Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/afd71b-0268-4409-a383-584a76399414/1/NJxIN9k5hA1fbHSqwINm70v-SHQ.mft
File:                     NJxIN9k5hA1fbHSqwINm70v-SHQ.mft (raw, json)
Hash identifier:          IochukghQOQIixf8EWA3+tO3uGscbe8SNievePQv32Y=
Subject key identifier:   3B:85:1C:11:BB:13:5D:52:DD:4C:89:EE:F2:7F:43:9C:08:15:E1:1B
Authority key identifier: 34:9C:48:37:D9:39:84:0D:5F:6C:74:AA:C0:83:66:EF:4B:FE:48:74
Certificate issuer:       /CN=349c4837d939840d5f6c74aac08366ef4bfe4874
Certificate serial:       019A71B8BF3F539453936F2BF8A05EB6905D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJxIN9k5hA1fbHSqwINm70v-SHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/afd71b-0268-4409-a383-584a76399414/1/NJxIN9k5hA1fbHSqwINm70v-SHQ.mft
Manifest number:          030B
Signing time:             Tue 11 Nov 2025 07:02:04 +0000
Manifest this update:     Tue 11 Nov 2025 07:02:04 +0000
Manifest next update:     Wed 12 Nov 2025 07:02:04 +0000
Files and hashes:         1: NJxIN9k5hA1fbHSqwINm70v-SHQ.crl (hash: YblcpqZMRPmJKN/zGGHu/jmSfOXnrmZW/xhkLm4C+u4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/afd71b-0268-4409-a383-584a76399414/1/NJxIN9k5hA1fbHSqwINm70v-SHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/afd71b-0268-4409-a383-584a76399414/1/NJxIN9k5hA1fbHSqwINm70v-SHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJxIN9k5hA1fbHSqwINm70v-SHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:bf:3f:53:94:53:93:6f:2b:f8:a0:5e:b6:90:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349c4837d939840d5f6c74aac08366ef4bfe4874
        Validity
            Not Before: Nov 11 07:02:04 2025 GMT
            Not After : Nov 12 07:02:04 2025 GMT
        Subject: CN=3b851c11bb135d52dd4c89eef27f439c0815e11b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3a:bc:e9:da:f5:3b:89:a4:b3:91:95:c5:18:
                    c2:01:65:16:a1:d8:61:15:5b:25:14:a7:2b:7f:7e:
                    f4:f2:e0:26:4d:e4:89:d2:d6:d9:a3:68:1d:bb:39:
                    9f:b5:5b:9e:1c:0f:67:9f:dc:c5:1f:6d:62:11:2e:
                    b6:32:b7:cd:9b:64:fd:09:5d:03:0f:cd:62:8d:8e:
                    ab:86:d0:2c:73:6a:8b:45:aa:09:97:5c:2b:df:62:
                    f0:bc:ee:e8:d6:e7:c6:aa:50:fc:86:10:80:dc:5c:
                    af:4d:99:20:92:a3:db:84:ff:81:db:ab:93:9a:54:
                    9e:7d:c0:94:e8:5d:a0:1a:8d:c5:b9:5f:51:13:05:
                    9a:53:7e:e6:12:22:ee:4b:d2:9e:e4:31:5c:c9:d5:
                    13:4d:19:63:29:51:86:07:a2:7c:14:bd:04:66:bc:
                    eb:0a:d0:58:a9:39:b9:d2:75:e2:ec:e4:5e:5d:bc:
                    85:58:cb:3b:94:0b:79:0a:fc:fe:73:75:f9:38:db:
                    74:17:59:0f:9c:ca:b5:f6:14:e5:b5:13:c2:82:0a:
                    a1:52:5c:bc:30:8a:a6:db:b3:a0:53:83:9a:01:a8:
                    a0:62:a8:55:2e:52:4a:f3:62:b6:36:7d:8a:de:e5:
                    5c:49:a2:f0:cb:a2:64:64:52:9e:38:d0:3d:fc:f7:
                    28:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:85:1C:11:BB:13:5D:52:DD:4C:89:EE:F2:7F:43:9C:08:15:E1:1B
            X509v3 Authority Key Identifier:
                keyid:34:9C:48:37:D9:39:84:0D:5F:6C:74:AA:C0:83:66:EF:4B:FE:48:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJxIN9k5hA1fbHSqwINm70v-SHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/afd71b-0268-4409-a383-584a76399414/1/NJxIN9k5hA1fbHSqwINm70v-SHQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/afd71b-0268-4409-a383-584a76399414/1/NJxIN9k5hA1fbHSqwINm70v-SHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         04:19:1d:24:68:24:af:7d:14:e1:57:42:dc:73:60:68:2b:b1:
         72:c4:c0:a7:65:b5:bd:17:73:41:38:e7:53:0a:a5:28:5b:09:
         71:d2:fa:e0:9a:16:30:e8:54:ae:b4:0c:f1:51:ad:4d:9e:59:
         b3:05:27:08:37:d0:59:72:59:56:a1:71:35:5b:70:35:3b:ec:
         df:50:ce:24:9f:4e:a3:89:ea:33:49:7a:18:67:2c:d3:3f:af:
         a6:d2:db:5c:1f:90:67:16:fb:59:65:43:3c:40:67:5b:5e:03:
         55:d2:5d:c1:84:94:90:91:b8:44:7b:f1:81:70:bf:d6:18:2a:
         a3:c7:6c:cf:58:9b:1d:e8:9a:99:1f:e5:33:47:14:b4:db:72:
         f6:c8:b4:0d:58:2e:14:9e:85:08:e6:e0:f0:b1:f0:4c:04:86:
         80:b4:ab:e5:0b:28:d3:d2:dd:e7:57:34:48:fb:a0:d7:3b:5f:
         fd:79:fe:14:32:42:46:14:45:4d:53:31:49:0e:c3:60:22:8e:
         e9:7c:73:f6:ed:14:27:42:5c:61:e2:d9:48:40:44:1d:34:57:
         64:a7:89:2c:3e:cb:9c:8a:b9:d2:96:89:01:33:a2:7c:dd:d3:
         9a:2a:1a:6e:ce:a6:e2:4c:b6:b1:ae:dc:f6:dc:53:34:1f:71:
         96:20:4c:a9
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuL8/U5RTk28r+KBetpBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWM0ODM3ZDkzOTg0MGQ1ZjZjNzRhYWMwODM2NmVmNGJm
ZTQ4NzQwHhcNMjUxMTExMDcwMjA0WhcNMjUxMTEyMDcwMjA0WjAzMTEwLwYDVQQD
EygzYjg1MWMxMWJiMTM1ZDUyZGQ0Yzg5ZWVmMjdmNDM5YzA4MTVlMTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDq86dr1O4mks5GVxRjCAWUWodhh
FVslFKcrf3708uAmTeSJ0tbZo2gduzmftVueHA9nn9zFH21iES62MrfNm2T9CV0D
D81ijY6rhtAsc2qLRaoJl1wr32LwvO7o1ufGqlD8hhCA3FyvTZkgkqPbhP+B26uT
mlSefcCU6F2gGo3FuV9REwWaU37mEiLuS9Ke5DFcydUTTRljKVGGB6J8FL0EZrzr
CtBYqTm50nXi7OReXbyFWMs7lAt5Cvz+c3X5ONt0F1kPnMq19hTltRPCggqhUly8
MIqm27OgU4OaAaigYqhVLlJK82K2Nn2K3uVcSaLwy6JkZFKeONA9/PcoUQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDuFHBG7E11S3UyJ7vJ/Q5wIFeEbMB8GA1UdIwQY
MBaAFDScSDfZOYQNX2x0qsCDZu9L/kh0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp4SU45azVoQTFmYkhTcXdJTm03MHYtU0hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9hZmQ3MWItMDI2OC00NDA5LWEzODMt
NTg0YTc2Mzk5NDE0LzEvTkp4SU45azVoQTFmYkhTcXdJTm03MHYtU0hRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9hZmQ3MWItMDI2OC00NDA5LWEzODMtNTg0YTc2Mzk5NDE0
LzEvTkp4SU45azVoQTFmYkhTcXdJTm03MHYtU0hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEABBkdJGgk
r30U4VdC3HNgaCuxcsTAp2W1vRdzQTjnUwqlKFsJcdL64JoWMOhUrrQM8VGtTZ5Z
swUnCDfQWXJZVqFxNVtwNTvs31DOJJ9Oo4nqM0l6GGcs0z+vptLbXB+QZxb7WWVD
PEBnW14DVdJdwYSUkJG4RHvxgXC/1hgqo8dsz1ibHeiamR/lM0cUtNty9si0DVgu
FJ6FCObg8LHwTASGgLSr5Qso09Ld51c0SPug1ztf/Xn+FDJCRhRFTVMxSQ7DYCKO
6Xxz9u0UJ0JcYeLZSEBEHTRXZKeJLD7LnIq50paJATOifN3Tmioabs6m4ky2sa7c
9txTNB9xliBMqQ==
-----END CERTIFICATE-----