Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/0dc925-a33b-4d3a-add3-d6d140e4ce6d/1/xxovfXzIw2N0bpa8P8yLBflgb-o.mft
File:                     xxovfXzIw2N0bpa8P8yLBflgb-o.mft (raw, json)
Hash identifier:          SYPl6CeGAlJ3WBw+9n4Cgy06TpXTw0Mz+45bXi756ro=
Subject key identifier:   03:AD:BD:22:F8:1C:AC:89:80:3C:E3:7F:2E:79:6B:2F:ED:76:48:1A
Authority key identifier: C7:1A:2F:7D:7C:C8:C3:63:74:6E:96:BC:3F:CC:8B:05:F9:60:6F:EA
Certificate issuer:       /CN=c71a2f7d7cc8c363746e96bc3fcc8b05f9606fea
Certificate serial:       019A7113096205F3C0FCC4A111FAB4A0820E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xxovfXzIw2N0bpa8P8yLBflgb-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/0dc925-a33b-4d3a-add3-d6d140e4ce6d/1/xxovfXzIw2N0bpa8P8yLBflgb-o.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 04:01:04 +0000
Manifest this update:     Tue 11 Nov 2025 04:01:04 +0000
Manifest next update:     Wed 12 Nov 2025 04:01:04 +0000
Files and hashes:         1: xxovfXzIw2N0bpa8P8yLBflgb-o.crl (hash: k3M4k5FbyVJFWwF1dYbGhkGfZWSmc9ipNLDrDckHggo=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/0dc925-a33b-4d3a-add3-d6d140e4ce6d/1/xxovfXzIw2N0bpa8P8yLBflgb-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/0dc925-a33b-4d3a-add3-d6d140e4ce6d/1/xxovfXzIw2N0bpa8P8yLBflgb-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xxovfXzIw2N0bpa8P8yLBflgb-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:13:09:62:05:f3:c0:fc:c4:a1:11:fa:b4:a0:82:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c71a2f7d7cc8c363746e96bc3fcc8b05f9606fea
        Validity
            Not Before: Nov 11 04:01:04 2025 GMT
            Not After : Nov 12 04:01:04 2025 GMT
        Subject: CN=03adbd22f81cac89803ce37f2e796b2fed76481a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:51:2e:d1:ef:60:d6:ae:26:c9:8d:47:b5:d7:
                    a0:82:7b:b0:59:71:3f:47:0d:12:23:d7:d4:f1:7e:
                    38:a3:c2:8a:9e:2e:b2:22:20:c8:5f:60:e5:55:f5:
                    0e:c7:a4:86:76:cc:3c:4b:ff:f3:e7:36:01:ed:d9:
                    14:ad:62:6e:68:fe:1f:c2:26:ca:cb:54:93:6b:b8:
                    c0:7c:3a:e4:7b:21:ba:ef:74:e8:ad:de:0d:38:2d:
                    d6:28:be:fb:12:f8:7a:09:89:7d:5f:0f:f7:06:34:
                    16:fa:47:2f:28:ab:45:94:15:fb:25:dc:9e:45:2a:
                    fa:60:1e:64:0d:72:6d:ac:4c:ed:63:ef:6a:60:53:
                    a7:18:14:40:17:09:d9:57:6e:f1:b8:7e:89:cf:d5:
                    03:bd:ec:e6:d8:74:b4:0a:76:d0:00:ea:85:26:6e:
                    dd:07:46:7f:b3:b8:f3:82:da:eb:22:80:c9:88:ba:
                    c0:52:c0:ba:fa:80:54:6d:c8:fc:67:f4:a6:4a:77:
                    40:3b:3b:47:e7:c0:ad:54:d0:8a:cf:41:1d:fa:b0:
                    9c:9c:ab:69:2a:ff:88:ee:4c:b5:c8:39:de:0c:36:
                    34:4e:ef:ab:ff:0a:ca:20:ed:2b:85:b3:83:6e:c4:
                    ea:28:7c:dd:92:ee:00:ed:e9:b0:de:4b:2a:8a:4d:
                    1f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:AD:BD:22:F8:1C:AC:89:80:3C:E3:7F:2E:79:6B:2F:ED:76:48:1A
            X509v3 Authority Key Identifier:
                keyid:C7:1A:2F:7D:7C:C8:C3:63:74:6E:96:BC:3F:CC:8B:05:F9:60:6F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xxovfXzIw2N0bpa8P8yLBflgb-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/0dc925-a33b-4d3a-add3-d6d140e4ce6d/1/xxovfXzIw2N0bpa8P8yLBflgb-o.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/0dc925-a33b-4d3a-add3-d6d140e4ce6d/1/xxovfXzIw2N0bpa8P8yLBflgb-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         10:45:9d:a3:d6:f0:3b:e1:d6:27:f2:45:e8:fb:61:7e:78:d2:
         85:6d:43:0f:e2:b4:ba:a5:8a:14:06:ea:ff:6e:e0:2b:0b:42:
         af:01:3f:c5:7a:cc:68:c3:ee:3f:ce:5e:69:4e:e2:e4:b6:46:
         f2:69:ca:ce:fa:68:1a:d3:91:f6:71:08:08:c0:90:14:06:2b:
         32:b6:c6:1b:5b:f1:a6:40:47:9a:84:a3:3e:35:4f:08:28:dc:
         18:d4:77:9c:f7:c8:3f:7e:04:29:c0:d2:43:4e:5f:ac:d2:78:
         1a:6b:90:f2:62:6b:6d:4b:3e:04:a8:2e:4e:53:11:ea:32:43:
         cf:ef:54:49:e5:e4:72:62:ee:ae:96:1f:c4:0d:45:9e:02:ed:
         6c:b4:e0:74:e2:8c:bb:53:0f:73:49:a4:98:40:f8:cb:38:be:
         44:9f:97:ae:eb:f6:aa:df:40:0d:c7:0b:43:62:57:e6:b9:f1:
         9a:04:9d:39:a0:be:33:4c:22:cc:93:e4:40:af:bc:40:41:b3:
         ea:8b:5d:01:18:31:cf:5e:b4:29:d2:93:59:cc:53:34:9a:91:
         7c:00:26:f5:60:6a:a3:ce:f9:38:16:b9:2c:e3:e0:23:a3:d5:
         e7:ff:85:79:51:2b:bd:3d:98:54:3b:ad:87:b8:dc:e3:f0:48:
         88:ed:1b:ec
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxEwliBfPA/MShEfq0oIIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MWEyZjdkN2NjOGMzNjM3NDZlOTZiYzNmY2M4YjA1Zjk2
MDZmZWEwHhcNMjUxMTExMDQwMTA0WhcNMjUxMTEyMDQwMTA0WjAzMTEwLwYDVQQD
EygwM2FkYmQyMmY4MWNhYzg5ODAzY2UzN2YyZTc5NmIyZmVkNzY0ODFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFEu0e9g1q4myY1HtdeggnuwWXE/
Rw0SI9fU8X44o8KKni6yIiDIX2DlVfUOx6SGdsw8S//z5zYB7dkUrWJuaP4fwibK
y1STa7jAfDrkeyG673Tord4NOC3WKL77Evh6CYl9Xw/3BjQW+kcvKKtFlBX7Jdye
RSr6YB5kDXJtrEztY+9qYFOnGBRAFwnZV27xuH6Jz9UDvezm2HS0CnbQAOqFJm7d
B0Z/s7jzgtrrIoDJiLrAUsC6+oBUbcj8Z/SmSndAOztH58CtVNCKz0Ed+rCcnKtp
Kv+I7ky1yDneDDY0Tu+r/wrKIO0rhbODbsTqKHzdku4A7emw3ksqik0fOQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAOtvSL4HKyJgDzjfy55ay/tdkgaMB8GA1UdIwQY
MBaAFMcaL318yMNjdG6WvD/MiwX5YG/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHhvdmZYekl3Mk4wYnBhOFA4eUxCZmxnYi1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wZGM5MjUtYTMzYi00ZDNhLWFkZDMt
ZDZkMTQwZTRjZTZkLzEveHhvdmZYekl3Mk4wYnBhOFA4eUxCZmxnYi1vLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wZGM5MjUtYTMzYi00ZDNhLWFkZDMtZDZkMTQwZTRjZTZk
LzEveHhvdmZYekl3Mk4wYnBhOFA4eUxCZmxnYi1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAEEWdo9bw
O+HWJ/JF6PthfnjShW1DD+K0uqWKFAbq/27gKwtCrwE/xXrMaMPuP85eaU7i5LZG
8mnKzvpoGtOR9nEICMCQFAYrMrbGG1vxpkBHmoSjPjVPCCjcGNR3nPfIP34EKcDS
Q05frNJ4GmuQ8mJrbUs+BKguTlMR6jJDz+9USeXkcmLurpYfxA1FngLtbLTgdOKM
u1MPc0mkmED4yzi+RJ+Xruv2qt9ADccLQ2JX5rnxmgSdOaC+M0wizJPkQK+8QEGz
6otdARgxz160KdKTWcxTNJqRfAAm9WBqo875OBa5LOPgI6PV5/+FeVErvT2YVDut
h7jc4/BIiO0b7A==
-----END CERTIFICATE-----