Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/23ca21-bceb-433e-b7d9-7b003984b863/1/lHXt3Klbc2ZTpMn52RVA0tPvtT0.mft
File:                     lHXt3Klbc2ZTpMn52RVA0tPvtT0.mft (raw, json)
Hash identifier:          sTr/uPnjDMHYWbtsJzxcNhABv29MsWH7s5JIkgWxqNk=
Subject key identifier:   CA:F7:E6:7B:F3:A5:C9:6D:1D:48:85:7F:DF:11:B1:10:FF:B8:D8:6D
Authority key identifier: 94:75:ED:DC:A9:5B:73:66:53:A4:C9:F9:D9:15:40:D2:D3:EF:B5:3D
Certificate issuer:       /CN=9475eddca95b736653a4c9f9d91540d2d3efb53d
Certificate serial:       019A71B850F95FF486F76F24431C7F711A49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHXt3Klbc2ZTpMn52RVA0tPvtT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/23ca21-bceb-433e-b7d9-7b003984b863/1/lHXt3Klbc2ZTpMn52RVA0tPvtT0.mft
Manifest number:          035C
Signing time:             Tue 11 Nov 2025 07:01:35 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:35 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:35 +0000
Files and hashes:         1: lHXt3Klbc2ZTpMn52RVA0tPvtT0.crl (hash: h/Y7P9ngGvr27pDDmBrEKT/4pjUkY82lD4lO/QAkkFA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/23ca21-bceb-433e-b7d9-7b003984b863/1/lHXt3Klbc2ZTpMn52RVA0tPvtT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/23ca21-bceb-433e-b7d9-7b003984b863/1/lHXt3Klbc2ZTpMn52RVA0tPvtT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHXt3Klbc2ZTpMn52RVA0tPvtT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:50:f9:5f:f4:86:f7:6f:24:43:1c:7f:71:1a:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9475eddca95b736653a4c9f9d91540d2d3efb53d
        Validity
            Not Before: Nov 11 07:01:35 2025 GMT
            Not After : Nov 12 07:01:35 2025 GMT
        Subject: CN=caf7e67bf3a5c96d1d48857fdf11b110ffb8d86d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e2:8c:c1:23:83:55:31:99:2c:63:bd:e2:90:
                    7c:cb:36:e5:45:52:e6:a3:30:9a:9a:d6:ea:b4:a1:
                    24:41:ee:cf:ba:0c:52:44:c7:7b:73:e1:c6:e0:21:
                    86:aa:9f:c5:68:ee:e1:5d:36:46:6f:96:d9:5a:93:
                    bb:17:74:d4:79:5f:00:1e:8f:ef:7a:6a:b6:6f:4e:
                    af:ef:4a:1c:1b:45:a8:90:de:e6:71:9b:ac:2d:46:
                    e4:68:c2:59:15:2b:22:4b:0c:55:38:95:2f:f9:95:
                    4e:01:ea:7f:71:15:dc:f4:c3:d5:57:ac:39:d2:86:
                    29:43:09:46:3b:6a:71:d6:fa:72:8a:48:ae:cf:6f:
                    27:2b:4c:f0:1b:18:34:43:59:af:2f:5e:25:08:6c:
                    f7:dd:bb:cb:ce:4d:81:37:ee:1c:c7:f3:ce:ae:46:
                    d7:9e:1e:38:58:b1:80:07:83:65:d4:08:8d:b3:f3:
                    75:0b:2a:ce:de:18:89:f1:25:d4:2a:d0:c3:f7:a8:
                    af:75:cc:6e:48:97:9e:fa:f2:51:1c:da:2d:76:f6:
                    9f:e6:a0:b6:7e:ef:e8:72:5f:8b:ac:b3:ed:21:33:
                    b2:96:17:47:86:b4:27:e4:0a:87:61:a1:f4:ef:24:
                    2c:d6:7e:b4:be:80:41:77:96:d1:e4:42:17:4b:4b:
                    a5:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F7:E6:7B:F3:A5:C9:6D:1D:48:85:7F:DF:11:B1:10:FF:B8:D8:6D
            X509v3 Authority Key Identifier:
                keyid:94:75:ED:DC:A9:5B:73:66:53:A4:C9:F9:D9:15:40:D2:D3:EF:B5:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHXt3Klbc2ZTpMn52RVA0tPvtT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/23ca21-bceb-433e-b7d9-7b003984b863/1/lHXt3Klbc2ZTpMn52RVA0tPvtT0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/23ca21-bceb-433e-b7d9-7b003984b863/1/lHXt3Klbc2ZTpMn52RVA0tPvtT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4d:a1:67:3c:1d:44:9f:74:72:6a:1c:a6:0e:f7:2e:34:f5:29:
         d5:9c:55:38:7d:ba:c0:fa:74:ce:16:cc:ee:9c:c6:ec:f1:15:
         39:5f:49:98:51:bf:78:32:66:12:5e:0a:78:20:4e:71:d6:56:
         a3:7c:93:e7:9f:9f:fc:e1:36:a7:69:d6:ce:5c:28:12:9c:69:
         92:a5:f5:20:8b:9d:93:7e:0e:63:e6:ef:98:38:33:77:e4:30:
         33:d2:30:4f:67:54:a1:cb:2b:cd:c3:79:d2:e7:bf:6b:5d:e7:
         d3:f4:b2:84:c1:fb:60:5a:46:6a:37:e9:1b:08:e8:6d:32:52:
         6d:15:5f:14:9c:6e:1e:3a:0b:3b:df:2c:5e:2e:ae:fc:2c:c7:
         52:65:ba:48:f3:ea:28:bc:25:6d:9d:19:3a:3e:b9:94:0f:cb:
         63:14:43:e8:1d:af:42:ad:28:48:32:a5:3b:cb:72:c6:91:97:
         d7:75:6c:bd:03:ba:d2:b9:55:88:0e:bd:95:9a:2b:af:e2:fd:
         4e:e1:5f:9f:88:38:7b:14:5f:85:df:da:56:18:98:7a:19:94:
         49:b1:c3:12:ea:54:15:3b:db:d2:9a:99:55:66:1c:8a:29:d9:
         69:9c:c4:09:24:c7:10:17:78:28:ea:64:95:03:75:84:b8:8c:
         71:e4:2f:f6
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuFD5X/SG928kQxx/cRpJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzVlZGRjYTk1YjczNjY1M2E0YzlmOWQ5MTU0MGQyZDNl
ZmI1M2QwHhcNMjUxMTExMDcwMTM1WhcNMjUxMTEyMDcwMTM1WjAzMTEwLwYDVQQD
EyhjYWY3ZTY3YmYzYTVjOTZkMWQ0ODg1N2ZkZjExYjExMGZmYjhkODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOKMwSODVTGZLGO94pB8yzblRVLm
ozCamtbqtKEkQe7PugxSRMd7c+HG4CGGqp/FaO7hXTZGb5bZWpO7F3TUeV8AHo/v
emq2b06v70ocG0WokN7mcZusLUbkaMJZFSsiSwxVOJUv+ZVOAep/cRXc9MPVV6w5
0oYpQwlGO2px1vpyikiuz28nK0zwGxg0Q1mvL14lCGz33bvLzk2BN+4cx/POrkbX
nh44WLGAB4Nl1AiNs/N1CyrO3hiJ8SXUKtDD96ivdcxuSJee+vJRHNotdvaf5qC2
fu/ocl+LrLPtITOylhdHhrQn5AqHYaH07yQs1n60voBBd5bR5EIXS0ul8wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMr35nvzpcltHUiFf98RsRD/uNhtMB8GA1UdIwQY
MBaAFJR17dypW3NmU6TJ+dkVQNLT77U9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhYdDNLbGJjMlpUcE1uNTJSVkEwdFB2dFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yM2NhMjEtYmNlYi00MzNlLWI3ZDkt
N2IwMDM5ODRiODYzLzEvbEhYdDNLbGJjMlpUcE1uNTJSVkEwdFB2dFQwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yM2NhMjEtYmNlYi00MzNlLWI3ZDktN2IwMDM5ODRiODYz
LzEvbEhYdDNLbGJjMlpUcE1uNTJSVkEwdFB2dFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEATaFnPB1E
n3RyahymDvcuNPUp1ZxVOH26wPp0zhbM7pzG7PEVOV9JmFG/eDJmEl4KeCBOcdZW
o3yT55+f/OE2p2nWzlwoEpxpkqX1IIudk34OY+bvmDgzd+QwM9IwT2dUocsrzcN5
0ue/a13n0/SyhMH7YFpGajfpGwjobTJSbRVfFJxuHjoLO98sXi6u/CzHUmW6SPPq
KLwlbZ0ZOj65lA/LYxRD6B2vQq0oSDKlO8tyxpGX13VsvQO60rlViA69lZorr+L9
TuFfn4g4exRfhd/aVhiYehmUSbHDEupUFTvb0pqZVWYciinZaZzECSTHEBd4KOpk
lQN1hLiMceQv9g==
-----END CERTIFICATE-----