Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/cdd985-334c-4a0d-a7a8-75c0ccedf976/1/861SH4OIdIPIybDG895f1e1Whck.mft
File:                     861SH4OIdIPIybDG895f1e1Whck.mft (raw, json)
Hash identifier:          1GoM3EvhLBYCWVQr/KfWcICdoEMZqo9ol/I9fDqoGU0=
Subject key identifier:   84:3D:37:95:E9:4F:F2:87:32:BC:A2:B8:5B:93:4C:64:EA:CC:66:C0
Authority key identifier: F3:AD:52:1F:83:88:74:83:C8:C9:B0:C6:F3:DE:5F:D5:ED:56:85:C9
Certificate issuer:       /CN=f3ad521f83887483c8c9b0c6f3de5fd5ed5685c9
Certificate serial:       019A71B7CD4C177029CF44EE1DCBAF2DFC45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/861SH4OIdIPIybDG895f1e1Whck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/cdd985-334c-4a0d-a7a8-75c0ccedf976/1/861SH4OIdIPIybDG895f1e1Whck.mft
Manifest number:          0CA9
Signing time:             Tue 11 Nov 2025 07:01:02 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:02 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:02 +0000
Files and hashes:         1: 861SH4OIdIPIybDG895f1e1Whck.crl (hash: pndz+k4OEfqF5gkqX2poLtd7Xes4vUJJdSybaaGEsTs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/cdd985-334c-4a0d-a7a8-75c0ccedf976/1/861SH4OIdIPIybDG895f1e1Whck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/cdd985-334c-4a0d-a7a8-75c0ccedf976/1/861SH4OIdIPIybDG895f1e1Whck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/861SH4OIdIPIybDG895f1e1Whck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b7:cd:4c:17:70:29:cf:44:ee:1d:cb:af:2d:fc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3ad521f83887483c8c9b0c6f3de5fd5ed5685c9
        Validity
            Not Before: Nov 11 07:01:02 2025 GMT
            Not After : Nov 12 07:01:02 2025 GMT
        Subject: CN=843d3795e94ff28732bca2b85b934c64eacc66c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:3e:fe:9e:2b:e6:ea:0e:52:af:0e:7b:6c:30:
                    bf:0c:8c:2c:f4:5a:25:6c:db:a7:3d:d2:b8:20:b0:
                    ac:38:8d:38:26:bc:d5:8c:ab:b0:f7:0e:c3:85:e1:
                    08:00:d0:43:bc:76:9f:eb:ff:b1:21:2c:91:a5:3f:
                    c4:e3:1e:fe:df:13:dc:e5:bf:b0:ed:09:e8:8f:e7:
                    50:06:68:d9:c6:e4:44:1c:74:cd:3f:71:3c:1e:c9:
                    fc:66:ee:80:86:03:c4:e3:74:64:1e:6b:9e:92:b2:
                    c0:75:cc:1d:f6:b2:8f:e2:81:e6:3d:d3:31:79:34:
                    69:18:89:ff:d5:49:7c:66:4f:82:13:51:47:0e:88:
                    28:80:f6:74:02:aa:31:42:72:dc:b3:7a:9a:75:36:
                    93:77:d7:84:69:77:a9:26:4b:b6:5e:58:59:19:54:
                    b2:27:fd:6a:35:eb:e7:3c:ce:63:bf:5c:43:a5:cc:
                    78:23:65:03:ff:2c:4a:2d:55:55:99:a4:e5:27:7c:
                    45:8d:1d:24:e8:02:c8:04:ba:73:ec:f4:31:c8:8f:
                    fc:67:b2:6d:b3:10:eb:a4:d4:a2:17:d1:93:40:13:
                    aa:33:00:f1:3c:48:71:c9:14:36:5f:ca:9b:02:a7:
                    ff:32:c6:4d:6c:62:4f:42:2e:93:53:60:9c:12:cd:
                    40:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3D:37:95:E9:4F:F2:87:32:BC:A2:B8:5B:93:4C:64:EA:CC:66:C0
            X509v3 Authority Key Identifier:
                keyid:F3:AD:52:1F:83:88:74:83:C8:C9:B0:C6:F3:DE:5F:D5:ED:56:85:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/861SH4OIdIPIybDG895f1e1Whck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/cdd985-334c-4a0d-a7a8-75c0ccedf976/1/861SH4OIdIPIybDG895f1e1Whck.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/cdd985-334c-4a0d-a7a8-75c0ccedf976/1/861SH4OIdIPIybDG895f1e1Whck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1c:cd:c4:95:e3:5f:5e:c6:eb:68:4c:6f:01:33:ed:62:58:24:
         7c:45:6b:07:c5:e0:f1:da:d6:3b:b3:6c:23:67:cb:7b:31:b4:
         3c:6d:c5:fd:e7:76:94:7f:58:5e:ea:b8:68:9a:05:71:a5:60:
         3c:60:3f:74:47:92:91:7e:58:41:a5:65:f4:6a:e4:8c:d1:19:
         b7:fc:4b:6a:c5:63:38:af:35:95:c7:26:ce:5c:d9:f9:41:08:
         45:37:29:9e:c7:8d:cb:b9:50:20:0f:bc:8a:a3:b9:5e:d5:c4:
         cf:a1:f6:e7:01:e7:c3:08:e0:2f:a5:8e:6f:4d:6c:76:23:6a:
         30:7f:7f:77:16:25:da:0c:0c:06:00:e9:44:d7:c1:03:7c:7d:
         5a:f7:48:68:3d:d8:5b:46:f0:a6:18:6f:08:1b:be:4d:16:e9:
         67:cf:a5:99:9c:b4:8e:b0:f0:47:4d:0e:4b:2d:29:14:ee:38:
         bd:7f:38:4b:98:1a:0f:6f:83:b4:71:a3:9d:7c:e2:3a:1c:f3:
         54:ab:95:40:83:40:61:ed:31:3f:7f:46:7c:7b:eb:a2:da:25:
         02:37:7f:a3:18:55:ac:44:24:40:7c:06:56:30:02:81:19:95:
         f6:90:cb:28:4f:bb:0b:fd:b3:9c:2b:11:34:41:d4:da:df:92:
         ca:61:58:d3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxt81MF3Apz0TuHcuvLfxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYWQ1MjFmODM4ODc0ODNjOGM5YjBjNmYzZGU1ZmQ1ZWQ1
Njg1YzkwHhcNMjUxMTExMDcwMTAyWhcNMjUxMTEyMDcwMTAyWjAzMTEwLwYDVQQD
Eyg4NDNkMzc5NWU5NGZmMjg3MzJiY2EyYjg1YjkzNGM2NGVhY2M2NmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj7+nivm6g5Srw57bDC/DIws9Fol
bNunPdK4ILCsOI04JrzVjKuw9w7DheEIANBDvHaf6/+xISyRpT/E4x7+3xPc5b+w
7Qnoj+dQBmjZxuREHHTNP3E8Hsn8Zu6AhgPE43RkHmuekrLAdcwd9rKP4oHmPdMx
eTRpGIn/1Ul8Zk+CE1FHDogogPZ0AqoxQnLcs3qadTaTd9eEaXepJku2XlhZGVSy
J/1qNevnPM5jv1xDpcx4I2UD/yxKLVVVmaTlJ3xFjR0k6ALIBLpz7PQxyI/8Z7Jt
sxDrpNSiF9GTQBOqMwDxPEhxyRQ2X8qbAqf/MsZNbGJPQi6TU2CcEs1AJwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIQ9N5XpT/KHMryiuFuTTGTqzGbAMB8GA1UdIwQY
MBaAFPOtUh+DiHSDyMmwxvPeX9XtVoXJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODYxU0g0T0lkSVBJeWJERzg5NWYxZTFXaGNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jZGQ5ODUtMzM0Yy00YTBkLWE3YTgt
NzVjMGNjZWRmOTc2LzEvODYxU0g0T0lkSVBJeWJERzg5NWYxZTFXaGNrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jZGQ5ODUtMzM0Yy00YTBkLWE3YTgtNzVjMGNjZWRmOTc2
LzEvODYxU0g0T0lkSVBJeWJERzg5NWYxZTFXaGNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAHM3EleNf
XsbraExvATPtYlgkfEVrB8Xg8drWO7NsI2fLezG0PG3F/ed2lH9YXuq4aJoFcaVg
PGA/dEeSkX5YQaVl9GrkjNEZt/xLasVjOK81lccmzlzZ+UEIRTcpnseNy7lQIA+8
iqO5XtXEz6H25wHnwwjgL6WOb01sdiNqMH9/dxYl2gwMBgDpRNfBA3x9WvdIaD3Y
W0bwphhvCBu+TRbpZ8+lmZy0jrDwR00OSy0pFO44vX84S5gaD2+DtHGjnXziOhzz
VKuVQINAYe0xP39GfHvrotolAjd/oxhVrEQkQHwGVjACgRmV9pDLKE+7C/2znCsR
NEHU2t+SymFY0w==
-----END CERTIFICATE-----