Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft
File:                     ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft (raw, json)
Hash identifier:          Zrvg03TledKPCGKEUgE/W1R8H+dgRR0Pv6h4/jClST8=
Subject key identifier:   29:70:03:37:FF:BC:81:B4:1C:8B:2B:34:4E:10:36:31:B8:F3:95:E8
Authority key identifier: 89:B9:8B:1D:BC:4D:B0:FB:D8:65:6D:2B:2B:8A:53:E2:C3:DC:A6:AB
Certificate issuer:       /CN=89b98b1dbc4db0fbd8656d2b2b8a53e2c3dca6ab
Certificate serial:       01964E59A1705856D299650CF373529B5BAA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ibmLHbxNsPvYZW0rK4pT4sPcpqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft
Manifest number:          0DF7
Signing time:             Sat 19 Apr 2025 14:00:18 +0000
Manifest this update:     Sat 19 Apr 2025 14:00:18 +0000
Manifest next update:     Sun 20 Apr 2025 14:00:18 +0000
Files and hashes:         1: ibmLHbxNsPvYZW0rK4pT4sPcpqs.crl (hash: vR/NrI8KsgmhvMlwK4XV4RT3a90Zgk0o0QDQfu+Fkcs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ibmLHbxNsPvYZW0rK4pT4sPcpqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4e:59:a1:70:58:56:d2:99:65:0c:f3:73:52:9b:5b:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89b98b1dbc4db0fbd8656d2b2b8a53e2c3dca6ab
        Validity
            Not Before: Apr 19 14:00:18 2025 GMT
            Not After : Apr 20 14:00:18 2025 GMT
        Subject: CN=29700337ffbc81b41c8b2b344e103631b8f395e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5d:fc:48:e6:a0:a2:0e:23:c3:89:49:ef:d3:
                    9b:40:9f:cc:53:a0:f0:68:2d:60:1b:b5:ef:9a:9a:
                    7c:cc:63:27:9c:ad:52:00:f2:81:39:7f:ce:db:04:
                    ee:ae:7b:0a:50:ef:67:74:18:87:9b:5d:97:2b:b0:
                    ee:0a:05:3c:69:5c:85:90:25:e6:c5:a0:eb:0b:bb:
                    26:ce:e9:81:f0:cd:35:ae:b1:b8:06:51:64:e0:a4:
                    59:ca:7f:2b:49:fa:78:b1:24:e7:f6:63:f5:62:39:
                    ef:ca:2e:80:62:36:ae:46:92:9e:96:f0:b9:3e:83:
                    94:4a:28:76:2a:0c:73:06:1d:44:7a:51:ab:d7:50:
                    43:81:07:ca:d6:ea:b3:f3:94:03:44:0b:17:ab:7a:
                    a3:21:eb:76:d1:4c:97:e2:d9:75:f1:95:a0:44:23:
                    56:ee:7e:fd:97:79:30:95:b5:14:e9:5a:6f:e3:e7:
                    be:7f:b9:a7:c1:28:3a:02:ed:b0:69:39:22:e0:6e:
                    ed:bc:0b:f5:82:dd:1e:f2:23:97:d7:3b:e4:29:d3:
                    64:c6:3f:8e:da:3f:33:0f:7b:24:94:e7:e1:be:70:
                    1b:2e:3e:01:3f:e8:f8:6a:c6:cc:da:e1:69:d3:ce:
                    08:43:65:38:a4:6d:47:32:9f:5f:55:97:83:17:9d:
                    31:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:70:03:37:FF:BC:81:B4:1C:8B:2B:34:4E:10:36:31:B8:F3:95:E8
            X509v3 Authority Key Identifier:
                keyid:89:B9:8B:1D:BC:4D:B0:FB:D8:65:6D:2B:2B:8A:53:E2:C3:DC:A6:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibmLHbxNsPvYZW0rK4pT4sPcpqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6b:40:d5:82:7a:77:28:bd:62:70:34:b5:05:64:61:ad:77:02:
         38:60:39:a8:a5:21:f0:af:fd:c8:73:e0:64:00:13:9a:70:f8:
         fd:04:db:11:ae:69:6c:49:82:18:1a:04:b4:7e:74:f0:e0:1a:
         35:a2:27:50:d1:91:bb:e1:dd:ff:92:93:03:66:f6:6b:5b:f1:
         5d:38:84:53:a1:d6:48:03:cc:08:f8:a3:7b:e7:5e:0b:22:26:
         3b:da:db:63:96:03:bd:3c:da:e2:dd:9b:6b:4f:80:66:ad:7f:
         d9:0d:c6:53:ce:83:db:99:29:22:40:a5:f8:9a:ab:51:74:c5:
         a4:5c:e4:c4:dc:e8:99:d5:bb:42:98:7b:36:f1:02:88:58:d2:
         53:d5:62:08:3c:c8:61:62:b2:52:61:57:66:40:68:2e:01:71:
         a3:80:34:37:01:80:68:e9:fa:91:40:60:0d:f4:de:9c:ff:89:
         3c:50:34:d6:36:af:9e:5a:5d:40:ba:65:2c:3b:71:5f:cc:3b:
         67:b2:85:7c:f9:45:f5:ee:60:9a:a4:ff:3a:1f:59:85:a6:aa:
         e3:02:1e:1d:db:b1:91:ff:17:a8:b0:5c:40:d9:35:a8:e4:ed:
         c4:2c:f7:0d:71:90:d4:51:ed:f3:77:93:f2:76:3d:8b:bb:29:
         06:18:67:74
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZOWaFwWFbSmWUM83NSm1uqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5Yjk4YjFkYmM0ZGIwZmJkODY1NmQyYjJiOGE1M2UyYzNk
Y2E2YWIwHhcNMjUwNDE5MTQwMDE4WhcNMjUwNDIwMTQwMDE4WjAzMTEwLwYDVQQD
EygyOTcwMDMzN2ZmYmM4MWI0MWM4YjJiMzQ0ZTEwMzYzMWI4ZjM5NWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAql38SOagog4jw4lJ79ObQJ/MU6Dw
aC1gG7Xvmpp8zGMnnK1SAPKBOX/O2wTurnsKUO9ndBiHm12XK7DuCgU8aVyFkCXm
xaDrC7smzumB8M01rrG4BlFk4KRZyn8rSfp4sSTn9mP1Yjnvyi6AYjauRpKelvC5
PoOUSih2KgxzBh1EelGr11BDgQfK1uqz85QDRAsXq3qjIet20UyX4tl18ZWgRCNW
7n79l3kwlbUU6Vpv4+e+f7mnwSg6Au2waTki4G7tvAv1gt0e8iOX1zvkKdNkxj+O
2j8zD3sklOfhvnAbLj4BP+j4asbM2uFp084IQ2U4pG1HMp9fVZeDF50x3wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFClwAzf/vIG0HIsrNE4QNjG485XoMB8GA1UdIwQY
MBaAFIm5ix28TbD72GVtKyuKU+LD3KarMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWJtTEhieE5zUHZZWlcwcks0cFQ0c1BjcHFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iNGI2MDAtNDdhNy00NzA3LTlhOWUt
NGRhNTQ0NzE3NjJlLzEvaWJtTEhieE5zUHZZWlcwcks0cFQ0c1BjcHFzLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iNGI2MDAtNDdhNy00NzA3LTlhOWUtNGRhNTQ0NzE3NjJl
LzEvaWJtTEhieE5zUHZZWlcwcks0cFQ0c1BjcHFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAa0DVgnp3
KL1icDS1BWRhrXcCOGA5qKUh8K/9yHPgZAATmnD4/QTbEa5pbEmCGBoEtH508OAa
NaInUNGRu+Hd/5KTA2b2a1vxXTiEU6HWSAPMCPije+deCyImO9rbY5YDvTza4t2b
a0+AZq1/2Q3GU86D25kpIkCl+JqrUXTFpFzkxNzomdW7Qph7NvECiFjSU9ViCDzI
YWKyUmFXZkBoLgFxo4A0NwGAaOn6kUBgDfTenP+JPFA01javnlpdQLplLDtxX8w7
Z7KFfPlF9e5gmqT/Oh9Zhaaq4wIeHduxkf8XqLBcQNk1qOTtxCz3DXGQ1FHt83eT
8nY9i7spBhhndA==
-----END CERTIFICATE-----