Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft
File:                     9Lf2q209ljfV1-rM4943lLnPPg8.mft (raw, json)
Hash identifier:          btP2xtlfOKQlzeXzoFCRk/lpY+Tl6DvozCccVjIvEO0=
Subject key identifier:   52:76:D5:11:59:78:0F:3D:C4:5B:01:FD:D8:20:9D:7E:37:3C:F4:11
Authority key identifier: F4:B7:F6:AB:6D:3D:96:37:D5:D7:EA:CC:E3:DE:37:94:B9:CF:3E:0F
Certificate issuer:       /CN=f4b7f6ab6d3d9637d5d7eacce3de3794b9cf3e0f
Certificate serial:       01974EC51CBB31E0114C768FC7114A4A0606
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Lf2q209ljfV1-rM4943lLnPPg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft
Manifest number:          0129
Signing time:             Sun 08 Jun 2025 09:00:30 +0000
Manifest this update:     Sun 08 Jun 2025 09:00:30 +0000
Manifest next update:     Mon 09 Jun 2025 09:00:30 +0000
Files and hashes:         1: 9Lf2q209ljfV1-rM4943lLnPPg8.crl (hash: F5mqk7iQYv2LikHLVr05ejmjJkA9u4zB1z+XQA1fFLc=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Lf2q209ljfV1-rM4943lLnPPg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4e:c5:1c:bb:31:e0:11:4c:76:8f:c7:11:4a:4a:06:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b7f6ab6d3d9637d5d7eacce3de3794b9cf3e0f
        Validity
            Not Before: Jun  8 09:00:30 2025 GMT
            Not After : Jun  9 09:00:30 2025 GMT
        Subject: CN=5276d51159780f3dc45b01fdd8209d7e373cf411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:78:40:e1:f1:f0:97:8e:f7:2b:32:f0:a2:fc:
                    74:8b:3f:12:a5:c3:59:1b:e2:9e:ec:93:2c:f6:9f:
                    b5:13:74:84:69:fb:29:d7:5c:13:ca:60:7c:ae:c8:
                    4d:06:62:b4:4e:69:98:34:b5:56:9d:ae:f7:71:f5:
                    30:d4:44:d3:45:b5:a8:84:fb:d8:f9:6a:ad:46:64:
                    e3:d0:66:e6:22:45:ab:d2:bd:5d:0c:e1:1c:20:99:
                    c4:18:1e:f5:f9:53:6e:6a:24:52:3f:a0:60:d3:b7:
                    98:eb:9d:d9:44:1f:bc:01:a1:6a:c8:8b:dd:c9:12:
                    8d:00:62:61:2e:1c:5e:d5:4a:7a:8e:25:dc:3c:46:
                    89:f9:db:92:39:79:55:74:38:8e:91:34:d2:7e:c3:
                    a3:d5:b3:8b:5e:fc:79:d4:3e:b2:1b:41:83:44:77:
                    f4:9f:d3:1c:44:32:ac:57:65:c7:45:24:7a:b3:a7:
                    22:9a:d1:85:f0:51:ae:b4:af:1b:23:8c:48:ad:fe:
                    76:43:8f:cd:bb:95:f3:d1:db:58:70:5e:d5:a1:0f:
                    03:87:ed:bb:38:26:67:6e:93:86:96:a6:7c:78:aa:
                    c3:91:3f:fa:17:1c:ae:0c:45:3a:ac:46:cd:fb:a0:
                    f5:7b:7f:03:a3:98:46:b6:17:b8:15:f0:e4:a1:ad:
                    be:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:76:D5:11:59:78:0F:3D:C4:5B:01:FD:D8:20:9D:7E:37:3C:F4:11
            X509v3 Authority Key Identifier:
                keyid:F4:B7:F6:AB:6D:3D:96:37:D5:D7:EA:CC:E3:DE:37:94:B9:CF:3E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Lf2q209ljfV1-rM4943lLnPPg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         74:4e:d3:f5:32:8f:04:09:a8:54:5e:07:f5:18:d8:22:a6:38:
         6e:60:12:d4:cf:00:c9:82:b8:bb:3a:e0:d1:ae:16:9b:ce:12:
         c3:71:33:0a:cb:cb:ee:6e:dc:57:61:a3:99:ea:09:0e:7e:14:
         ae:2a:12:b6:f6:47:f1:3e:0a:1f:97:85:28:a4:45:3d:c3:a0:
         11:d6:c7:60:d0:66:82:14:71:96:bb:b0:3b:b5:ad:71:3c:74:
         ab:77:52:e2:f2:2b:d7:92:83:0f:9d:6b:bb:4c:82:51:24:bd:
         f9:99:8e:01:80:50:6e:06:4f:7b:33:72:bf:8e:de:f1:b8:ad:
         74:c3:87:ff:04:b2:76:b2:85:2b:c2:87:29:24:ff:f5:99:88:
         ed:e0:6b:9e:ad:1b:e2:d0:f9:aa:fe:38:5d:ae:1a:b5:a4:2b:
         8f:b3:c2:a1:8d:94:96:c8:75:84:ba:ca:9d:d3:33:fe:48:3a:
         6b:06:1d:3a:68:2d:88:01:b7:c1:95:c6:25:0e:18:82:76:de:
         17:2f:91:5f:e7:db:58:0a:37:39:01:13:57:23:c3:a4:69:a8:
         d6:3a:b4:75:a1:26:36:20:d2:a1:d6:59:ec:f2:42:3f:0c:1e:
         85:30:1f:ec:45:6d:73:69:aa:13:09:b4:b8:16:9a:72:a3:d0:
         1a:63:c1:4e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZdOxRy7MeARTHaPxxFKSgYGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjdmNmFiNmQzZDk2MzdkNWQ3ZWFjY2UzZGUzNzk0Yjlj
ZjNlMGYwHhcNMjUwNjA4MDkwMDMwWhcNMjUwNjA5MDkwMDMwWjAzMTEwLwYDVQQD
Eyg1Mjc2ZDUxMTU5NzgwZjNkYzQ1YjAxZmRkODIwOWQ3ZTM3M2NmNDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3hA4fHwl473KzLwovx0iz8SpcNZ
G+Ke7JMs9p+1E3SEafsp11wTymB8rshNBmK0TmmYNLVWna73cfUw1ETTRbWohPvY
+WqtRmTj0GbmIkWr0r1dDOEcIJnEGB71+VNuaiRSP6Bg07eY653ZRB+8AaFqyIvd
yRKNAGJhLhxe1Up6jiXcPEaJ+duSOXlVdDiOkTTSfsOj1bOLXvx51D6yG0GDRHf0
n9McRDKsV2XHRSR6s6cimtGF8FGutK8bI4xIrf52Q4/Nu5Xz0dtYcF7VoQ8Dh+27
OCZnbpOGlqZ8eKrDkT/6FxyuDEU6rEbN+6D1e38Do5hGthe4FfDkoa2+4wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFJ21RFZeA89xFsB/dggnX43PPQRMB8GA1UdIwQY
MBaAFPS39qttPZY31dfqzOPeN5S5zz4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxmMnEyMDlsamZWMS1yTTQ5NDNsTG5QUGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yYWE5ZjktYmRiNC00YWI5LThmOWIt
NmI4YWEwYTJjOTYwLzEvOUxmMnEyMDlsamZWMS1yTTQ5NDNsTG5QUGc4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yYWE5ZjktYmRiNC00YWI5LThmOWItNmI4YWEwYTJjOTYw
LzEvOUxmMnEyMDlsamZWMS1yTTQ5NDNsTG5QUGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAdE7T9TKP
BAmoVF4H9RjYIqY4bmAS1M8AyYK4uzrg0a4Wm84Sw3EzCsvL7m7cV2GjmeoJDn4U
rioStvZH8T4KH5eFKKRFPcOgEdbHYNBmghRxlruwO7WtcTx0q3dS4vIr15KDD51r
u0yCUSS9+ZmOAYBQbgZPezNyv47e8bitdMOH/wSydrKFK8KHKST/9ZmI7eBrnq0b
4tD5qv44Xa4ataQrj7PCoY2Ulsh1hLrKndMz/kg6awYdOmgtiAG3wZXGJQ4Ygnbe
Fy+RX+fbWAo3OQETVyPDpGmo1jq0daEmNiDSodZZ7PJCPwwehTAf7EVtc2mqEwm0
uBaacqPQGmPBTg==
-----END CERTIFICATE-----