Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/70669e-5744-4477-86ba-795c3a612e8b/1/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.mft
File:                     KfQ0DfcXYFdICDAMsU_Bdg-uzPk.mft (raw, json)
Hash identifier:          SbK4vd93LxV4bcznutnZq0iqJ2FNlgFG36NPhRkNAdw=
Subject key identifier:   86:A8:A6:EB:E0:B6:A8:DD:06:51:C0:54:BF:3E:86:06:38:AC:09:05
Authority key identifier: 29:F4:34:0D:F7:17:60:57:48:08:30:0C:B1:4F:C1:76:0F:AE:CC:F9
Certificate issuer:       /CN=29f4340df71760574808300cb14fc1760faeccf9
Certificate serial:       019A71B7779C2CEDF9204A9AEC3CD5B43A14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/70669e-5744-4477-86ba-795c3a612e8b/1/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.mft
Manifest number:          01D3
Signing time:             Tue 11 Nov 2025 07:00:40 +0000
Manifest this update:     Tue 11 Nov 2025 07:00:40 +0000
Manifest next update:     Wed 12 Nov 2025 07:00:40 +0000
Files and hashes:         1: KfQ0DfcXYFdICDAMsU_Bdg-uzPk.crl (hash: Bck5VHu8PdktywTOaU65tGHjvzF7/V3yp9k4dDbKOag=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/70669e-5744-4477-86ba-795c3a612e8b/1/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/70669e-5744-4477-86ba-795c3a612e8b/1/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b7:77:9c:2c:ed:f9:20:4a:9a:ec:3c:d5:b4:3a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f4340df71760574808300cb14fc1760faeccf9
        Validity
            Not Before: Nov 11 07:00:40 2025 GMT
            Not After : Nov 12 07:00:40 2025 GMT
        Subject: CN=86a8a6ebe0b6a8dd0651c054bf3e860638ac0905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:89:56:61:2e:45:6e:4c:e3:eb:9e:24:cc:a9:
                    52:bc:34:99:70:35:20:03:82:35:75:5b:00:3e:bf:
                    9e:d0:80:4a:6b:f3:bc:b7:f6:2a:25:1a:f4:9c:26:
                    99:14:c3:8f:09:2b:5b:91:ca:d2:cd:72:5a:68:07:
                    b8:6d:35:18:af:fe:b3:85:88:64:80:0e:da:92:97:
                    be:94:ef:24:f0:07:3c:b2:e7:65:7b:ad:07:08:78:
                    52:cd:d5:31:37:f3:27:b0:0b:98:60:8a:c5:0e:bd:
                    b7:9b:02:38:ac:8b:b7:a7:e5:fb:a9:aa:12:4f:20:
                    c0:54:55:4b:e4:9b:e6:67:67:55:ab:32:c6:d2:f3:
                    23:3f:67:75:4b:ac:4d:37:f3:19:a9:42:7b:f7:27:
                    e5:d4:e3:1a:ad:85:0b:b9:ef:b2:cb:cd:80:cc:9f:
                    bc:3a:68:66:ed:35:f0:22:d8:de:82:7a:13:9d:a1:
                    92:41:c0:ce:d4:f5:26:e0:f9:df:d8:8c:07:8e:be:
                    81:bb:3c:3c:54:79:3a:e9:1c:c4:66:e7:bf:ce:98:
                    de:c8:93:c8:33:8d:0d:95:f9:c3:29:36:ac:da:e3:
                    83:5a:a7:b5:d3:04:34:fc:81:cb:52:71:10:d9:e5:
                    ca:36:2f:22:94:45:dc:fb:f9:25:61:4e:76:77:0b:
                    ca:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A8:A6:EB:E0:B6:A8:DD:06:51:C0:54:BF:3E:86:06:38:AC:09:05
            X509v3 Authority Key Identifier:
                keyid:29:F4:34:0D:F7:17:60:57:48:08:30:0C:B1:4F:C1:76:0F:AE:CC:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/70669e-5744-4477-86ba-795c3a612e8b/1/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/70669e-5744-4477-86ba-795c3a612e8b/1/KfQ0DfcXYFdICDAMsU_Bdg-uzPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5a:ee:96:f3:a0:25:78:3f:df:76:52:09:bd:09:29:9b:36:34:
         94:d0:1a:97:37:02:ab:9b:57:49:d6:03:b1:d6:bd:7a:02:a0:
         cb:31:a2:8e:44:ef:7a:14:f1:da:6d:cc:b1:f9:5f:54:bd:90:
         a5:e2:e8:d1:ae:4a:23:9e:b3:37:9e:d7:43:86:20:c3:a4:56:
         b4:b5:04:f0:76:5f:f5:f8:59:a4:9b:37:0c:50:8a:21:25:1e:
         11:59:77:10:5f:9a:b9:ee:39:fa:44:ec:cc:92:6c:5e:8c:5e:
         33:3e:79:ef:92:c5:f4:4d:18:e4:f4:c4:bd:8f:81:4d:d6:dc:
         f8:4c:20:72:02:1e:25:d4:cd:54:90:e2:07:9f:7c:d7:8a:cb:
         09:83:18:e1:ba:ab:5d:a0:b3:e8:ba:17:e3:42:e4:a0:53:95:
         bb:37:6e:84:18:cd:af:42:f9:55:42:a2:e4:03:38:0e:4c:10:
         40:3d:93:2c:b7:43:0e:58:8e:f3:1d:d8:a4:b3:7f:09:47:4f:
         48:64:7c:35:cf:68:e5:80:03:dd:80:16:b9:dd:26:1c:4b:1b:
         84:09:b9:8b:a5:90:21:30:b4:a9:36:13:68:21:83:36:56:2c:
         b8:83:b4:08:09:75:82:3d:66:af:ea:89:fb:d6:2a:96:5c:8e:
         ed:f4:98:81
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxt3ecLO35IEqa7DzVtDoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZjQzNDBkZjcxNzYwNTc0ODA4MzAwY2IxNGZjMTc2MGZh
ZWNjZjkwHhcNMjUxMTExMDcwMDQwWhcNMjUxMTEyMDcwMDQwWjAzMTEwLwYDVQQD
Eyg4NmE4YTZlYmUwYjZhOGRkMDY1MWMwNTRiZjNlODYwNjM4YWMwOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzolWYS5Fbkzj654kzKlSvDSZcDUg
A4I1dVsAPr+e0IBKa/O8t/YqJRr0nCaZFMOPCStbkcrSzXJaaAe4bTUYr/6zhYhk
gA7akpe+lO8k8Ac8sudle60HCHhSzdUxN/MnsAuYYIrFDr23mwI4rIu3p+X7qaoS
TyDAVFVL5JvmZ2dVqzLG0vMjP2d1S6xNN/MZqUJ79yfl1OMarYULue+yy82AzJ+8
Omhm7TXwItjegnoTnaGSQcDO1PUm4Pnf2IwHjr6Buzw8VHk66RzEZue/zpjeyJPI
M40NlfnDKTas2uODWqe10wQ0/IHLUnEQ2eXKNi8ilEXc+/klYU52dwvKgQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIaopuvgtqjdBlHAVL8+hgY4rAkFMB8GA1UdIwQY
MBaAFCn0NA33F2BXSAgwDLFPwXYPrsz5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZRMERmY1hZRmRJQ0RBTXNVX0JkZy11elBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC83MDY2OWUtNTc0NC00NDc3LTg2YmEt
Nzk1YzNhNjEyZThiLzEvS2ZRMERmY1hZRmRJQ0RBTXNVX0JkZy11elBrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC83MDY2OWUtNTc0NC00NDc3LTg2YmEtNzk1YzNhNjEyZThi
LzEvS2ZRMERmY1hZRmRJQ0RBTXNVX0JkZy11elBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAWu6W86Al
eD/fdlIJvQkpmzY0lNAalzcCq5tXSdYDsda9egKgyzGijkTvehTx2m3MsflfVL2Q
peLo0a5KI56zN57XQ4Ygw6RWtLUE8HZf9fhZpJs3DFCKISUeEVl3EF+aue45+kTs
zJJsXoxeMz5575LF9E0Y5PTEvY+BTdbc+EwgcgIeJdTNVJDiB59814rLCYMY4bqr
XaCz6LoX40LkoFOVuzduhBjNr0L5VUKi5AM4DkwQQD2TLLdDDliO8x3YpLN/CUdP
SGR8Nc9o5YAD3YAWud0mHEsbhAm5i6WQITC0qTYTaCGDNlYsuIO0CAl1gj1mr+qJ
+9YqllyO7fSYgQ==
-----END CERTIFICATE-----