Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/ed63bf-2b0e-4c9b-98b5-4a251cbec791/1/QTsVW4BGJkf4WUaogk0in-6q--Y.mft
File:                     QTsVW4BGJkf4WUaogk0in-6q--Y.mft (raw, json)
Hash identifier:          t8I6WuB3CZozEZtaOiuN/nJxMkv8wskbGRviD7PujR4=
Subject key identifier:   C1:D0:34:AB:A7:7F:00:4D:8B:6C:65:DA:69:89:BB:C6:74:88:85:5F
Authority key identifier: 41:3B:15:5B:80:46:26:47:F8:59:46:A8:82:4D:22:9F:EE:AA:FB:E6
Certificate issuer:       /CN=413b155b80462647f85946a8824d229feeaafbe6
Certificate serial:       019A7293B5BAE21E8D83117440C18F737AE7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QTsVW4BGJkf4WUaogk0in-6q--Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/ed63bf-2b0e-4c9b-98b5-4a251cbec791/1/QTsVW4BGJkf4WUaogk0in-6q--Y.mft
Manifest number:          02A1
Signing time:             Tue 11 Nov 2025 11:01:14 +0000
Manifest this update:     Tue 11 Nov 2025 11:01:14 +0000
Manifest next update:     Wed 12 Nov 2025 11:01:14 +0000
Files and hashes:         1: QTsVW4BGJkf4WUaogk0in-6q--Y.crl (hash: j+P1lC8F5Z3KWW+otcH303IxucgMDcjhkdLyjDESSoY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/ed63bf-2b0e-4c9b-98b5-4a251cbec791/1/QTsVW4BGJkf4WUaogk0in-6q--Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/ed63bf-2b0e-4c9b-98b5-4a251cbec791/1/QTsVW4BGJkf4WUaogk0in-6q--Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QTsVW4BGJkf4WUaogk0in-6q--Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:93:b5:ba:e2:1e:8d:83:11:74:40:c1:8f:73:7a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=413b155b80462647f85946a8824d229feeaafbe6
        Validity
            Not Before: Nov 11 11:01:14 2025 GMT
            Not After : Nov 12 11:01:14 2025 GMT
        Subject: CN=c1d034aba77f004d8b6c65da6989bbc67488855f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:69:1d:da:14:21:a1:60:9f:06:37:b5:08:85:
                    c4:bf:c9:e4:54:34:aa:1f:0a:a7:8a:4f:be:5c:bc:
                    20:19:f4:92:37:e7:09:1a:34:d0:0a:83:78:54:dc:
                    5c:9d:94:3c:61:5a:50:fe:9c:e4:2c:ce:6d:1d:a9:
                    6f:9c:2e:af:06:5c:15:ce:41:47:f5:98:b7:7e:c9:
                    a0:7b:16:d8:fc:d6:95:ea:d2:55:28:25:96:a7:52:
                    68:52:b4:a5:84:b1:bd:5b:42:44:60:73:9e:b8:ed:
                    89:d2:9e:d5:48:67:c9:03:67:88:92:d9:33:57:50:
                    a3:80:61:4f:92:63:ff:fd:f4:ba:38:95:ab:fb:b7:
                    0c:de:1f:a3:72:79:10:3a:66:8e:9c:03:11:ca:92:
                    74:40:82:19:58:14:7f:9e:51:1e:ef:a0:41:d3:00:
                    b4:5d:d4:8e:73:65:5e:74:62:71:c4:5d:80:90:13:
                    03:3c:d4:39:04:ef:01:86:bd:99:62:2b:aa:7f:85:
                    03:e6:7d:b4:40:81:b5:55:49:e2:19:37:50:a6:f7:
                    b5:56:9d:c4:2d:4d:2f:8a:77:a0:66:f7:65:74:fa:
                    c6:d0:02:88:fe:cf:53:40:0b:3b:c4:e4:79:5d:aa:
                    ba:e5:91:f4:84:58:b9:fd:43:f8:81:de:b1:e7:79:
                    69:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:D0:34:AB:A7:7F:00:4D:8B:6C:65:DA:69:89:BB:C6:74:88:85:5F
            X509v3 Authority Key Identifier:
                keyid:41:3B:15:5B:80:46:26:47:F8:59:46:A8:82:4D:22:9F:EE:AA:FB:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QTsVW4BGJkf4WUaogk0in-6q--Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ed63bf-2b0e-4c9b-98b5-4a251cbec791/1/QTsVW4BGJkf4WUaogk0in-6q--Y.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ed63bf-2b0e-4c9b-98b5-4a251cbec791/1/QTsVW4BGJkf4WUaogk0in-6q--Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a4:45:9f:6a:bf:ac:6e:fe:95:d1:e1:fa:30:fd:cc:96:b4:00:
         43:b1:c1:d7:39:b7:64:4e:f0:04:4d:cd:13:22:55:a2:99:24:
         6c:a2:ec:de:fc:32:e7:f7:76:04:ae:27:48:0a:68:90:84:93:
         8d:7b:bf:4a:22:4e:a9:b7:3b:e7:73:3d:62:7e:8a:86:e6:70:
         38:1a:06:ad:ed:cc:2b:27:58:29:10:b5:5b:86:b3:59:48:ea:
         0c:2b:9f:46:6c:b7:81:3f:30:72:39:ef:ea:48:35:74:a5:16:
         dc:4c:23:5a:81:c6:5b:17:23:2f:cb:61:62:ac:e0:12:b2:0f:
         fc:cd:ac:ba:59:aa:38:0a:12:b5:45:08:fc:8b:ce:16:94:90:
         5b:c1:8f:1f:7c:7e:ba:0f:20:49:27:e0:15:19:3b:77:4a:da:
         75:17:e3:83:3e:79:af:d6:c4:a8:e2:66:95:c0:23:69:e5:3b:
         4f:16:04:d6:b2:d4:bc:0f:02:7a:ae:cd:b4:e4:60:78:b3:50:
         02:16:63:0a:e2:0b:58:59:42:39:1f:96:d1:75:11:5e:4f:9d:
         bd:38:25:9f:b9:fb:68:77:d0:62:ba:da:63:8d:f5:41:9e:a6:
         25:62:0b:3b:79:42:49:09:23:8c:d8:30:df:84:f9:90:58:48:
         89:8f:11:53
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyk7W64h6NgxF0QMGPc3rnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxM2IxNTViODA0NjI2NDdmODU5NDZhODgyNGQyMjlmZWVh
YWZiZTYwHhcNMjUxMTExMTEwMTE0WhcNMjUxMTEyMTEwMTE0WjAzMTEwLwYDVQQD
EyhjMWQwMzRhYmE3N2YwMDRkOGI2YzY1ZGE2OTg5YmJjNjc0ODg4NTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmkd2hQhoWCfBje1CIXEv8nkVDSq
Hwqnik++XLwgGfSSN+cJGjTQCoN4VNxcnZQ8YVpQ/pzkLM5tHalvnC6vBlwVzkFH
9Zi3fsmgexbY/NaV6tJVKCWWp1JoUrSlhLG9W0JEYHOeuO2J0p7VSGfJA2eIktkz
V1CjgGFPkmP//fS6OJWr+7cM3h+jcnkQOmaOnAMRypJ0QIIZWBR/nlEe76BB0wC0
XdSOc2VedGJxxF2AkBMDPNQ5BO8Bhr2ZYiuqf4UD5n20QIG1VUniGTdQpve1Vp3E
LU0vinegZvdldPrG0AKI/s9TQAs7xOR5Xaq65ZH0hFi5/UP4gd6x53lp8QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMHQNKunfwBNi2xl2mmJu8Z0iIVfMB8GA1UdIwQY
MBaAFEE7FVuARiZH+FlGqIJNIp/uqvvmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVRzVlc0QkdKa2Y0V1Vhb2drMGluLTZxLS1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9lZDYzYmYtMmIwZS00YzliLTk4YjUt
NGEyNTFjYmVjNzkxLzEvUVRzVlc0QkdKa2Y0V1Vhb2drMGluLTZxLS1ZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9lZDYzYmYtMmIwZS00YzliLTk4YjUtNGEyNTFjYmVjNzkx
LzEvUVRzVlc0QkdKa2Y0V1Vhb2drMGluLTZxLS1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEApEWfar+s
bv6V0eH6MP3MlrQAQ7HB1zm3ZE7wBE3NEyJVopkkbKLs3vwy5/d2BK4nSApokIST
jXu/SiJOqbc753M9Yn6KhuZwOBoGre3MKydYKRC1W4azWUjqDCufRmy3gT8wcjnv
6kg1dKUW3EwjWoHGWxcjL8thYqzgErIP/M2sulmqOAoStUUI/IvOFpSQW8GPH3x+
ug8gSSfgFRk7d0radRfjgz55r9bEqOJmlcAjaeU7TxYE1rLUvA8Ceq7NtORgeLNQ
AhZjCuILWFlCOR+W0XURXk+dvTgln7n7aHfQYrraY431QZ6mJWILO3lCSQkjjNgw
34T5kFhIiY8RUw==
-----END CERTIFICATE-----