Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft
File:                     OQlq7uS6fDS4EkCtSRrEba90wx0.mft (raw, json)
Hash identifier:          2o07YnJjNRJ6iXql9WyR6Nw6olfDC1OwEWHy4606Cl0=
Subject key identifier:   3D:E3:2C:DF:16:4E:02:99:EC:D5:1D:6B:21:D4:7E:EB:E4:1A:43:BA
Authority key identifier: 39:09:6A:EE:E4:BA:7C:34:B8:12:40:AD:49:1A:C4:6D:AF:74:C3:1D
Certificate issuer:       /CN=39096aeee4ba7c34b81240ad491ac46daf74c31d
Certificate serial:       019655DD34DB27B585F7D9E31750E4574554
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQlq7uS6fDS4EkCtSRrEba90wx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft
Manifest number:          14FC
Signing time:             Mon 21 Apr 2025 01:01:22 +0000
Manifest this update:     Mon 21 Apr 2025 01:01:22 +0000
Manifest next update:     Tue 22 Apr 2025 01:01:22 +0000
Files and hashes:         1: OQlq7uS6fDS4EkCtSRrEba90wx0.crl (hash: J0Xpmi1Okp2Hd6TwANlyvoX+w6Gql7UQ2We45JnPgP0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OQlq7uS6fDS4EkCtSRrEba90wx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:55:dd:34:db:27:b5:85:f7:d9:e3:17:50:e4:57:45:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39096aeee4ba7c34b81240ad491ac46daf74c31d
        Validity
            Not Before: Apr 21 01:01:22 2025 GMT
            Not After : Apr 22 01:01:22 2025 GMT
        Subject: CN=3de32cdf164e0299ecd51d6b21d47eebe41a43ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:36:f5:13:6e:b4:f6:03:e7:0b:df:ae:8c:e9:
                    3d:e5:5b:36:e9:79:66:93:1a:b0:8b:1a:ab:09:57:
                    27:5a:58:cf:16:1e:43:85:f5:38:6c:33:6a:4f:cb:
                    05:9d:ce:5d:d9:ef:ee:d2:23:0e:f9:b8:7f:a8:79:
                    43:68:79:83:51:f0:f6:af:2e:d0:b5:98:fc:9e:ca:
                    5f:a8:71:ed:ae:7b:00:a9:de:b0:8f:34:96:a0:3f:
                    3a:7f:b9:bc:17:52:15:cb:9f:ce:4c:33:0b:fc:64:
                    97:ae:ba:ba:1a:82:75:15:9a:df:d4:e2:eb:8e:74:
                    13:5c:f3:8c:f9:3b:bb:e9:cc:c7:a6:47:0b:fc:ab:
                    66:f0:7f:5a:f8:40:c9:ab:f4:8a:ea:6c:dc:ad:a5:
                    0e:60:03:92:ff:33:e5:97:1b:0c:97:43:7d:7c:f1:
                    91:db:41:44:47:19:48:0c:44:2c:9f:1b:01:ec:5b:
                    be:79:d0:2c:c9:04:b6:52:78:28:ee:21:b2:77:94:
                    f5:02:0c:7a:ab:62:57:6d:c1:a0:4b:95:d6:3f:1d:
                    d7:fc:99:c7:fe:15:bc:79:1d:65:77:be:a3:26:be:
                    f4:80:ed:33:30:4b:a2:82:fd:86:ba:29:98:71:ab:
                    d7:1e:09:4b:a7:5a:d8:14:e9:1e:c1:6c:93:76:75:
                    17:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E3:2C:DF:16:4E:02:99:EC:D5:1D:6B:21:D4:7E:EB:E4:1A:43:BA
            X509v3 Authority Key Identifier:
                keyid:39:09:6A:EE:E4:BA:7C:34:B8:12:40:AD:49:1A:C4:6D:AF:74:C3:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQlq7uS6fDS4EkCtSRrEba90wx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/bb1aa7-7455-4d2d-82da-105617638726/1/OQlq7uS6fDS4EkCtSRrEba90wx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4e:3d:bf:a2:f6:17:fc:9c:dd:93:4c:1d:32:83:b6:94:d0:0e:
         20:ee:70:2d:12:fa:5d:60:3b:8d:10:d9:f5:19:30:6b:23:40:
         33:06:9a:4a:e7:61:54:5d:25:af:c2:4c:5a:04:ed:8a:2f:58:
         59:ce:17:98:ba:ee:8b:0d:63:e1:20:56:6b:81:3e:71:6f:16:
         22:56:cd:6e:ce:b9:e7:63:c5:e5:cd:01:2b:78:84:8e:a4:99:
         52:bc:8e:b5:0b:6a:e3:ea:85:56:0a:6f:ea:1a:25:70:7e:6a:
         45:26:7f:75:c0:59:db:06:d8:fb:49:54:03:3d:e6:4d:8f:4a:
         46:17:6e:c0:e3:74:b6:01:d3:d9:d5:51:e3:f6:33:2f:38:e7:
         ca:ac:49:7e:09:f1:c9:fc:e2:fa:9b:20:77:77:17:86:54:bc:
         92:ea:85:19:f8:53:78:ef:82:4a:78:b2:27:e4:a4:24:48:e2:
         98:fd:f7:3b:82:94:06:9a:27:2a:35:6f:ce:eb:38:ad:03:2b:
         e5:72:14:9c:79:c4:f7:08:29:33:ad:8d:4b:27:62:fe:c5:73:
         ff:21:89:12:e5:f4:bd:ee:a9:8b:1e:78:d1:5d:f6:73:71:d7:
         bf:fc:11:0f:da:c8:6d:1b:30:fe:ee:fc:35:63:eb:af:61:6c:
         63:47:10:d4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZV3TTbJ7WF99njF1DkV0VUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MDk2YWVlZTRiYTdjMzRiODEyNDBhZDQ5MWFjNDZkYWY3
NGMzMWQwHhcNMjUwNDIxMDEwMTIyWhcNMjUwNDIyMDEwMTIyWjAzMTEwLwYDVQQD
EygzZGUzMmNkZjE2NGUwMjk5ZWNkNTFkNmIyMWQ0N2VlYmU0MWE0M2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDb1E2609gPnC9+ujOk95Vs26Xlm
kxqwixqrCVcnWljPFh5DhfU4bDNqT8sFnc5d2e/u0iMO+bh/qHlDaHmDUfD2ry7Q
tZj8nspfqHHtrnsAqd6wjzSWoD86f7m8F1IVy5/OTDML/GSXrrq6GoJ1FZrf1OLr
jnQTXPOM+Tu76czHpkcL/Ktm8H9a+EDJq/SK6mzcraUOYAOS/zPllxsMl0N9fPGR
20FERxlIDEQsnxsB7Fu+edAsyQS2Ungo7iGyd5T1Agx6q2JXbcGgS5XWPx3X/JnH
/hW8eR1ld76jJr70gO0zMEuigv2GuimYcavXHglLp1rYFOkewWyTdnUXVQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFD3jLN8WTgKZ7NUdayHUfuvkGkO6MB8GA1UdIwQY
MBaAFDkJau7kunw0uBJArUkaxG2vdMMdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1FscTd1UzZmRFM0RWtDdFNSckViYTkwd3gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iYjFhYTctNzQ1NS00ZDJkLTgyZGEt
MTA1NjE3NjM4NzI2LzEvT1FscTd1UzZmRFM0RWtDdFNSckViYTkwd3gwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iYjFhYTctNzQ1NS00ZDJkLTgyZGEtMTA1NjE3NjM4NzI2
LzEvT1FscTd1UzZmRFM0RWtDdFNSckViYTkwd3gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEATj2/ovYX
/Jzdk0wdMoO2lNAOIO5wLRL6XWA7jRDZ9RkwayNAMwaaSudhVF0lr8JMWgTtii9Y
Wc4XmLruiw1j4SBWa4E+cW8WIlbNbs6552PF5c0BK3iEjqSZUryOtQtq4+qFVgpv
6holcH5qRSZ/dcBZ2wbY+0lUAz3mTY9KRhduwON0tgHT2dVR4/YzLzjnyqxJfgnx
yfzi+psgd3cXhlS8kuqFGfhTeO+CSniyJ+SkJEjimP33O4KUBponKjVvzus4rQMr
5XIUnHnE9wgpM62NSydi/sVz/yGJEuX0ve6pix540V32c3HXv/wRD9rIbRsw/u78
NWPrr2FsY0cQ1A==
-----END CERTIFICATE-----