Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/758a0f-3c4c-4310-9a72-5a27b8af28a5/1/2QrRERMYMAumeOiOBQKx_FHjU3k.mft
File:                     2QrRERMYMAumeOiOBQKx_FHjU3k.mft (raw, json)
Hash identifier:          rAQRBybrTI+O+wj83Yp1bR2DM/rzfDnDmaWZACPc4ss=
Subject key identifier:   CF:52:72:6F:62:38:94:75:B2:B3:F7:ED:82:BE:5B:2F:44:29:7B:2C
Authority key identifier: D9:0A:D1:11:13:18:30:0B:A6:78:E8:8E:05:02:B1:FC:51:E3:53:79
Certificate issuer:       /CN=d90ad1111318300ba678e88e0502b1fc51e35379
Certificate serial:       019A71EE6E92472A35A5A76177488DBFA17A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2QrRERMYMAumeOiOBQKx_FHjU3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/758a0f-3c4c-4310-9a72-5a27b8af28a5/1/2QrRERMYMAumeOiOBQKx_FHjU3k.mft
Manifest number:          0329
Signing time:             Tue 11 Nov 2025 08:00:42 +0000
Manifest this update:     Tue 11 Nov 2025 08:00:42 +0000
Manifest next update:     Wed 12 Nov 2025 08:00:42 +0000
Files and hashes:         1: 2QrRERMYMAumeOiOBQKx_FHjU3k.crl (hash: LnLt5U/sCnkBQKpBkhMagoGsb1h699Bd1OiPEuJaRFE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/758a0f-3c4c-4310-9a72-5a27b8af28a5/1/2QrRERMYMAumeOiOBQKx_FHjU3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/758a0f-3c4c-4310-9a72-5a27b8af28a5/1/2QrRERMYMAumeOiOBQKx_FHjU3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2QrRERMYMAumeOiOBQKx_FHjU3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:ee:6e:92:47:2a:35:a5:a7:61:77:48:8d:bf:a1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90ad1111318300ba678e88e0502b1fc51e35379
        Validity
            Not Before: Nov 11 08:00:42 2025 GMT
            Not After : Nov 12 08:00:42 2025 GMT
        Subject: CN=cf52726f62389475b2b3f7ed82be5b2f44297b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:00:67:14:9a:98:ed:b5:73:d8:fd:b0:75:df:
                    0f:98:55:0d:24:5e:46:d8:9c:0b:63:84:8f:a8:c3:
                    14:1e:2e:6f:97:2b:2c:26:20:6d:9e:c1:69:42:2f:
                    fc:5f:09:43:96:a7:99:1c:f0:a0:79:68:f4:2e:89:
                    2e:ef:93:87:49:99:c0:2e:57:53:64:6d:92:c1:8e:
                    1e:15:b1:ef:c0:21:c1:15:32:37:73:af:00:27:c6:
                    df:56:4f:c8:5d:8e:38:7c:29:52:b6:e8:27:f8:d7:
                    60:08:14:e3:dc:34:0f:39:5e:86:3c:07:41:76:aa:
                    68:e2:88:61:5b:74:e8:c6:41:5f:91:fb:bc:8c:f6:
                    16:51:fe:f1:66:0a:b9:6e:1b:7f:8d:69:83:73:42:
                    0d:8b:26:a0:ac:8a:94:39:0b:11:29:02:76:e8:7f:
                    2e:1f:74:1f:26:ee:0c:d0:d9:8e:a0:19:6c:ec:da:
                    fe:62:78:68:00:9a:7a:9e:ce:1e:ae:c5:5d:c6:8f:
                    5a:aa:e7:61:e5:11:c8:f6:02:b5:87:30:22:77:48:
                    36:a9:f8:b1:32:a1:01:da:4f:7f:c6:fe:3c:21:00:
                    f2:1f:f6:62:52:fa:61:04:1d:ed:84:70:b5:9d:91:
                    cf:15:7b:64:12:12:26:1c:16:43:74:d8:c0:36:c1:
                    3a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:52:72:6F:62:38:94:75:B2:B3:F7:ED:82:BE:5B:2F:44:29:7B:2C
            X509v3 Authority Key Identifier:
                keyid:D9:0A:D1:11:13:18:30:0B:A6:78:E8:8E:05:02:B1:FC:51:E3:53:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2QrRERMYMAumeOiOBQKx_FHjU3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/758a0f-3c4c-4310-9a72-5a27b8af28a5/1/2QrRERMYMAumeOiOBQKx_FHjU3k.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/758a0f-3c4c-4310-9a72-5a27b8af28a5/1/2QrRERMYMAumeOiOBQKx_FHjU3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         9b:e6:1b:61:d2:d5:c4:a5:c8:22:ef:40:1f:62:9f:0e:75:4e:
         51:e4:6c:46:7a:f7:07:0d:60:99:b4:30:9c:37:d0:91:32:95:
         95:de:d7:5f:51:03:ca:f3:27:d0:e2:3a:06:38:79:8e:44:57:
         06:6f:92:c3:11:42:6d:b4:62:a6:58:60:b2:38:5e:28:7d:b1:
         3b:c2:20:81:24:1d:eb:61:69:5e:f1:20:07:66:ce:89:31:93:
         4e:10:c3:89:10:7d:39:03:f1:ff:f8:b3:9f:1d:af:e3:f3:0b:
         dc:48:f1:2b:e3:21:e7:d1:9b:3c:b5:ca:11:e6:15:2d:e5:7b:
         96:bc:a2:3d:e4:40:e9:90:97:93:09:d0:6d:3c:86:3c:59:80:
         77:f9:32:c9:6f:4d:b4:74:79:53:5b:55:46:dc:44:25:1a:1c:
         27:d9:34:fa:ee:b1:d4:b6:33:10:53:f4:4d:06:57:68:ff:b3:
         4d:7c:7c:72:cf:bb:c1:a8:50:d2:ba:30:75:d6:e7:d5:da:b4:
         bc:ad:78:48:47:0c:29:98:5a:fe:0c:2e:dc:0f:df:bd:04:32:
         71:78:c5:c9:e4:fd:ce:42:4c:2d:46:40:61:e9:c2:1b:af:ff:
         1b:37:3c:85:32:52:47:2a:e4:aa:4c:d7:55:7e:a2:3c:3d:e6:
         dc:a4:a2:ee
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpx7m6SRyo1padhd0iNv6F6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MGFkMTExMTMxODMwMGJhNjc4ZTg4ZTA1MDJiMWZjNTFl
MzUzNzkwHhcNMjUxMTExMDgwMDQyWhcNMjUxMTEyMDgwMDQyWjAzMTEwLwYDVQQD
EyhjZjUyNzI2ZjYyMzg5NDc1YjJiM2Y3ZWQ4MmJlNWIyZjQ0Mjk3YjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArABnFJqY7bVz2P2wdd8PmFUNJF5G
2JwLY4SPqMMUHi5vlyssJiBtnsFpQi/8XwlDlqeZHPCgeWj0Loku75OHSZnALldT
ZG2SwY4eFbHvwCHBFTI3c68AJ8bfVk/IXY44fClStugn+NdgCBTj3DQPOV6GPAdB
dqpo4ohhW3ToxkFfkfu8jPYWUf7xZgq5bht/jWmDc0INiyagrIqUOQsRKQJ26H8u
H3QfJu4M0NmOoBls7Nr+YnhoAJp6ns4ersVdxo9aqudh5RHI9gK1hzAid0g2qfix
MqEB2k9/xv48IQDyH/ZiUvphBB3thHC1nZHPFXtkEhImHBZDdNjANsE6RQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFM9Scm9iOJR1srP37YK+Wy9EKXssMB8GA1UdIwQY
MBaAFNkK0RETGDALpnjojgUCsfxR41N5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlFyUkVSTVlNQXVtZU9pT0JRS3hfRkhqVTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS83NThhMGYtM2M0Yy00MzEwLTlhNzIt
NWEyN2I4YWYyOGE1LzEvMlFyUkVSTVlNQXVtZU9pT0JRS3hfRkhqVTNrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS83NThhMGYtM2M0Yy00MzEwLTlhNzItNWEyN2I4YWYyOGE1
LzEvMlFyUkVSTVlNQXVtZU9pT0JRS3hfRkhqVTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAm+YbYdLV
xKXIIu9AH2KfDnVOUeRsRnr3Bw1gmbQwnDfQkTKVld7XX1EDyvMn0OI6Bjh5jkRX
Bm+SwxFCbbRiplhgsjheKH2xO8IggSQd62FpXvEgB2bOiTGTThDDiRB9OQPx//iz
nx2v4/ML3EjxK+Mh59GbPLXKEeYVLeV7lryiPeRA6ZCXkwnQbTyGPFmAd/kyyW9N
tHR5U1tVRtxEJRocJ9k0+u6x1LYzEFP0TQZXaP+zTXx8cs+7wahQ0rowddbn1dq0
vK14SEcMKZha/gwu3A/fvQQycXjFyeT9zkJMLUZAYenCG6//Gzc8hTJSRyrkqkzX
VX6iPD3m3KSi7g==
-----END CERTIFICATE-----