Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/c4d41f-60cd-4cbb-b253-19f1dab2d1b4/1/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.mft
File:                     hkmqSzKHNVNtJ8Fozb9OoXdwHc4.mft (raw, json)
Hash identifier:          T/5IHEMXD+B5xKoLZqqH0K2PY+n8YEVYz8tSo+92Sao=
Subject key identifier:   2C:39:42:32:A6:F8:E0:2F:47:3A:BE:46:3E:6D:A4:B7:2A:86:67:80
Authority key identifier: 86:49:AA:4B:32:87:35:53:6D:27:C1:68:CD:BF:4E:A1:77:70:1D:CE
Certificate issuer:       /CN=8649aa4b328735536d27c168cdbf4ea177701dce
Certificate serial:       019A7301120561540053AE252D23214401D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/c4d41f-60cd-4cbb-b253-19f1dab2d1b4/1/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 13:00:41 +0000
Manifest this update:     Tue 11 Nov 2025 13:00:41 +0000
Manifest next update:     Wed 12 Nov 2025 13:00:41 +0000
Files and hashes:         1: hkmqSzKHNVNtJ8Fozb9OoXdwHc4.crl (hash: 7zf3v0nFQAhsSs/duUacaOCCbqfLRpbdGo+Pe6YpEQM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/c4d41f-60cd-4cbb-b253-19f1dab2d1b4/1/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/c4d41f-60cd-4cbb-b253-19f1dab2d1b4/1/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:73:01:12:05:61:54:00:53:ae:25:2d:23:21:44:01:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8649aa4b328735536d27c168cdbf4ea177701dce
        Validity
            Not Before: Nov 11 13:00:41 2025 GMT
            Not After : Nov 12 13:00:41 2025 GMT
        Subject: CN=2c394232a6f8e02f473abe463e6da4b72a866780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:35:61:d3:d1:dc:f9:c6:b4:a6:da:24:4d:c7:
                    03:87:61:64:3f:90:cb:3b:b0:71:fe:a4:32:c1:6f:
                    ac:55:94:d8:df:64:18:12:b8:aa:77:d9:8b:00:09:
                    d1:e5:d4:26:ac:c0:80:55:1c:c1:1c:8e:0f:5f:ad:
                    5c:74:6b:2d:97:48:b2:b7:f9:b4:89:75:af:76:3b:
                    b0:ea:25:da:40:75:a2:f2:cc:42:56:1c:ef:d2:63:
                    56:de:af:7c:cc:2c:6e:ec:4d:61:40:ca:94:a7:17:
                    d9:66:7f:e4:21:ce:16:22:92:f0:e2:31:35:b0:ad:
                    be:c7:e7:ac:56:4a:dd:6c:ac:a1:9a:d5:63:b9:54:
                    be:f4:7a:a6:0a:f1:f6:9c:83:5e:78:59:85:67:da:
                    4e:01:9d:7a:ec:d9:52:90:b8:af:b5:05:f6:1e:aa:
                    9b:5f:4a:6e:00:51:56:e3:14:5b:86:40:e3:f2:c0:
                    63:b0:47:15:75:7e:0d:21:91:74:cd:a6:90:6e:fb:
                    69:be:bf:60:0c:0e:b3:e0:53:8e:67:02:90:76:36:
                    78:87:aa:6b:e1:7c:9d:f8:e3:3f:e1:69:05:4e:d8:
                    99:49:c7:dd:92:ec:80:51:91:02:cd:28:7e:b1:8c:
                    3c:74:a8:16:1d:fb:01:55:45:9b:2a:02:0c:4a:d4:
                    81:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:39:42:32:A6:F8:E0:2F:47:3A:BE:46:3E:6D:A4:B7:2A:86:67:80
            X509v3 Authority Key Identifier:
                keyid:86:49:AA:4B:32:87:35:53:6D:27:C1:68:CD:BF:4E:A1:77:70:1D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c4d41f-60cd-4cbb-b253-19f1dab2d1b4/1/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/c4d41f-60cd-4cbb-b253-19f1dab2d1b4/1/hkmqSzKHNVNtJ8Fozb9OoXdwHc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         b0:e1:88:18:4d:a5:a6:1d:a7:9a:69:0f:cb:1b:6c:70:1c:78:
         ab:1c:92:77:6f:0b:8a:f6:6f:75:ad:de:15:3b:29:3a:f9:db:
         d5:4d:06:dc:2c:39:e9:c8:00:de:f8:47:1c:60:0b:49:90:91:
         22:f0:21:3e:68:59:9a:3b:5b:cf:2c:ac:36:74:1a:22:32:14:
         fb:c3:93:74:f7:10:68:d8:87:c4:96:27:e5:ae:98:7e:b7:28:
         9c:53:3d:56:63:88:cf:8c:6e:26:5d:b1:08:6d:f6:85:c5:d7:
         31:56:03:6d:bc:18:33:c2:7a:e3:1f:66:23:09:b0:7b:04:41:
         77:34:ae:63:a8:2d:3b:74:0c:30:aa:0b:0f:31:fb:92:3c:27:
         98:82:b7:bf:e0:de:1c:39:52:26:2c:1e:b9:30:ac:0a:53:0e:
         73:e7:c1:57:db:9f:fb:09:6b:7d:74:dd:98:1a:d0:a8:03:2b:
         69:2f:dc:ce:0b:b1:5c:7a:bb:69:79:18:17:3e:42:60:fa:9d:
         9e:99:52:a8:0e:ce:bd:c0:cb:ef:bf:6c:4c:fc:52:ef:cb:c0:
         a1:62:59:23:40:24:69:41:ad:20:11:a9:bf:14:f7:db:ff:a8:
         1f:09:33:5a:72:df:41:2e:7c:c9:e5:ad:58:13:f3:7a:b0:bc:
         e5:30:f9:bd
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpzARIFYVQAU64lLSMhRAHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NDlhYTRiMzI4NzM1NTM2ZDI3YzE2OGNkYmY0ZWExNzc3
MDFkY2UwHhcNMjUxMTExMTMwMDQxWhcNMjUxMTEyMTMwMDQxWjAzMTEwLwYDVQQD
EygyYzM5NDIzMmE2ZjhlMDJmNDczYWJlNDYzZTZkYTRiNzJhODY2NzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDVh09Hc+ca0ptokTccDh2FkP5DL
O7Bx/qQywW+sVZTY32QYEriqd9mLAAnR5dQmrMCAVRzBHI4PX61cdGstl0iyt/m0
iXWvdjuw6iXaQHWi8sxCVhzv0mNW3q98zCxu7E1hQMqUpxfZZn/kIc4WIpLw4jE1
sK2+x+esVkrdbKyhmtVjuVS+9HqmCvH2nINeeFmFZ9pOAZ167NlSkLivtQX2Hqqb
X0puAFFW4xRbhkDj8sBjsEcVdX4NIZF0zaaQbvtpvr9gDA6z4FOOZwKQdjZ4h6pr
4Xyd+OM/4WkFTtiZScfdkuyAUZECzSh+sYw8dKgWHfsBVUWbKgIMStSB6wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCw5QjKm+OAvRzq+Rj5tpLcqhmeAMB8GA1UdIwQY
MBaAFIZJqksyhzVTbSfBaM2/TqF3cB3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGttcVN6S0hOVk50SjhGb3piOU9vWGR3SGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9jNGQ0MWYtNjBjZC00Y2JiLWIyNTMt
MTlmMWRhYjJkMWI0LzEvaGttcVN6S0hOVk50SjhGb3piOU9vWGR3SGM0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9jNGQ0MWYtNjBjZC00Y2JiLWIyNTMtMTlmMWRhYjJkMWI0
LzEvaGttcVN6S0hOVk50SjhGb3piOU9vWGR3SGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAsOGIGE2l
ph2nmmkPyxtscBx4qxySd28LivZvda3eFTspOvnb1U0G3Cw56cgA3vhHHGALSZCR
IvAhPmhZmjtbzyysNnQaIjIU+8OTdPcQaNiHxJYn5a6YfrconFM9VmOIz4xuJl2x
CG32hcXXMVYDbbwYM8J64x9mIwmwewRBdzSuY6gtO3QMMKoLDzH7kjwnmIK3v+De
HDlSJiweuTCsClMOc+fBV9uf+wlrfXTdmBrQqAMraS/czguxXHq7aXkYFz5CYPqd
nplSqA7OvcDL779sTPxS78vAoWJZI0AkaUGtIBGpvxT32/+oHwkzWnLfQS58yeWt
WBPzerC85TD5vQ==
-----END CERTIFICATE-----