Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/cfb54d-a553-4324-b541-0b535120f327/1/ohv-an3Hf0ADcofKevZeOEhfxuk.mft
File:                     ohv-an3Hf0ADcofKevZeOEhfxuk.mft (raw, json)
Hash identifier:          X57QEt32jR/UNDEECgPi0dtFsKv9Tl/jePFyjSTaLX0=
Subject key identifier:   85:D3:13:ED:C4:5B:58:69:C4:AD:D5:C2:2E:B0:E8:E3:AB:D3:8A:8A
Authority key identifier: A2:1B:FE:6A:7D:C7:7F:40:03:72:87:CA:7A:F6:5E:38:48:5F:C6:E9
Certificate issuer:       /CN=a21bfe6a7dc77f40037287ca7af65e38485fc6e9
Certificate serial:       019A71B8A6EEB217EE7145B80215D32846D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ohv-an3Hf0ADcofKevZeOEhfxuk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/cfb54d-a553-4324-b541-0b535120f327/1/ohv-an3Hf0ADcofKevZeOEhfxuk.mft
Manifest number:          0F1D
Signing time:             Tue 11 Nov 2025 07:01:58 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:58 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:58 +0000
Files and hashes:         1: ohv-an3Hf0ADcofKevZeOEhfxuk.crl (hash: KkV6FqJmnm9Qpk3jzOSCjaeDuaV0Z06OqUv3vGFdlfM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/cfb54d-a553-4324-b541-0b535120f327/1/ohv-an3Hf0ADcofKevZeOEhfxuk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/cfb54d-a553-4324-b541-0b535120f327/1/ohv-an3Hf0ADcofKevZeOEhfxuk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ohv-an3Hf0ADcofKevZeOEhfxuk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:a6:ee:b2:17:ee:71:45:b8:02:15:d3:28:46:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a21bfe6a7dc77f40037287ca7af65e38485fc6e9
        Validity
            Not Before: Nov 11 07:01:58 2025 GMT
            Not After : Nov 12 07:01:58 2025 GMT
        Subject: CN=85d313edc45b5869c4add5c22eb0e8e3abd38a8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:25:3d:af:46:09:d1:6b:22:1a:77:84:00:3a:
                    54:97:e9:ed:d6:fb:24:b3:15:7a:bb:1d:7e:48:52:
                    e2:3e:63:a9:8c:49:17:1b:90:b3:4b:91:ef:95:af:
                    9b:37:52:c4:0b:da:ef:23:2e:b6:30:36:ce:70:0f:
                    15:53:6d:30:24:dd:0a:31:8c:ad:24:89:df:f8:a2:
                    d3:f2:0c:ea:9c:6a:a1:64:de:0a:f7:d0:cb:1d:49:
                    72:d0:c1:78:dd:e0:3b:c2:2e:b3:fb:1f:ea:e3:9a:
                    56:81:99:5d:9c:9f:12:75:c5:b0:6b:5e:a3:ee:94:
                    77:65:00:95:f5:a3:7b:36:e4:ef:84:41:49:85:e4:
                    41:a3:23:e6:ad:2f:c8:39:5b:79:f0:3a:33:db:b6:
                    e7:3b:37:55:3a:91:22:53:a6:d8:69:44:a3:06:6e:
                    fd:11:43:ba:0c:ea:10:87:06:05:b2:2e:f0:ac:76:
                    9f:98:d5:68:93:16:53:68:23:19:9c:1e:fc:c5:a8:
                    d4:e4:67:29:ed:9b:09:5b:cf:04:5d:29:31:5e:44:
                    49:89:4e:2c:49:15:14:7c:be:91:73:0b:2d:34:74:
                    9e:74:3e:90:78:09:a6:7d:39:03:86:02:f8:a4:01:
                    14:b0:7f:c4:56:f7:b9:1b:6f:47:a0:5f:89:50:8b:
                    d6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D3:13:ED:C4:5B:58:69:C4:AD:D5:C2:2E:B0:E8:E3:AB:D3:8A:8A
            X509v3 Authority Key Identifier:
                keyid:A2:1B:FE:6A:7D:C7:7F:40:03:72:87:CA:7A:F6:5E:38:48:5F:C6:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ohv-an3Hf0ADcofKevZeOEhfxuk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cfb54d-a553-4324-b541-0b535120f327/1/ohv-an3Hf0ADcofKevZeOEhfxuk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cfb54d-a553-4324-b541-0b535120f327/1/ohv-an3Hf0ADcofKevZeOEhfxuk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         34:03:a1:ea:b5:98:a6:19:c2:6b:0a:3b:e3:e5:d7:ce:88:bc:
         65:30:4a:33:10:15:74:09:cd:8d:b0:27:49:34:1a:93:76:fc:
         27:f1:9e:82:67:13:03:1f:fc:8a:a5:98:c4:be:b0:62:9f:06:
         1c:74:8e:2d:3a:ba:8b:79:19:ae:86:d6:8a:df:cd:e5:a6:7b:
         53:26:41:ec:f9:b3:9e:8f:56:e3:18:0a:20:fc:6f:7f:20:49:
         95:92:4f:30:9d:36:37:a6:62:4f:42:12:ea:73:d0:53:0d:80:
         9d:ad:cb:64:24:fd:a3:38:7e:73:61:c0:4e:23:bb:1e:00:5b:
         6c:ea:2c:77:cf:f0:be:1a:a2:09:8c:bb:78:92:a3:e4:5b:29:
         5f:95:58:cc:df:42:aa:55:92:f6:36:d4:47:e8:56:b6:10:21:
         05:44:d8:10:b9:38:68:53:b7:88:41:43:f4:76:40:a2:ff:11:
         83:2c:98:8f:59:7b:b5:71:b7:99:6f:5a:92:c9:43:24:94:84:
         9d:b3:4b:16:18:33:44:c0:7d:eb:f4:a0:e8:98:54:73:a1:0a:
         69:ff:54:13:40:bc:54:1a:9b:70:bc:95:48:da:b0:fe:bd:fe:
         a7:af:9c:9d:90:ad:ef:fb:0d:60:59:e8:e8:8b:6e:ef:cb:7d:
         6a:de:c9:7b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuKbushfucUW4AhXTKEbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMWJmZTZhN2RjNzdmNDAwMzcyODdjYTdhZjY1ZTM4NDg1
ZmM2ZTkwHhcNMjUxMTExMDcwMTU4WhcNMjUxMTEyMDcwMTU4WjAzMTEwLwYDVQQD
Eyg4NWQzMTNlZGM0NWI1ODY5YzRhZGQ1YzIyZWIwZThlM2FiZDM4YThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyU9r0YJ0WsiGneEADpUl+nt1vsk
sxV6ux1+SFLiPmOpjEkXG5CzS5Hvla+bN1LEC9rvIy62MDbOcA8VU20wJN0KMYyt
JInf+KLT8gzqnGqhZN4K99DLHUly0MF43eA7wi6z+x/q45pWgZldnJ8SdcWwa16j
7pR3ZQCV9aN7NuTvhEFJheRBoyPmrS/IOVt58Doz27bnOzdVOpEiU6bYaUSjBm79
EUO6DOoQhwYFsi7wrHafmNVokxZTaCMZnB78xajU5Gcp7ZsJW88EXSkxXkRJiU4s
SRUUfL6RcwstNHSedD6QeAmmfTkDhgL4pAEUsH/EVve5G29HoF+JUIvWtwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIXTE+3EW1hpxK3Vwi6w6OOr04qKMB8GA1UdIwQY
MBaAFKIb/mp9x39AA3KHynr2XjhIX8bpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2h2LWFuM0hmMEFEY29mS2V2WmVPRWhmeHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jZmI1NGQtYTU1My00MzI0LWI1NDEt
MGI1MzUxMjBmMzI3LzEvb2h2LWFuM0hmMEFEY29mS2V2WmVPRWhmeHVrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jZmI1NGQtYTU1My00MzI0LWI1NDEtMGI1MzUxMjBmMzI3
LzEvb2h2LWFuM0hmMEFEY29mS2V2WmVPRWhmeHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEANAOh6rWY
phnCawo74+XXzoi8ZTBKMxAVdAnNjbAnSTQak3b8J/GegmcTAx/8iqWYxL6wYp8G
HHSOLTq6i3kZrobWit/N5aZ7UyZB7Pmzno9W4xgKIPxvfyBJlZJPMJ02N6ZiT0IS
6nPQUw2Ana3LZCT9ozh+c2HATiO7HgBbbOosd8/wvhqiCYy7eJKj5FspX5VYzN9C
qlWS9jbUR+hWthAhBUTYELk4aFO3iEFD9HZAov8RgyyYj1l7tXG3mW9akslDJJSE
nbNLFhgzRMB96/Sg6JhUc6EKaf9UE0C8VBqbcLyVSNqw/r3+p6+cnZCt7/sNYFno
6Itu78t9at7Jew==
-----END CERTIFICATE-----