Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/41a443-ee2b-4646-ba68-aab6c8ba5bd4/1/KHtQElUXlEJ0oUa7rNZOaRog-gY.mft
File:                     KHtQElUXlEJ0oUa7rNZOaRog-gY.mft (raw, json)
Hash identifier:          zGQawmxsG2LfmYp0RP04mu76zzeL/RjS7Bo9gcLUtKU=
Subject key identifier:   81:AD:E1:93:CA:4E:E7:CC:F3:21:B9:B4:15:F7:83:6B:94:30:A2:49
Authority key identifier: 28:7B:50:12:55:17:94:42:74:A1:46:BB:AC:D6:4E:69:1A:20:FA:06
Certificate issuer:       /CN=287b50125517944274a146bbacd64e691a20fa06
Certificate serial:       019A71B84E1E88EBAF92461F495317B25A58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KHtQElUXlEJ0oUa7rNZOaRog-gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/41a443-ee2b-4646-ba68-aab6c8ba5bd4/1/KHtQElUXlEJ0oUa7rNZOaRog-gY.mft
Manifest number:          0FC9
Signing time:             Tue 11 Nov 2025 07:01:35 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:35 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:35 +0000
Files and hashes:         1: KHtQElUXlEJ0oUa7rNZOaRog-gY.crl (hash: x2P7ul7xqk4F5hg1dxwu26Lk/AzBPj3h70AiqT8cLTI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/41a443-ee2b-4646-ba68-aab6c8ba5bd4/1/KHtQElUXlEJ0oUa7rNZOaRog-gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/41a443-ee2b-4646-ba68-aab6c8ba5bd4/1/KHtQElUXlEJ0oUa7rNZOaRog-gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KHtQElUXlEJ0oUa7rNZOaRog-gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:4e:1e:88:eb:af:92:46:1f:49:53:17:b2:5a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=287b50125517944274a146bbacd64e691a20fa06
        Validity
            Not Before: Nov 11 07:01:35 2025 GMT
            Not After : Nov 12 07:01:35 2025 GMT
        Subject: CN=81ade193ca4ee7ccf321b9b415f7836b9430a249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:98:a2:d2:3e:10:13:2a:3c:c9:63:66:b9:4b:
                    c1:db:a1:3b:56:ce:cf:20:ce:75:ac:1c:ad:b7:d5:
                    58:2a:e9:b3:10:70:4b:20:12:c4:6a:0a:b8:8d:8d:
                    d7:97:45:12:bd:99:b4:df:e0:73:70:77:77:01:a8:
                    35:4c:1d:c6:80:bb:fb:6c:24:71:fe:d9:3e:b0:40:
                    db:e2:15:a2:3b:51:ec:ca:d8:67:4b:84:80:47:10:
                    ce:3f:10:0e:27:46:7a:73:7e:32:0a:eb:60:df:9a:
                    2e:9a:8f:0e:7c:41:51:ea:94:49:4b:03:f4:10:b2:
                    bd:45:fa:14:96:35:dd:e0:cb:8b:0f:80:77:1f:ec:
                    12:53:76:a0:cb:51:9e:aa:23:08:17:44:99:90:3d:
                    20:00:d7:80:9a:37:72:2b:ac:c3:9d:ca:b8:94:76:
                    a2:f9:88:f6:28:6d:a6:69:2e:80:08:cb:25:78:3a:
                    90:0a:0c:ed:48:f6:eb:7d:20:f7:c8:2a:21:8b:11:
                    ee:14:88:41:2e:72:73:eb:9f:70:4f:21:18:bf:91:
                    8d:18:bb:4a:52:7e:36:a6:79:e5:37:42:dc:76:12:
                    83:25:e3:12:81:aa:ca:4c:b3:85:cd:75:c6:65:6e:
                    38:2f:b6:cd:44:d7:4b:3a:53:e8:a6:3e:14:85:4b:
                    6a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:AD:E1:93:CA:4E:E7:CC:F3:21:B9:B4:15:F7:83:6B:94:30:A2:49
            X509v3 Authority Key Identifier:
                keyid:28:7B:50:12:55:17:94:42:74:A1:46:BB:AC:D6:4E:69:1A:20:FA:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KHtQElUXlEJ0oUa7rNZOaRog-gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/41a443-ee2b-4646-ba68-aab6c8ba5bd4/1/KHtQElUXlEJ0oUa7rNZOaRog-gY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/41a443-ee2b-4646-ba68-aab6c8ba5bd4/1/KHtQElUXlEJ0oUa7rNZOaRog-gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1d:99:a6:0a:1c:c4:fa:a8:eb:26:e3:67:9f:ad:74:03:bc:4b:
         22:b6:52:81:ca:2c:69:b6:a0:d3:32:72:88:85:9a:b3:ea:71:
         ee:89:a2:3a:aa:35:b5:e7:79:36:74:79:58:b8:d6:e8:26:61:
         c7:44:04:73:77:06:44:8e:b6:5e:f2:8f:11:30:8d:74:0d:91:
         39:c0:24:bf:27:8e:83:c8:3e:77:bc:29:59:9e:55:5d:c6:3d:
         2a:31:7a:09:84:09:04:ca:38:0b:87:8f:a8:9c:92:14:69:ed:
         e9:b3:c9:89:d1:43:65:9d:97:c9:22:4a:cd:7b:62:cd:aa:74:
         09:e4:64:6b:e1:e0:22:64:db:30:17:d2:3c:8b:0f:e9:cd:51:
         2a:df:e1:64:9f:ea:62:65:1e:7c:c7:a4:a1:32:61:61:ba:e3:
         64:7b:c0:3d:d8:1b:bf:5d:aa:b2:7c:1d:90:86:6e:5b:4b:18:
         d0:8c:10:a7:14:71:14:6e:06:54:58:3a:d1:ca:26:95:46:0c:
         3d:0e:e4:3b:ed:a9:2e:d8:bf:37:3e:41:d7:3b:84:8f:a0:17:
         e1:db:7a:b4:44:a3:37:ba:c8:f3:de:58:34:b2:45:4f:5a:c7:
         48:0d:f3:8f:bb:37:6e:d7:8f:e2:a8:cb:9b:fa:45:b5:26:e2:
         a7:15:27:bd
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuE4eiOuvkkYfSVMXslpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4N2I1MDEyNTUxNzk0NDI3NGExNDZiYmFjZDY0ZTY5MWEy
MGZhMDYwHhcNMjUxMTExMDcwMTM1WhcNMjUxMTEyMDcwMTM1WjAzMTEwLwYDVQQD
Eyg4MWFkZTE5M2NhNGVlN2NjZjMyMWI5YjQxNWY3ODM2Yjk0MzBhMjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5ii0j4QEyo8yWNmuUvB26E7Vs7P
IM51rBytt9VYKumzEHBLIBLEagq4jY3Xl0USvZm03+BzcHd3Aag1TB3GgLv7bCRx
/tk+sEDb4hWiO1HsythnS4SARxDOPxAOJ0Z6c34yCutg35oumo8OfEFR6pRJSwP0
ELK9RfoUljXd4MuLD4B3H+wSU3agy1GeqiMIF0SZkD0gANeAmjdyK6zDncq4lHai
+Yj2KG2maS6ACMsleDqQCgztSPbrfSD3yCohixHuFIhBLnJz659wTyEYv5GNGLtK
Un42pnnlN0LcdhKDJeMSgarKTLOFzXXGZW44L7bNRNdLOlPopj4UhUtqDQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIGt4ZPKTufM8yG5tBX3g2uUMKJJMB8GA1UdIwQY
MBaAFCh7UBJVF5RCdKFGu6zWTmkaIPoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0h0UUVsVVhsRUowb1VhN3JOWk9hUm9nLWdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MWE0NDMtZWUyYi00NjQ2LWJhNjgt
YWFiNmM4YmE1YmQ0LzEvS0h0UUVsVVhsRUowb1VhN3JOWk9hUm9nLWdZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MWE0NDMtZWUyYi00NjQ2LWJhNjgtYWFiNmM4YmE1YmQ0
LzEvS0h0UUVsVVhsRUowb1VhN3JOWk9hUm9nLWdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAHZmmChzE
+qjrJuNnn610A7xLIrZSgcosabag0zJyiIWas+px7omiOqo1ted5NnR5WLjW6CZh
x0QEc3cGRI62XvKPETCNdA2ROcAkvyeOg8g+d7wpWZ5VXcY9KjF6CYQJBMo4C4eP
qJySFGnt6bPJidFDZZ2XySJKzXtizap0CeRka+HgImTbMBfSPIsP6c1RKt/hZJ/q
YmUefMekoTJhYbrjZHvAPdgbv12qsnwdkIZuW0sY0IwQpxRxFG4GVFg60comlUYM
PQ7kO+2pLti/Nz5B1zuEj6AX4dt6tESjN7rI895YNLJFT1rHSA3zj7s3bteP4qjL
m/pFtSbipxUnvQ==
-----END CERTIFICATE-----