Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/9cedd9-113b-4061-a632-4e1d167f0a9c/1/JOuXPcgi1CNuy911UB0mxD4chzk.mft
File:                     JOuXPcgi1CNuy911UB0mxD4chzk.mft (raw, json)
Hash identifier:          SeajxGCwhYGAMJ0QQOyC7lQnXJoM6lbdbo2eVeRXM4E=
Subject key identifier:   F3:FD:33:99:8E:E1:83:99:9F:ED:3A:65:52:EE:05:5E:3E:08:82:36
Authority key identifier: 24:EB:97:3D:C8:22:D4:23:6E:CB:DD:75:50:1D:26:C4:3E:1C:87:39
Certificate issuer:       /CN=24eb973dc822d4236ecbdd75501d26c43e1c8739
Certificate serial:       019A71B948F68DD144C2768765F644A31CD1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JOuXPcgi1CNuy911UB0mxD4chzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/9cedd9-113b-4061-a632-4e1d167f0a9c/1/JOuXPcgi1CNuy911UB0mxD4chzk.mft
Manifest number:          0BC3
Signing time:             Tue 11 Nov 2025 07:02:39 +0000
Manifest this update:     Tue 11 Nov 2025 07:02:39 +0000
Manifest next update:     Wed 12 Nov 2025 07:02:39 +0000
Files and hashes:         1: JOuXPcgi1CNuy911UB0mxD4chzk.crl (hash: NDAw+gq/XhbCDgzVdtaq6l+/gMZkuoOS4gH6OvBQFDg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/9cedd9-113b-4061-a632-4e1d167f0a9c/1/JOuXPcgi1CNuy911UB0mxD4chzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/9cedd9-113b-4061-a632-4e1d167f0a9c/1/JOuXPcgi1CNuy911UB0mxD4chzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JOuXPcgi1CNuy911UB0mxD4chzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b9:48:f6:8d:d1:44:c2:76:87:65:f6:44:a3:1c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24eb973dc822d4236ecbdd75501d26c43e1c8739
        Validity
            Not Before: Nov 11 07:02:39 2025 GMT
            Not After : Nov 12 07:02:39 2025 GMT
        Subject: CN=f3fd33998ee183999fed3a6552ee055e3e088236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6a:b7:ae:9e:d1:6c:47:fd:9e:87:0a:bb:69:
                    75:2d:d8:8b:67:93:37:d0:fc:5d:ff:f1:5a:66:91:
                    5d:0e:d0:ba:25:77:17:ce:ee:ff:36:5f:0c:6a:d9:
                    8c:f2:10:34:c8:aa:34:7f:f5:db:9d:9b:a2:01:f2:
                    8d:ff:db:2a:1d:b9:63:4c:3f:b5:c5:ca:a0:f4:d0:
                    9a:ec:f6:f4:c4:d8:e0:c4:1f:f8:d6:4f:83:b6:53:
                    36:47:65:6a:f4:65:64:96:6a:71:ad:a4:d8:14:67:
                    14:da:9d:e5:aa:63:bb:dd:ac:c5:a5:fd:65:2c:1a:
                    11:6d:d1:ea:b3:c2:85:ae:7c:10:6f:99:6a:b8:6d:
                    c5:c2:4a:ad:98:82:db:f3:b6:ad:8c:c3:a8:06:ac:
                    1c:bd:47:bd:4e:2b:fc:c4:27:0a:e4:be:79:ce:b4:
                    e3:4f:11:8d:58:d1:05:18:25:ed:8c:d4:db:2e:6c:
                    a5:0b:9a:70:72:e4:6d:3f:57:ae:01:4c:6a:8a:c0:
                    9a:2b:9d:54:c9:a5:9e:c0:8a:9b:82:41:4b:68:be:
                    46:a4:66:91:2f:a9:c0:83:d1:b9:d1:3b:8e:4c:15:
                    17:10:aa:93:60:75:0b:aa:0d:1b:2f:76:75:24:d3:
                    b6:36:32:04:f3:fb:6d:67:1f:b9:f9:01:f2:77:34:
                    c2:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:FD:33:99:8E:E1:83:99:9F:ED:3A:65:52:EE:05:5E:3E:08:82:36
            X509v3 Authority Key Identifier:
                keyid:24:EB:97:3D:C8:22:D4:23:6E:CB:DD:75:50:1D:26:C4:3E:1C:87:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JOuXPcgi1CNuy911UB0mxD4chzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9cedd9-113b-4061-a632-4e1d167f0a9c/1/JOuXPcgi1CNuy911UB0mxD4chzk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9cedd9-113b-4061-a632-4e1d167f0a9c/1/JOuXPcgi1CNuy911UB0mxD4chzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a6:9a:9d:d5:a6:7c:71:11:09:3d:17:cd:d3:42:df:be:74:4d:
         a1:53:d3:35:87:ac:b4:dc:80:54:a6:0d:79:6e:74:e9:16:25:
         70:c2:00:8f:74:30:5b:ff:5d:50:8f:ce:35:be:ec:49:05:42:
         be:8a:dd:16:fe:84:ac:97:4d:fb:10:82:00:df:76:9d:e6:f7:
         96:0e:48:84:3e:dc:0f:a5:a4:4e:68:59:9c:a7:3a:9e:44:85:
         99:e0:1a:d6:62:29:1a:0b:a4:75:bd:28:97:4c:f3:65:48:ba:
         bb:10:71:ec:c3:41:20:3b:99:5c:a0:cd:a6:ac:d7:62:65:73:
         a4:70:08:10:57:9c:15:b4:d8:2e:35:7b:e7:30:1c:54:2b:12:
         ec:79:f1:ab:91:43:12:d8:fe:33:98:21:50:ea:f3:b9:9d:dc:
         46:d7:2b:be:c2:c7:e0:8f:23:2a:c0:96:95:f7:db:09:59:ad:
         2e:c5:0f:56:ee:f2:86:2b:5c:57:0b:22:bf:5a:ec:31:8f:b0:
         3c:8d:6e:73:a9:01:d2:c9:fc:57:ee:98:20:5f:8c:e4:43:ee:
         c0:90:b1:2f:e2:6c:96:dd:28:10:e6:7b:43:b9:8e:a4:b9:8b:
         22:de:53:f2:fb:25:85:00:48:51:e7:89:f9:cc:c5:6a:55:32:
         6d:96:50:31
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuUj2jdFEwnaHZfZEoxzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0ZWI5NzNkYzgyMmQ0MjM2ZWNiZGQ3NTUwMWQyNmM0M2Ux
Yzg3MzkwHhcNMjUxMTExMDcwMjM5WhcNMjUxMTEyMDcwMjM5WjAzMTEwLwYDVQQD
EyhmM2ZkMzM5OThlZTE4Mzk5OWZlZDNhNjU1MmVlMDU1ZTNlMDg4MjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGq3rp7RbEf9nocKu2l1LdiLZ5M3
0Pxd//FaZpFdDtC6JXcXzu7/Nl8MatmM8hA0yKo0f/XbnZuiAfKN/9sqHbljTD+1
xcqg9NCa7Pb0xNjgxB/41k+DtlM2R2Vq9GVklmpxraTYFGcU2p3lqmO73azFpf1l
LBoRbdHqs8KFrnwQb5lquG3FwkqtmILb87atjMOoBqwcvUe9Tiv8xCcK5L55zrTj
TxGNWNEFGCXtjNTbLmylC5pwcuRtP1euAUxqisCaK51UyaWewIqbgkFLaL5GpGaR
L6nAg9G50TuOTBUXEKqTYHULqg0bL3Z1JNO2NjIE8/ttZx+5+QHydzTCQQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPP9M5mO4YOZn+06ZVLuBV4+CII2MB8GA1UdIwQY
MBaAFCTrlz3IItQjbsvddVAdJsQ+HIc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSk91WFBjZ2kxQ051eTkxMVVCMG14RDRjaHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny85Y2VkZDktMTEzYi00MDYxLWE2MzIt
NGUxZDE2N2YwYTljLzEvSk91WFBjZ2kxQ051eTkxMVVCMG14RDRjaHprLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny85Y2VkZDktMTEzYi00MDYxLWE2MzItNGUxZDE2N2YwYTlj
LzEvSk91WFBjZ2kxQ051eTkxMVVCMG14RDRjaHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAppqd1aZ8
cREJPRfN00LfvnRNoVPTNYestNyAVKYNeW506RYlcMIAj3QwW/9dUI/ONb7sSQVC
vordFv6ErJdN+xCCAN92neb3lg5IhD7cD6WkTmhZnKc6nkSFmeAa1mIpGgukdb0o
l0zzZUi6uxBx7MNBIDuZXKDNpqzXYmVzpHAIEFecFbTYLjV75zAcVCsS7Hnxq5FD
Etj+M5ghUOrzuZ3cRtcrvsLH4I8jKsCWlffbCVmtLsUPVu7yhitcVwsiv1rsMY+w
PI1uc6kB0sn8V+6YIF+M5EPuwJCxL+Jslt0oEOZ7Q7mOpLmLIt5T8vslhQBIUeeJ
+czFalUybZZQMQ==
-----END CERTIFICATE-----