Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/0ad468-daea-4b04-a408-27e96b9047a8/1/aU0ylbrOkvvFQHllxly2WWm60Cg.mft
File:                     aU0ylbrOkvvFQHllxly2WWm60Cg.mft (raw, json)
Hash identifier:          O6ZFItnSSD27XYn/zANlkC7zPiBVQyl/Zwhm9HdAoP4=
Subject key identifier:   29:EC:C0:D7:16:AF:D8:D1:7E:E3:08:FF:AD:8B:54:6D:B0:B1:BD:D6
Authority key identifier: 69:4D:32:95:BA:CE:92:FB:C5:40:79:65:C6:5C:B6:59:69:BA:D0:28
Certificate issuer:       /CN=694d3295bace92fbc5407965c65cb65969bad028
Certificate serial:       019A71EED699A0E38A866ACE70EC074ED9B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aU0ylbrOkvvFQHllxly2WWm60Cg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/0ad468-daea-4b04-a408-27e96b9047a8/1/aU0ylbrOkvvFQHllxly2WWm60Cg.mft
Manifest number:          021D
Signing time:             Tue 11 Nov 2025 08:01:09 +0000
Manifest this update:     Tue 11 Nov 2025 08:01:09 +0000
Manifest next update:     Wed 12 Nov 2025 08:01:09 +0000
Files and hashes:         1: aU0ylbrOkvvFQHllxly2WWm60Cg.crl (hash: ppKs6eHTM0xtt37o3dXS6xR76jiWLlEfwNZWCCBpdVk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/0ad468-daea-4b04-a408-27e96b9047a8/1/aU0ylbrOkvvFQHllxly2WWm60Cg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/0ad468-daea-4b04-a408-27e96b9047a8/1/aU0ylbrOkvvFQHllxly2WWm60Cg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aU0ylbrOkvvFQHllxly2WWm60Cg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 08:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:ee:d6:99:a0:e3:8a:86:6a:ce:70:ec:07:4e:d9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=694d3295bace92fbc5407965c65cb65969bad028
        Validity
            Not Before: Nov 11 08:01:09 2025 GMT
            Not After : Nov 12 08:01:09 2025 GMT
        Subject: CN=29ecc0d716afd8d17ee308ffad8b546db0b1bdd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:a5:af:1c:1e:45:c0:9d:8e:87:2f:a6:68:48:
                    53:82:1c:b6:f6:2c:ed:7d:61:b3:74:98:c4:ca:88:
                    70:03:0c:94:55:bf:1f:4a:a9:f5:10:5b:df:62:a8:
                    7f:ed:4d:57:05:ce:b9:86:18:be:7a:28:cc:46:95:
                    93:24:f4:52:91:3b:78:5f:30:71:8b:55:14:00:52:
                    54:01:92:db:3a:4f:ad:0f:83:af:97:41:01:5e:b6:
                    46:f1:c1:99:4f:31:6b:14:d8:a7:c5:e6:02:cd:1e:
                    39:8a:57:0f:bc:28:75:5b:ac:02:7d:15:f6:59:ca:
                    b7:a4:2d:43:40:c7:6e:e0:08:be:70:94:0c:31:27:
                    4d:1b:04:82:dc:29:48:5e:d3:40:23:e4:ca:1c:07:
                    8d:53:d4:de:28:f2:cc:f0:8e:09:19:a7:fb:1d:67:
                    75:fe:63:bd:83:23:66:30:f3:21:f9:a2:b9:63:cd:
                    92:93:ae:82:9b:d1:d2:09:43:ed:5d:07:02:d0:c5:
                    d1:09:16:98:34:30:c3:99:f6:b4:73:01:9e:19:20:
                    af:bd:cf:b6:5c:bf:45:c3:c8:c3:22:ed:a7:26:a2:
                    56:a1:bb:80:bc:fc:68:34:c0:ca:b8:55:0a:df:aa:
                    3d:4c:80:c9:75:10:05:82:de:d4:99:6c:d4:2c:0b:
                    93:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:EC:C0:D7:16:AF:D8:D1:7E:E3:08:FF:AD:8B:54:6D:B0:B1:BD:D6
            X509v3 Authority Key Identifier:
                keyid:69:4D:32:95:BA:CE:92:FB:C5:40:79:65:C6:5C:B6:59:69:BA:D0:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aU0ylbrOkvvFQHllxly2WWm60Cg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0ad468-daea-4b04-a408-27e96b9047a8/1/aU0ylbrOkvvFQHllxly2WWm60Cg.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/0ad468-daea-4b04-a408-27e96b9047a8/1/aU0ylbrOkvvFQHllxly2WWm60Cg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a9:87:ef:9a:97:03:da:43:3e:b9:0c:be:3e:ee:13:e1:ac:2b:
         4e:a4:e2:d5:01:19:f8:a6:a8:a4:ff:f9:d8:e6:04:b0:e9:a8:
         bb:3f:fa:0d:bf:79:fa:51:09:eb:23:f5:6b:7f:8f:b7:4d:5d:
         8d:d5:23:d7:7a:5c:f1:4c:ef:31:f3:1c:70:0d:e6:8e:43:d8:
         98:45:6c:0e:17:84:62:68:82:87:51:88:dd:93:5d:3b:f3:37:
         78:84:22:2a:64:b0:fa:dd:57:e2:a8:af:5e:80:d5:59:f2:fe:
         33:2f:f7:c9:42:1d:e4:23:83:06:70:77:9b:2c:61:ea:0d:f3:
         7b:ba:09:4c:2b:c4:48:8e:aa:0d:82:8c:f9:85:cc:81:ee:06:
         ec:fb:6e:fd:e2:e0:5a:01:39:44:8b:f5:bb:5c:4a:9d:57:4f:
         90:78:55:7f:2d:88:d1:2e:ca:09:3b:59:2c:6a:e1:72:65:a8:
         57:d6:b8:e8:7a:5a:d0:df:af:75:61:ad:02:f0:bc:49:44:5a:
         33:0f:c4:c5:13:65:7a:be:8a:94:aa:7d:49:1c:8b:20:ad:63:
         d4:6f:e5:b5:b8:d1:1c:8e:40:18:6a:39:34:4f:4e:dd:90:36:
         ca:98:66:a0:4e:64:a8:0f:c8:20:34:18:84:8e:eb:49:a5:57:
         d7:bc:48:62
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpx7taZoOOKhmrOcOwHTtmzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NGQzMjk1YmFjZTkyZmJjNTQwNzk2NWM2NWNiNjU5Njli
YWQwMjgwHhcNMjUxMTExMDgwMTA5WhcNMjUxMTEyMDgwMTA5WjAzMTEwLwYDVQQD
EygyOWVjYzBkNzE2YWZkOGQxN2VlMzA4ZmZhZDhiNTQ2ZGIwYjFiZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA86WvHB5FwJ2Ohy+maEhTghy29izt
fWGzdJjEyohwAwyUVb8fSqn1EFvfYqh/7U1XBc65hhi+eijMRpWTJPRSkTt4XzBx
i1UUAFJUAZLbOk+tD4Ovl0EBXrZG8cGZTzFrFNinxeYCzR45ilcPvCh1W6wCfRX2
Wcq3pC1DQMdu4Ai+cJQMMSdNGwSC3ClIXtNAI+TKHAeNU9TeKPLM8I4JGaf7HWd1
/mO9gyNmMPMh+aK5Y82Sk66Cm9HSCUPtXQcC0MXRCRaYNDDDmfa0cwGeGSCvvc+2
XL9Fw8jDIu2nJqJWobuAvPxoNMDKuFUK36o9TIDJdRAFgt7UmWzULAuTHwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCnswNcWr9jRfuMI/62LVG2wsb3WMB8GA1UdIwQY
MBaAFGlNMpW6zpL7xUB5ZcZctllputAoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVUweWxick9rdnZGUUhsbHhseTJXV202MENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8wYWQ0NjgtZGFlYS00YjA0LWE0MDgt
MjdlOTZiOTA0N2E4LzEvYVUweWxick9rdnZGUUhsbHhseTJXV202MENnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8wYWQ0NjgtZGFlYS00YjA0LWE0MDgtMjdlOTZiOTA0N2E4
LzEvYVUweWxick9rdnZGUUhsbHhseTJXV202MENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAqYfvmpcD
2kM+uQy+Pu4T4awrTqTi1QEZ+KaopP/52OYEsOmouz/6Db95+lEJ6yP1a3+Pt01d
jdUj13pc8UzvMfMccA3mjkPYmEVsDheEYmiCh1GI3ZNdO/M3eIQiKmSw+t1X4qiv
XoDVWfL+My/3yUId5CODBnB3myxh6g3ze7oJTCvESI6qDYKM+YXMge4G7Ptu/eLg
WgE5RIv1u1xKnVdPkHhVfy2I0S7KCTtZLGrhcmWoV9a46Hpa0N+vdWGtAvC8SURa
Mw/ExRNler6KlKp9SRyLIK1j1G/ltbjRHI5AGGo5NE9O3ZA2yphmoE5kqA/IIDQY
hI7rSaVX17xIYg==
-----END CERTIFICATE-----