Nov 2025 11:01:09 +0000
Manifest next update:     Wed 12 Nov 2025 11:01:09 +0000
Files and hashes:         1: xDGln2B5ajI2rhAIwtXGxHC8sEU.crl (hash: EGdOlGdFyAMCu0htLW5w/hUQl4g6K1dC4a2k+eVA4UQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/9675ce-8b5a-401d-a497-964e5f1bafef/1/xDGln2B5ajI2rhAIwtXGxHC8sEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/9675ce-8b5a-401d-a497-964e5f1bafef/1/xDGln2B5ajI2rhAIwtXGxHC8sEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xDGln2B5ajI2rhAIwtXGxHC8sEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:93:a2:e5:65:71:f6:d6:12:b4:8c:30:70:f2:84:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c431a59f60796a3236ae1008c2d5c6c470bcb045
        Validity
            Not Before: Nov 11 11:01:09 2025 GMT
            Not After : Nov 12 11:01:09 2025 GMT
        Subject: CN=8a224bdfe11128ee7a43a5edb44ed4e9251fd7de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:94:13:9c:70:d2:75:b5:de:85:c7:b2:48:9d:
                    83:2e:a0:6f:9f:4f:78:88:fe:27:4a:ca:3e:8f:e2:
                    69:db:be:ce:af:4b:51:0f:51:62:8d:05:f3:fc:f8:
                    5a:02:68:f9:a2:fd:a1:51:b4:9a:e8:31:43:ac:3d:
                    c0:f9:1c:39:49:3f:18:69:4d:4a:31:04:10:8a:57:
                    05:98:c0:e9:25:58:9c:8e:b8:90:c1:d7:37:02:b0:
                    ef:58:75:d6:c7:f4:d3:2f:99:16:af:84:cb:e4:c4:
                    91:76:38:3f:05:75:4b:90:06:32:f8:e2:aa:4e:61:
                    f1:d5:a3:49:82:82:73:92:72:56:08:8f:6e:09:16:
                    c5:7f:db:16:13:9f:14:d7:66:cb:e3:24:1e:a3:16:
                    57:59:8e:f4:70:5d:e8:d0:75:1f:83:7b:e7:dd:30:
                    4b:0a:1c:5c:0e:ad:27:c6:bd:e3:5f:80:35:4d:c9:
                    ed:93:8d:77:32:73:ba:42:c7:fc:3b:d1:2e:72:ed:
                    90:f9:0b:03:85:be:c9:57:f9:c0:61:25:48:2a:a6:
                    60:34:3d:7a:c1:f6:df:6c:1e:51:f7:5f:f0:4c:bb:
                    5b:e6:6e:d3:3e:42:5c:ea:a2:2b:20:f7:8f:b2:2d:
                    d7:3a:c1:1b:77:fa:df:cb:9c:d7:42:39:c0:b0:e2:
                    ab:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:22:4B:DF:E1:11:28:EE:7A:43:A5:ED:B4:4E:D4:E9:25:1F:D7:DE
            X509v3 Authority Key Identifier:
                keyid:C4:31:A5:9F:60:79:6A:32:36:AE:10:08:C2:D5:C6:C4:70:BC:B0:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xDGln2B5ajI2rhAIwtXGxHC8sEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/9675ce-8b5a-401d-a497-964e5f1bafef/1/xDGln2B5ajI2rhAIwtXGxHC8sEU.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/9675ce-8b5a-401d-a497-964e5f1bafef/1/xDGln2B5ajI2rhAIwtXGxHC8sEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         dd:1d:02:30:15:9a:49:6a:88:e6:25:7f:39:fc:70:96:1c:da:
         55:f1:a5:b8:35:a9:7a:c9:bb:85:71:e6:3f:43:77:e5:de:c6:
         e4:1a:c9:c9:ae:79:4e:5e:1c:ac:31:e4:f0:c5:81:96:80:c4:
         b9:a0:89:e0:00:b7:92:df:24:14:63:b5:85:d7:da:ce:9a:5c:
         40:24:ec:0e:fa:81:51:ca:c3:10:f1:c9:bd:8b:63:b2:c0:9e:
         81:29:fa:73:a2:64:f7:08:48:05:fc:29:2f:56:8f:fe:da:2b:
         87:0d:8a:62:8a:3d:58:6b:e9:ea:05:e1:99:25:35:4e:97:77:
         c7:97:f2:c8:5a:fe:e5:ac:73:c9:fc:93:3a:8c:f7:5c:8d:64:
         8f:b8:41:4a:8e:2b:cb:49:cb:cc:6f:56:cf:bc:78:a9:0c:c6:
         bb:b0:91:b9:12:46:8c:07:d7:ea:8c:9d:14:4e:61:e1:98:15:
         75:64:75:b4:f7:af:b4:d5:6e:67:6b:cd:5a:c5:db:a5:04:86:
         ad:47:a8:f4:03:1b:60:ef:dc:0a:98:96:2e:82:9e:4d:7c:45:
         02:c2:45:19:08:a5:9c:a9:d6:0d:67:cf:51:08:73:fb:d2:bf:
         ec:44:cb:0e:55:e9:21:9a:a4:dd:0d:c5:14:73:50:fd:cd:9d:
         b6:ec:72:30
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyk6LlZXH21hK0jDBw8oQRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MzFhNTlmNjA3OTZhMzIzNmFlMTAwOGMyZDVjNmM0NzBi
Y2IwNDUwHhcNMjUxMTExMTEwMTA5WhcNMjUxMTEyMTEwMTA5WjAzMTEwLwYDVQQD
Eyg4YTIyNGJkZmUxMTEyOGVlN2E0M2E1ZWRiNDRlZDRlOTI1MWZkN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJQTnHDSdbXehceySJ2DLqBvn094
iP4nSso+j+Jp277Or0tRD1FijQXz/PhaAmj5ov2hUbSa6DFDrD3A+Rw5ST8YaU1K
MQQQilcFmMDpJVicjriQwdc3ArDvWHXWx/TTL5kWr4TL5MSRdjg/BXVLkAYy+OKq
TmHx1aNJgoJzknJWCI9uCRbFf9sWE58U12bL4yQeoxZXWY70cF3o0HUfg3vn3TBL
ChxcDq0nxr3jX4A1Tcntk413MnO6Qsf8O9Eucu2Q+QsDhb7JV/nAYSVIKqZgND16
wfbfbB5R91/wTLtb5m7TPkJc6qIrIPePsi3XOsEbd/rfy5zXQjnAsOKrjQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIoiS9/hESjuekOl7bRO1OklH9feMB8GA1UdIwQY
MBaAFMQxpZ9geWoyNq4QCMLVxsRwvLBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveERHbG4yQjVhakkycmhBSXd0WEd4SEM4c0VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85Njc1Y2UtOGI1YS00MDFkLWE0OTct
OTY0ZTVmMWJhZmVmLzEveERHbG4yQjVhakkycmhBSXd0WEd4SEM4c0VVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85Njc1Y2UtOGI1YS00MDFkLWE0OTctOTY0ZTVmMWJhZmVm
LzEveERHbG4yQjVhakkycmhBSXd0WEd4SEM4c0VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEA3R0CMBWa
SWqI5iV/OfxwlhzaVfGluDWpesm7hXHmP0N35d7G5BrJya55Tl4crDHk8MWBloDE
uaCJ4AC3kt8kFGO1hdfazppcQCTsDvqBUcrDEPHJvYtjssCegSn6c6Jk9whIBfwp
L1aP/torhw2KYoo9WGvp6gXhmSU1Tpd3x5fyyFr+5axzyfyTOoz3XI1kj7hBSo4r
y0nLzG9Wz7x4qQzGu7CRuRJGjAfX6oydFE5h4ZgVdWR1tPevtNVuZ2vNWsXbpQSG
rUeo9AMbYO/cCpiWLoKeTXxFAsJFGQilnKnWDWfPUQhz+9K/7ETLDlXpIZqk3Q3F
FHNQ/c2dtuxyMA==
-----END CERTIFICATE-----