Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/2ac633-40ec-4027-af2d-0f899e0c20cd/1/HQw5Ht1cvuGhTgqz-T2DT65RHk0.mft
File:                     HQw5Ht1cvuGhTgqz-T2DT65RHk0.mft (raw, json)
Hash identifier:          vjy6onBIT3EMMuUGTEz8AI0D5l2rBoaqYHxCK4xxu80=
Subject key identifier:   27:08:1F:06:7E:4C:2F:B3:C1:34:BB:C5:CC:28:1B:C2:34:C4:B5:B2
Authority key identifier: 1D:0C:39:1E:DD:5C:BE:E1:A1:4E:0A:B3:F9:3D:83:4F:AE:51:1E:4D
Certificate issuer:       /CN=1d0c391edd5cbee1a14e0ab3f93d834fae511e4d
Certificate serial:       019A725C630CA7934E75A624132D2F244161
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQw5Ht1cvuGhTgqz-T2DT65RHk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/2ac633-40ec-4027-af2d-0f899e0c20cd/1/HQw5Ht1cvuGhTgqz-T2DT65RHk0.mft
Manifest number:          146C
Signing time:             Tue 11 Nov 2025 10:00:48 +0000
Manifest this update:     Tue 11 Nov 2025 10:00:48 +0000
Manifest next update:     Wed 12 Nov 2025 10:00:48 +0000
Files and hashes:         1: HQw5Ht1cvuGhTgqz-T2DT65RHk0.crl (hash: Rbf2JiPk0tAdu+j4oti1fSBnI+Zr8XtLoClABSaJ7rM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/2ac633-40ec-4027-af2d-0f899e0c20cd/1/HQw5Ht1cvuGhTgqz-T2DT65RHk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/2ac633-40ec-4027-af2d-0f899e0c20cd/1/HQw5Ht1cvuGhTgqz-T2DT65RHk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQw5Ht1cvuGhTgqz-T2DT65RHk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:63:0c:a7:93:4e:75:a6:24:13:2d:2f:24:41:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0c391edd5cbee1a14e0ab3f93d834fae511e4d
        Validity
            Not Before: Nov 11 10:00:48 2025 GMT
            Not After : Nov 12 10:00:48 2025 GMT
        Subject: CN=27081f067e4c2fb3c134bbc5cc281bc234c4b5b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ab:21:4a:ec:b9:18:a1:73:51:9d:99:e6:00:
                    fb:a1:1c:fe:98:c7:42:d6:05:45:1b:51:a8:81:bc:
                    37:26:72:80:a3:ff:1b:fb:7e:1a:c6:29:57:51:4c:
                    07:41:aa:ef:28:e6:da:ab:02:87:26:5b:f8:72:36:
                    d6:0c:34:5c:78:07:97:71:12:04:a5:6b:c1:21:0e:
                    f5:85:c8:aa:bb:d0:06:d6:50:cf:bb:d7:27:d3:d8:
                    84:f0:1f:dc:ab:fc:30:da:b9:03:b1:8c:5f:bb:28:
                    f1:ec:dd:55:a0:85:b4:06:d9:f3:ee:45:87:d6:39:
                    71:71:c2:c3:90:a3:e7:c8:73:7f:90:0e:10:4d:be:
                    20:82:45:9b:b2:f6:9c:4f:ea:98:70:5e:9a:b4:50:
                    9c:24:e2:0e:7b:10:5d:15:5a:5c:3c:fd:50:ee:83:
                    f7:f0:37:38:37:11:87:26:d6:8f:53:aa:0d:df:9b:
                    26:8a:cc:e7:04:bf:37:06:01:fd:17:7b:72:0d:43:
                    23:a6:fa:fb:d6:46:34:b4:e3:f1:a3:4c:1b:de:72:
                    fa:56:5e:aa:da:ec:f4:4f:1c:49:0e:e4:60:59:fd:
                    63:36:3c:9f:73:05:1c:7f:92:92:8d:fe:ff:ef:12:
                    b5:b7:aa:42:38:07:d3:db:42:b0:57:b3:a6:fa:7f:
                    c0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:08:1F:06:7E:4C:2F:B3:C1:34:BB:C5:CC:28:1B:C2:34:C4:B5:B2
            X509v3 Authority Key Identifier:
                keyid:1D:0C:39:1E:DD:5C:BE:E1:A1:4E:0A:B3:F9:3D:83:4F:AE:51:1E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQw5Ht1cvuGhTgqz-T2DT65RHk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2ac633-40ec-4027-af2d-0f899e0c20cd/1/HQw5Ht1cvuGhTgqz-T2DT65RHk0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2ac633-40ec-4027-af2d-0f899e0c20cd/1/HQw5Ht1cvuGhTgqz-T2DT65RHk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         8d:12:b5:7e:1e:1f:b0:ed:35:09:b9:f3:6f:5b:cd:8b:cf:3f:
         46:77:91:a0:dd:3b:01:08:53:ff:fc:0f:bb:98:ab:51:a5:27:
         c6:a3:96:b9:ef:ca:e7:2a:a1:ec:9b:a6:26:89:77:8c:2e:e1:
         26:69:56:71:18:68:33:81:9b:45:57:e2:d0:6b:26:85:2c:ca:
         ac:88:0e:e1:13:eb:8f:39:e9:c1:a6:da:cb:85:53:37:54:33:
         dd:c8:77:14:18:ba:08:05:d7:ea:54:f9:2e:70:9e:4a:f6:29:
         41:cd:75:e4:f4:48:82:d9:08:21:be:17:36:94:40:cb:83:e1:
         5d:bb:95:a1:23:ff:7c:ce:cb:dc:57:6c:21:f5:02:0c:30:20:
         ab:3e:ff:58:b1:84:3e:56:71:ae:54:32:a5:7a:c0:d8:14:c2:
         6e:91:e2:79:5a:e5:19:26:fa:23:2d:b3:66:df:97:78:c3:f6:
         41:b4:9c:35:64:5a:e2:89:89:bb:c3:03:4f:61:23:e2:ec:f3:
         c6:26:fe:53:32:1d:7b:12:0c:8d:9a:55:6c:dc:7d:95:c1:a1:
         ba:ae:d4:3e:1c:06:a1:68:1a:54:d4:4b:d0:6f:21:12:50:6b:
         fc:0c:74:35:d2:6b:b6:e0:da:9c:40:02:d2:b3:3e:d0:63:da:
         30:8f:ed:a4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXGMMp5NOdaYkEy0vJEFhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMGMzOTFlZGQ1Y2JlZTFhMTRlMGFiM2Y5M2Q4MzRmYWU1
MTFlNGQwHhcNMjUxMTExMTAwMDQ4WhcNMjUxMTEyMTAwMDQ4WjAzMTEwLwYDVQQD
EygyNzA4MWYwNjdlNGMyZmIzYzEzNGJiYzVjYzI4MWJjMjM0YzRiNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqshSuy5GKFzUZ2Z5gD7oRz+mMdC
1gVFG1Gogbw3JnKAo/8b+34axilXUUwHQarvKObaqwKHJlv4cjbWDDRceAeXcRIE
pWvBIQ71hciqu9AG1lDPu9cn09iE8B/cq/ww2rkDsYxfuyjx7N1VoIW0Btnz7kWH
1jlxccLDkKPnyHN/kA4QTb4ggkWbsvacT+qYcF6atFCcJOIOexBdFVpcPP1Q7oP3
8Dc4NxGHJtaPU6oN35smisznBL83BgH9F3tyDUMjpvr71kY0tOPxo0wb3nL6Vl6q
2uz0TxxJDuRgWf1jNjyfcwUcf5KSjf7/7xK1t6pCOAfT20KwV7Om+n/AlwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCcIHwZ+TC+zwTS7xcwoG8I0xLWyMB8GA1UdIwQY
MBaAFB0MOR7dXL7hoU4Ks/k9g0+uUR5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFF3NUh0MWN2dUdoVGdxei1UMkRUNjVSSGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8yYWM2MzMtNDBlYy00MDI3LWFmMmQt
MGY4OTllMGMyMGNkLzEvSFF3NUh0MWN2dUdoVGdxei1UMkRUNjVSSGswLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8yYWM2MzMtNDBlYy00MDI3LWFmMmQtMGY4OTllMGMyMGNk
LzEvSFF3NUh0MWN2dUdoVGdxei1UMkRUNjVSSGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAjRK1fh4f
sO01Cbnzb1vNi88/RneRoN07AQhT//wPu5irUaUnxqOWue/K5yqh7JumJol3jC7h
JmlWcRhoM4GbRVfi0GsmhSzKrIgO4RPrjznpwabay4VTN1Qz3ch3FBi6CAXX6lT5
LnCeSvYpQc115PRIgtkIIb4XNpRAy4PhXbuVoSP/fM7L3FdsIfUCDDAgqz7/WLGE
PlZxrlQypXrA2BTCbpHieVrlGSb6Iy2zZt+XeMP2QbScNWRa4omJu8MDT2Ej4uzz
xib+UzIdexIMjZpVbNx9lcGhuq7UPhwGoWgaVNRL0G8hElBr/Ax0NdJrtuDanEAC
0rM+0GPaMI/tpA==
-----END CERTIFICATE-----