Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/3fe413-bd51-4765-bd86-b7441032e59f/1/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.mft
File:                     OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.mft (raw, json)
Hash identifier:          +SmiKuhOROxr7i5sYfoIF3DlPrDdm5BxchklvSw7QbU=
Subject key identifier:   70:13:88:A5:E2:4C:37:8F:C3:14:51:1A:89:16:25:83:D7:8D:1F:AF
Authority key identifier: 38:A1:9E:64:0D:E1:F4:52:A7:DC:4A:BE:78:6A:A5:81:34:29:27:B1
Certificate issuer:       /CN=38a19e640de1f452a7dc4abe786aa581342927b1
Certificate serial:       019A71B8617E1F146F87CDEC557A43BE4EB2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/3fe413-bd51-4765-bd86-b7441032e59f/1/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.mft
Manifest number:          065F
Signing time:             Tue 11 Nov 2025 07:01:40 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:40 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:40 +0000
Files and hashes:         1: OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.crl (hash: 85lV9YwNkzxBkD1HRI7M39+vfck26gc3a4WCM+RNdtw=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/3fe413-bd51-4765-bd86-b7441032e59f/1/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/3fe413-bd51-4765-bd86-b7441032e59f/1/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:61:7e:1f:14:6f:87:cd:ec:55:7a:43:be:4e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a19e640de1f452a7dc4abe786aa581342927b1
        Validity
            Not Before: Nov 11 07:01:40 2025 GMT
            Not After : Nov 12 07:01:40 2025 GMT
        Subject: CN=701388a5e24c378fc314511a89162583d78d1faf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:21:ab:74:f4:13:eb:23:65:7a:81:bf:7d:9e:
                    5f:c0:a6:00:27:ba:ae:91:33:1b:3a:56:36:6a:18:
                    da:21:cf:43:f6:14:74:22:28:08:a8:c1:08:67:eb:
                    a5:b3:00:12:27:70:cf:39:b5:00:7d:19:e4:11:87:
                    e8:6f:fd:83:47:a1:1d:44:be:67:c0:00:d6:04:39:
                    f4:e9:32:53:78:1b:48:f7:59:f6:ce:bb:fb:73:5f:
                    2b:bf:7d:eb:a8:2d:a1:d6:30:f3:b6:e5:33:7e:fe:
                    99:5a:84:28:10:12:5f:c6:dd:eb:3a:04:38:67:ca:
                    39:b9:8a:28:92:04:9b:04:b9:00:b1:b2:9e:c1:91:
                    28:64:51:c0:32:95:b4:7c:5b:d0:6a:b7:3c:3a:21:
                    ad:9b:aa:90:66:9f:39:0e:a4:0e:d9:99:76:1e:0c:
                    f4:cd:72:78:52:dc:83:38:29:50:a9:b4:0f:84:34:
                    fb:52:97:eb:22:d7:85:f8:66:de:35:53:9e:42:c0:
                    e3:a1:3c:9a:de:f3:fd:17:d0:1d:88:65:f4:6e:38:
                    d7:99:60:40:41:36:b3:79:fe:02:c7:ef:b1:4c:9b:
                    7d:3b:b1:b4:83:a5:60:5b:d2:b9:bf:5c:e4:b9:aa:
                    b3:8b:ac:ca:d8:4c:da:bc:00:1e:b5:fe:ad:fb:60:
                    80:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:13:88:A5:E2:4C:37:8F:C3:14:51:1A:89:16:25:83:D7:8D:1F:AF
            X509v3 Authority Key Identifier:
                keyid:38:A1:9E:64:0D:E1:F4:52:A7:DC:4A:BE:78:6A:A5:81:34:29:27:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3fe413-bd51-4765-bd86-b7441032e59f/1/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/3fe413-bd51-4765-bd86-b7441032e59f/1/OKGeZA3h9FKn3Eq-eGqlgTQpJ7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         95:87:3d:3b:32:02:d0:ab:13:1f:ea:62:e8:60:05:8b:65:89:
         ca:9f:6f:60:27:96:0f:6c:e1:f8:46:18:11:47:5d:8d:2a:e2:
         41:41:7f:72:63:ad:47:63:08:5e:68:e0:8c:57:5a:2b:10:fd:
         f3:3d:dc:58:9b:39:cd:38:39:48:54:2b:ee:54:34:89:82:98:
         a4:a1:a1:1b:eb:e2:28:47:32:3d:a5:66:7c:bf:86:a0:69:eb:
         fc:71:be:d3:3f:ab:65:95:34:af:23:89:ad:cd:6c:c9:66:7f:
         e8:cc:35:af:f6:80:4b:80:60:7e:ce:56:e8:37:12:4e:f8:34:
         89:01:98:47:c4:7d:12:ca:ff:62:48:0b:37:eb:95:cf:47:6a:
         2a:11:6b:51:9f:ec:f7:90:24:ca:d6:f3:42:11:33:53:db:4b:
         9d:1f:1f:00:46:7a:b7:5b:07:c1:7a:ca:d8:0f:85:25:45:5f:
         c3:41:be:a9:4f:a4:dd:cb:92:df:6f:f1:40:b1:5f:21:9b:b5:
         d1:64:6b:4b:bc:d8:f2:ff:ae:31:cd:0e:6c:21:b1:83:a4:c0:
         3c:01:12:a5:43:c0:a7:6c:a5:db:4a:ed:c3:5b:9c:46:ad:16:
         a8:68:dc:eb:cc:84:67:e6:92:24:a0:5a:40:b6:55:0e:e3:01:
         ae:43:69:5f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuGF+HxRvh83sVXpDvk6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTE5ZTY0MGRlMWY0NTJhN2RjNGFiZTc4NmFhNTgxMzQy
OTI3YjEwHhcNMjUxMTExMDcwMTQwWhcNMjUxMTEyMDcwMTQwWjAzMTEwLwYDVQQD
Eyg3MDEzODhhNWUyNGMzNzhmYzMxNDUxMWE4OTE2MjU4M2Q3OGQxZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviGrdPQT6yNleoG/fZ5fwKYAJ7qu
kTMbOlY2ahjaIc9D9hR0IigIqMEIZ+ulswASJ3DPObUAfRnkEYfob/2DR6EdRL5n
wADWBDn06TJTeBtI91n2zrv7c18rv33rqC2h1jDztuUzfv6ZWoQoEBJfxt3rOgQ4
Z8o5uYookgSbBLkAsbKewZEoZFHAMpW0fFvQarc8OiGtm6qQZp85DqQO2Zl2Hgz0
zXJ4UtyDOClQqbQPhDT7UpfrIteF+GbeNVOeQsDjoTya3vP9F9AdiGX0bjjXmWBA
QTazef4Cx++xTJt9O7G0g6VgW9K5v1zkuaqzi6zK2EzavAAetf6t+2CA0QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHATiKXiTDePwxRRGokWJYPXjR+vMB8GA1UdIwQY
MBaAFDihnmQN4fRSp9xKvnhqpYE0KSexMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0tHZVpBM2g5RktuM0VxLWVHcWxnVFFwSjdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zZmU0MTMtYmQ1MS00NzY1LWJkODYt
Yjc0NDEwMzJlNTlmLzEvT0tHZVpBM2g5RktuM0VxLWVHcWxnVFFwSjdFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zZmU0MTMtYmQ1MS00NzY1LWJkODYtYjc0NDEwMzJlNTlm
LzEvT0tHZVpBM2g5RktuM0VxLWVHcWxnVFFwSjdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlYc9OzIC
0KsTH+pi6GAFi2WJyp9vYCeWD2zh+EYYEUddjSriQUF/cmOtR2MIXmjgjFdaKxD9
8z3cWJs5zTg5SFQr7lQ0iYKYpKGhG+viKEcyPaVmfL+GoGnr/HG+0z+rZZU0ryOJ
rc1syWZ/6Mw1r/aAS4Bgfs5W6DcSTvg0iQGYR8R9Esr/YkgLN+uVz0dqKhFrUZ/s
95AkytbzQhEzU9tLnR8fAEZ6t1sHwXrK2A+FJUVfw0G+qU+k3cuS32/xQLFfIZu1
0WRrS7zY8v+uMc0ObCGxg6TAPAESpUPAp2yl20rtw1ucRq0WqGjc68yEZ+aSJKBa
QLZVDuMBrkNpXw==
-----END CERTIFICATE-----