Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/e8339e-fd6d-404d-a64c-cadc514ace72/1/oyPgQd1FllMz4rFHT8UL4vD6lQ4.mft
File:                     oyPgQd1FllMz4rFHT8UL4vD6lQ4.mft (raw, json)
Hash identifier:          7JJzk4F2plI7Cj/adQjWI8pTaW8+uyVZ4QkZeJ7vfwY=
Subject key identifier:   5A:3C:3C:B3:24:8D:16:CE:E5:E3:59:DC:DF:2F:9C:69:A2:DE:FD:6C
Authority key identifier: A3:23:E0:41:DD:45:96:53:33:E2:B1:47:4F:C5:0B:E2:F0:FA:95:0E
Certificate issuer:       /CN=a323e041dd45965333e2b1474fc50be2f0fa950e
Certificate serial:       019A7112D7A27776DC07D83941611160A266
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oyPgQd1FllMz4rFHT8UL4vD6lQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/e8339e-fd6d-404d-a64c-cadc514ace72/1/oyPgQd1FllMz4rFHT8UL4vD6lQ4.mft
Manifest number:          0B2F
Signing time:             Tue 11 Nov 2025 04:00:51 +0000
Manifest this update:     Tue 11 Nov 2025 04:00:51 +0000
Manifest next update:     Wed 12 Nov 2025 04:00:51 +0000
Files and hashes:         1: oyPgQd1FllMz4rFHT8UL4vD6lQ4.crl (hash: RBmGyk7Wx2+6bDirfTsZlmFWmwNKk2uyLDRlgKUgTV4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/e8339e-fd6d-404d-a64c-cadc514ace72/1/oyPgQd1FllMz4rFHT8UL4vD6lQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/e8339e-fd6d-404d-a64c-cadc514ace72/1/oyPgQd1FllMz4rFHT8UL4vD6lQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oyPgQd1FllMz4rFHT8UL4vD6lQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:12:d7:a2:77:76:dc:07:d8:39:41:61:11:60:a2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a323e041dd45965333e2b1474fc50be2f0fa950e
        Validity
            Not Before: Nov 11 04:00:51 2025 GMT
            Not After : Nov 12 04:00:51 2025 GMT
        Subject: CN=5a3c3cb3248d16cee5e359dcdf2f9c69a2defd6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:04:e5:dd:fe:86:af:ef:25:ab:57:9a:d3:2c:
                    7e:22:a3:70:c6:e5:86:a1:51:af:c2:b9:1c:8c:08:
                    6d:d7:f5:c5:8d:bb:e2:18:28:4d:2e:1c:8f:87:aa:
                    5d:9f:8d:c3:75:2c:dd:c9:06:8d:7f:c5:4f:a9:30:
                    f6:51:4b:ee:38:30:9b:0a:08:25:f2:27:8a:04:ae:
                    6f:10:0e:a6:d2:27:b0:67:6d:d2:3e:f7:67:d6:2d:
                    1d:7c:05:d7:a8:07:53:3f:24:52:36:b0:74:5c:f9:
                    8d:cc:69:d1:20:1f:f0:67:27:33:93:5a:a8:36:b0:
                    b6:18:75:58:da:34:62:46:88:b8:cf:32:1d:5b:3b:
                    84:1f:e1:54:a4:be:f2:be:fd:76:01:c8:68:4d:8d:
                    c3:9f:e2:ca:e2:b7:ee:58:ce:89:3c:a1:61:a5:b6:
                    59:d4:eb:f6:e4:62:88:cb:c1:f0:17:87:79:b6:5d:
                    80:ef:3e:7e:12:db:1d:ff:c9:ef:11:f3:fd:a5:74:
                    c7:42:e8:f6:69:01:60:ab:d3:1f:fc:b3:16:fb:1f:
                    42:f7:b6:d0:be:92:23:d7:ed:2d:eb:52:ac:d5:b5:
                    ba:71:9e:75:e7:3f:f7:06:ce:43:be:f3:bb:ad:35:
                    30:e2:55:83:8a:3e:91:0c:e8:90:09:4a:fe:44:0c:
                    7b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:3C:3C:B3:24:8D:16:CE:E5:E3:59:DC:DF:2F:9C:69:A2:DE:FD:6C
            X509v3 Authority Key Identifier:
                keyid:A3:23:E0:41:DD:45:96:53:33:E2:B1:47:4F:C5:0B:E2:F0:FA:95:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oyPgQd1FllMz4rFHT8UL4vD6lQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e8339e-fd6d-404d-a64c-cadc514ace72/1/oyPgQd1FllMz4rFHT8UL4vD6lQ4.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e8339e-fd6d-404d-a64c-cadc514ace72/1/oyPgQd1FllMz4rFHT8UL4vD6lQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         03:dd:c7:f9:ee:45:50:d8:ee:14:b5:82:32:21:5a:98:a0:f2:
         28:3d:6d:90:3d:79:30:b0:d4:22:7e:eb:8e:30:43:12:33:61:
         96:4e:47:b2:e5:7c:1b:cf:1d:bb:56:95:64:53:2f:37:74:5d:
         b3:4f:0c:3f:b3:e3:0a:f1:ad:1c:4a:8a:a1:a9:e8:a8:15:4d:
         1a:e3:6e:3e:27:a3:1c:f5:9e:93:15:8e:67:10:58:f6:b4:69:
         dd:71:a4:f3:5c:c3:10:65:5d:ca:20:15:72:b1:2f:d5:42:a1:
         ea:9d:15:5a:22:22:a2:3e:2a:b3:2d:1b:8b:9f:fb:f9:2b:70:
         5c:21:08:fb:a3:0e:4b:0a:ec:dc:c6:dc:76:8c:fc:c8:54:ed:
         84:62:8c:a5:4e:08:9f:da:c3:43:28:62:98:22:f2:a9:4d:22:
         4b:2a:9e:da:ad:5c:b9:68:e8:7c:68:e5:94:64:1d:f3:04:f0:
         5f:8e:78:6c:aa:e2:8e:00:0e:14:c0:37:6f:37:4e:27:e0:8f:
         57:0f:15:c8:b6:5b:71:ca:0b:51:79:f4:83:b9:81:47:b9:cf:
         4b:e5:12:cd:5a:c1:b3:6a:af:1f:6f:19:3b:b9:51:30:03:32:
         1e:c5:e6:ed:87:70:a3:ac:82:eb:7e:32:31:dc:17:52:7b:83:
         2b:99:e1:3c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxEteid3bcB9g5QWERYKJmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMjNlMDQxZGQ0NTk2NTMzM2UyYjE0NzRmYzUwYmUyZjBm
YTk1MGUwHhcNMjUxMTExMDQwMDUxWhcNMjUxMTEyMDQwMDUxWjAzMTEwLwYDVQQD
Eyg1YTNjM2NiMzI0OGQxNmNlZTVlMzU5ZGNkZjJmOWM2OWEyZGVmZDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqATl3f6Gr+8lq1ea0yx+IqNwxuWG
oVGvwrkcjAht1/XFjbviGChNLhyPh6pdn43DdSzdyQaNf8VPqTD2UUvuODCbCggl
8ieKBK5vEA6m0iewZ23SPvdn1i0dfAXXqAdTPyRSNrB0XPmNzGnRIB/wZyczk1qo
NrC2GHVY2jRiRoi4zzIdWzuEH+FUpL7yvv12AchoTY3Dn+LK4rfuWM6JPKFhpbZZ
1Ov25GKIy8HwF4d5tl2A7z5+Etsd/8nvEfP9pXTHQuj2aQFgq9Mf/LMW+x9C97bQ
vpIj1+0t61Ks1bW6cZ515z/3Bs5DvvO7rTUw4lWDij6RDOiQCUr+RAx7ZwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFo8PLMkjRbO5eNZ3N8vnGmi3v1sMB8GA1UdIwQY
MBaAFKMj4EHdRZZTM+KxR0/FC+Lw+pUOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3lQZ1FkMUZsbE16NHJGSFQ4VUw0dkQ2bFE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9lODMzOWUtZmQ2ZC00MDRkLWE2NGMt
Y2FkYzUxNGFjZTcyLzEvb3lQZ1FkMUZsbE16NHJGSFQ4VUw0dkQ2bFE0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9lODMzOWUtZmQ2ZC00MDRkLWE2NGMtY2FkYzUxNGFjZTcy
LzEvb3lQZ1FkMUZsbE16NHJGSFQ4VUw0dkQ2bFE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAA93H+e5F
UNjuFLWCMiFamKDyKD1tkD15MLDUIn7rjjBDEjNhlk5HsuV8G88du1aVZFMvN3Rd
s08MP7PjCvGtHEqKoanoqBVNGuNuPiejHPWekxWOZxBY9rRp3XGk81zDEGVdyiAV
crEv1UKh6p0VWiIioj4qsy0bi5/7+StwXCEI+6MOSwrs3Mbcdoz8yFTthGKMpU4I
n9rDQyhimCLyqU0iSyqe2q1cuWjofGjllGQd8wTwX454bKrijgAOFMA3bzdOJ+CP
Vw8VyLZbccoLUXn0g7mBR7nPS+USzVrBs2qvH28ZO7lRMAMyHsXm7Ydwo6yC634y
MdwXUnuDK5nhPA==
-----END CERTIFICATE-----