Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/696cb5-8ecc-4df6-982c-0b7ef38a7f87/1/hUzTuoSK-3kvKyGD-mLfLVIIKb0.mft
File:                     hUzTuoSK-3kvKyGD-mLfLVIIKb0.mft (raw, json)
Hash identifier:          ZEHNwfnSGY8amckINUR58hs3NcXI1izkR1E99lw+d4Q=
Subject key identifier:   F5:7B:80:5B:F5:B5:85:D2:AF:43:AC:FB:18:4D:DC:24:46:98:0C:91
Authority key identifier: 85:4C:D3:BA:84:8A:FB:79:2F:2B:21:83:FA:62:DF:2D:52:08:29:BD
Certificate issuer:       /CN=854cd3ba848afb792f2b2183fa62df2d520829bd
Certificate serial:       019A71EE9526023CF5CD852EEBDA520B7ED0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hUzTuoSK-3kvKyGD-mLfLVIIKb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/696cb5-8ecc-4df6-982c-0b7ef38a7f87/1/hUzTuoSK-3kvKyGD-mLfLVIIKb0.mft
Manifest number:          012D
Signing time:             Tue 11 Nov 2025 08:00:52 +0000
Manifest this update:     Tue 11 Nov 2025 08:00:52 +0000
Manifest next update:     Wed 12 Nov 2025 08:00:52 +0000
Files and hashes:         1: hUzTuoSK-3kvKyGD-mLfLVIIKb0.crl (hash: Kxda8l5A1QzTAbCsnYDLW1HhuwMkZI9mSO5kIq/VkSc=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/696cb5-8ecc-4df6-982c-0b7ef38a7f87/1/hUzTuoSK-3kvKyGD-mLfLVIIKb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/696cb5-8ecc-4df6-982c-0b7ef38a7f87/1/hUzTuoSK-3kvKyGD-mLfLVIIKb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hUzTuoSK-3kvKyGD-mLfLVIIKb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 08:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:ee:95:26:02:3c:f5:cd:85:2e:eb:da:52:0b:7e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854cd3ba848afb792f2b2183fa62df2d520829bd
        Validity
            Not Before: Nov 11 08:00:52 2025 GMT
            Not After : Nov 12 08:00:52 2025 GMT
        Subject: CN=f57b805bf5b585d2af43acfb184ddc2446980c91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:23:b3:da:e7:dc:46:a2:24:76:6b:2e:0d:e8:
                    7c:1d:32:69:f1:1d:62:39:5c:80:4e:75:49:f5:c3:
                    24:4a:40:d8:04:76:fd:7e:a9:7b:9d:40:59:fc:f3:
                    1c:7f:01:de:ac:8b:49:f0:91:ea:ef:31:92:38:02:
                    7d:dd:54:b7:c1:3b:bb:5c:97:cc:d9:09:5c:85:bf:
                    62:dc:d4:d8:d2:05:a5:b3:a6:c9:9e:83:9c:7b:15:
                    47:55:cf:59:b0:43:38:dc:77:c7:ac:7a:a9:43:71:
                    a4:e2:4a:0c:12:a7:04:30:6c:f1:58:e0:ff:e8:c5:
                    40:29:5c:d8:06:f7:55:a9:70:30:69:38:61:bd:bc:
                    3a:e2:03:67:29:ae:84:17:c4:92:81:c9:ed:36:c1:
                    80:29:ef:e9:4a:7f:3e:32:5d:90:e5:73:95:4e:2e:
                    1a:89:a0:8e:de:ee:07:6e:78:e6:f1:e0:d6:9f:65:
                    d2:12:94:f4:5a:4b:22:fd:14:7e:e2:8d:6d:56:4f:
                    c5:bf:89:0e:a5:d7:5c:03:c6:17:f8:48:aa:4a:d0:
                    c4:6d:c4:fb:7a:31:71:57:3e:f3:ca:c8:c7:3d:1c:
                    49:cd:28:72:14:a9:63:6b:32:1f:93:d9:9b:4b:a7:
                    13:cb:48:bb:74:57:fc:3f:23:d6:52:07:43:f8:57:
                    aa:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:7B:80:5B:F5:B5:85:D2:AF:43:AC:FB:18:4D:DC:24:46:98:0C:91
            X509v3 Authority Key Identifier:
                keyid:85:4C:D3:BA:84:8A:FB:79:2F:2B:21:83:FA:62:DF:2D:52:08:29:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hUzTuoSK-3kvKyGD-mLfLVIIKb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/696cb5-8ecc-4df6-982c-0b7ef38a7f87/1/hUzTuoSK-3kvKyGD-mLfLVIIKb0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/696cb5-8ecc-4df6-982c-0b7ef38a7f87/1/hUzTuoSK-3kvKyGD-mLfLVIIKb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         b7:97:98:65:c9:3b:dd:e0:49:07:b8:9f:c7:4a:4f:dc:04:5d:
         75:bc:de:15:f6:22:16:e2:ac:5d:3d:9e:e1:f6:8f:03:7e:a8:
         32:46:58:88:e9:38:e8:27:ec:0b:82:67:5f:ac:a3:c0:7a:55:
         39:b3:ad:0c:39:c7:0b:a6:c4:65:0d:01:e9:21:45:ff:01:95:
         bf:62:c6:3c:ad:76:26:33:90:24:f9:76:81:d3:38:d2:ed:f8:
         ab:64:e2:09:53:00:02:68:60:3f:7b:9d:8d:6f:98:ec:fb:70:
         2f:9d:5e:04:c3:26:5d:b3:46:6a:ba:16:70:36:10:67:62:e9:
         c6:cf:30:df:5e:82:c8:bf:d1:f6:46:46:2a:69:e4:2b:b4:5c:
         9f:27:fd:c2:bf:d7:10:57:27:c8:40:90:58:44:0f:88:e4:95:
         4e:ac:96:82:0a:25:b8:67:58:f8:da:4a:88:e7:34:1b:68:7d:
         88:5a:0a:ad:72:e5:1f:7a:1f:0d:aa:8f:76:be:7c:12:e1:d7:
         9c:d1:69:ea:be:a3:81:8c:b6:99:05:e0:64:74:1c:c7:5c:3d:
         c8:73:ca:de:88:10:d8:6c:f6:23:56:ba:eb:6c:42:ff:3e:7b:
         2e:14:23:c5:7e:f0:96:97:88:22:d1:42:65:e7:ff:d8:65:b3:
         f8:9e:c7:94
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpx7pUmAjz1zYUu69pSC37QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGNkM2JhODQ4YWZiNzkyZjJiMjE4M2ZhNjJkZjJkNTIw
ODI5YmQwHhcNMjUxMTExMDgwMDUyWhcNMjUxMTEyMDgwMDUyWjAzMTEwLwYDVQQD
EyhmNTdiODA1YmY1YjU4NWQyYWY0M2FjZmIxODRkZGMyNDQ2OTgwYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiOz2ufcRqIkdmsuDeh8HTJp8R1i
OVyATnVJ9cMkSkDYBHb9fql7nUBZ/PMcfwHerItJ8JHq7zGSOAJ93VS3wTu7XJfM
2Qlchb9i3NTY0gWls6bJnoOcexVHVc9ZsEM43HfHrHqpQ3Gk4koMEqcEMGzxWOD/
6MVAKVzYBvdVqXAwaThhvbw64gNnKa6EF8SSgcntNsGAKe/pSn8+Ml2Q5XOVTi4a
iaCO3u4Hbnjm8eDWn2XSEpT0Wksi/RR+4o1tVk/Fv4kOpddcA8YX+EiqStDEbcT7
ejFxVz7zysjHPRxJzShyFKljazIfk9mbS6cTy0i7dFf8PyPWUgdD+FeqJwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPV7gFv1tYXSr0Os+xhN3CRGmAyRMB8GA1UdIwQY
MBaAFIVM07qEivt5Lyshg/pi3y1SCCm9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFV6VHVvU0stM2t2S3lHRC1tTGZMVklJS2IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82OTZjYjUtOGVjYy00ZGY2LTk4MmMt
MGI3ZWYzOGE3Zjg3LzEvaFV6VHVvU0stM2t2S3lHRC1tTGZMVklJS2IwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82OTZjYjUtOGVjYy00ZGY2LTk4MmMtMGI3ZWYzOGE3Zjg3
LzEvaFV6VHVvU0stM2t2S3lHRC1tTGZMVklJS2IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAt5eYZck7
3eBJB7ifx0pP3ARddbzeFfYiFuKsXT2e4faPA36oMkZYiOk46CfsC4JnX6yjwHpV
ObOtDDnHC6bEZQ0B6SFF/wGVv2LGPK12JjOQJPl2gdM40u34q2TiCVMAAmhgP3ud
jW+Y7PtwL51eBMMmXbNGaroWcDYQZ2Lpxs8w316CyL/R9kZGKmnkK7Rcnyf9wr/X
EFcnyECQWEQPiOSVTqyWggoluGdY+NpKiOc0G2h9iFoKrXLlH3ofDaqPdr58EuHX
nNFp6r6jgYy2mQXgZHQcx1w9yHPK3ogQ2Gz2I1a662xC/z57LhQjxX7wlpeIItFC
Zef/2GWz+J7HlA==
-----END CERTIFICATE-----