Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft
File:                     OQlq7uS6fDS4EkCtSRrEba90wx0.mft (raw, json)
Hash identifier:          QVUq9uesgIVqzxOgVSWlevHMw/XR5dA7PYo2sAb9vFg=
Subject key identifier:   6E:78:E3:0D:96:DA:7F:F4:BA:8B:DC:FA:1C:D7:1D:31:FC:AE:AE:A4
Authority key identifier: 39:09:6A:EE:E4:BA:7C:34:B8:12:40:AD:49:1A:C4:6D:AF:74:C3:1D
Certificate issuer:       /CN=39096aeee4ba7c34b81240ad491ac46daf74c31d
Certificate serial:       019A725C8B3A9294B5966DBE9529CC83081D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQlq7uS6fDS4EkCtSRrEba90wx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 10:00:58 +0000
Manifest this update:     Tue 11 Nov 2025 10:00:58 +0000
Manifest next update:     Wed 12 Nov 2025 10:00:58 +0000
Files and hashes:         1: OQlq7uS6fDS4EkCtSRrEba90wx0.crl (hash: aXsMzymrSpCjKZAoVkb7kuTIL4BR3ANkUoF/YwKl8Fs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OQlq7uS6fDS4EkCtSRrEba90wx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:8b:3a:92:94:b5:96:6d:be:95:29:cc:83:08:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39096aeee4ba7c34b81240ad491ac46daf74c31d
        Validity
            Not Before: Nov 11 10:00:58 2025 GMT
            Not After : Nov 12 10:00:58 2025 GMT
        Subject: CN=6e78e30d96da7ff4ba8bdcfa1cd71d31fcaeaea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:21:3c:98:2b:0d:89:5d:ef:01:c7:34:1a:9f:
                    71:4b:51:6a:db:1f:b3:06:1d:2b:c1:1f:9a:1b:52:
                    0f:16:d4:83:d4:f8:e3:cc:8d:c9:83:c4:be:d9:93:
                    56:83:23:8e:a3:2b:b3:91:89:da:3a:30:24:14:d7:
                    c5:58:b8:c9:83:6e:0f:65:90:0b:4a:9a:da:27:76:
                    67:92:05:c2:fb:25:0e:b0:81:a5:9c:48:2b:fa:98:
                    cb:6c:33:66:32:e5:f3:6c:c4:17:68:b6:ae:17:2a:
                    68:58:84:fe:5c:d5:f1:4e:08:79:37:2c:ed:b2:f5:
                    5f:9d:72:51:5a:12:46:fc:2c:62:59:88:75:f3:8e:
                    eb:c4:f7:17:83:df:ee:e6:10:5a:41:71:1b:59:ce:
                    3f:ae:47:62:09:9d:f8:cd:a6:53:70:34:74:1c:bd:
                    74:a0:a5:3c:b0:5d:e3:50:c1:39:3b:4b:02:0f:b0:
                    86:25:59:d6:bd:a1:78:33:f7:e2:2b:8e:f6:c5:3e:
                    f5:3d:27:db:ec:42:31:ab:b1:dc:d1:6c:73:cc:67:
                    89:49:32:39:97:ad:9a:cf:63:c3:d9:25:f7:16:35:
                    8b:1d:6a:9c:56:b9:05:74:73:01:77:3b:70:9f:c1:
                    ff:1d:64:1f:64:f3:15:3b:93:71:f4:61:e6:6d:93:
                    2d:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:78:E3:0D:96:DA:7F:F4:BA:8B:DC:FA:1C:D7:1D:31:FC:AE:AE:A4
            X509v3 Authority Key Identifier:
                keyid:39:09:6A:EE:E4:BA:7C:34:B8:12:40:AD:49:1A:C4:6D:AF:74:C3:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQlq7uS6fDS4EkCtSRrEba90wx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6d:7c:ce:ea:21:b9:71:7c:6a:e1:53:d8:a7:9e:65:5e:b4:fc:
         d6:9a:af:0f:e6:91:b3:78:8e:83:2a:8e:0a:3f:0c:8b:88:72:
         92:a3:e5:e0:d8:0d:34:a0:1b:51:62:09:47:2d:83:0c:47:9e:
         52:23:09:d0:c6:42:64:4c:10:71:2a:48:4d:b0:6b:d8:dd:fa:
         ac:cd:7f:19:40:67:2f:c2:c9:c6:1f:1b:cb:01:3c:c3:d0:36:
         f5:a4:ce:4c:22:06:a8:53:2a:53:2f:f6:13:10:c9:2c:95:ad:
         1a:4a:60:b5:b9:6d:47:01:c9:80:5d:61:83:41:87:07:3d:3d:
         92:43:da:1c:11:26:60:a4:63:af:e3:ec:32:bb:14:02:4f:29:
         5f:60:18:d0:80:d7:9c:7b:c1:d4:70:9b:d8:51:ab:1d:25:c9:
         ad:0b:1f:54:5c:55:7b:ea:e4:4c:71:55:7a:72:ba:b4:39:8a:
         be:69:f6:06:44:29:60:2f:c8:77:0b:48:9e:41:4c:ae:f4:e8:
         d9:5e:7f:23:6a:9a:b9:4f:8f:42:f2:13:19:15:0f:ba:a2:54:
         65:2a:1a:fa:c0:c0:c3:61:fe:18:d5:80:68:b4:f3:46:45:82:
         df:bc:93:bc:96:e4:3c:81:59:39:37:7b:27:fe:1b:f8:09:f9:
         30:df:a3:10
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXIs6kpS1lm2+lSnMgwgdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDk2YWVlZTRiYTdjMzRiODEyNDBhZDQ5MWFjNDZkYWY3
NGMzMWQwHhcNMjUxMTExMTAwMDU4WhcNMjUxMTEyMTAwMDU4WjAzMTEwLwYDVQQD
Eyg2ZTc4ZTMwZDk2ZGE3ZmY0YmE4YmRjZmExY2Q3MWQzMWZjYWVhZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiE8mCsNiV3vAcc0Gp9xS1Fq2x+z
Bh0rwR+aG1IPFtSD1PjjzI3Jg8S+2ZNWgyOOoyuzkYnaOjAkFNfFWLjJg24PZZAL
SpraJ3ZnkgXC+yUOsIGlnEgr+pjLbDNmMuXzbMQXaLauFypoWIT+XNXxTgh5Nyzt
svVfnXJRWhJG/CxiWYh1847rxPcXg9/u5hBaQXEbWc4/rkdiCZ34zaZTcDR0HL10
oKU8sF3jUME5O0sCD7CGJVnWvaF4M/fiK472xT71PSfb7EIxq7Hc0WxzzGeJSTI5
l62az2PD2SX3FjWLHWqcVrkFdHMBdztwn8H/HWQfZPMVO5Nx9GHmbZMtkwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFG544w2W2n/0uovc+hzXHTH8rq6kMB8GA1UdIwQY
MBaAFDkJau7kunw0uBJArUkaxG2vdMMdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FscTd1UzZmRFM0RWtDdFNSckViYTkwd3gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iYjFhYTctNzQ1NS00ZDJkLTgyZGEt
MTA1NjE3NjM4NzI2LzEvT1FscTd1UzZmRFM0RWtDdFNSckViYTkwd3gwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iYjFhYTctNzQ1NS00ZDJkLTgyZGEtMTA1NjE3NjM4NzI2
LzEvT1FscTd1UzZmRFM0RWtDdFNSckViYTkwd3gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAbXzO6iG5
cXxq4VPYp55lXrT81pqvD+aRs3iOgyqOCj8Mi4hykqPl4NgNNKAbUWIJRy2DDEee
UiMJ0MZCZEwQcSpITbBr2N36rM1/GUBnL8LJxh8bywE8w9A29aTOTCIGqFMqUy/2
ExDJLJWtGkpgtbltRwHJgF1hg0GHBz09kkPaHBEmYKRjr+PsMrsUAk8pX2AY0IDX
nHvB1HCb2FGrHSXJrQsfVFxVe+rkTHFVenK6tDmKvmn2BkQpYC/IdwtInkFMrvTo
2V5/I2qauU+PQvITGRUPuqJUZSoa+sDAw2H+GNWAaLTzRkWC37yTvJbkPIFZOTd7
J/4b+An5MN+jEA==
-----END CERTIFICATE-----