Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/1ce3e3-c859-4b71-b6d2-9359d8de2975/1/iQ8_qyNJwBsayP0LkhxgMYzhhNY.mft
File:                     iQ8_qyNJwBsayP0LkhxgMYzhhNY.mft (raw, json)
Hash identifier:          InKA/B4J7IAEE8mxLJnQtzhDmERQ1H60OlZkA567/EA=
Subject key identifier:   DC:BF:E4:DD:14:AD:35:31:CB:B8:79:8E:B0:D1:B9:87:2D:2B:25:28
Authority key identifier: 89:0F:3F:AB:23:49:C0:1B:1A:C8:FD:0B:92:1C:60:31:8C:E1:84:D6
Certificate issuer:       /CN=890f3fab2349c01b1ac8fd0b921c60318ce184d6
Certificate serial:       019922C35177594CB9A1CFA567026F4D86D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iQ8_qyNJwBsayP0LkhxgMYzhhNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/1ce3e3-c859-4b71-b6d2-9359d8de2975/1/iQ8_qyNJwBsayP0LkhxgMYzhhNY.mft
Manifest number:          0649
Signing time:             Sun 07 Sep 2025 06:00:49 +0000
Manifest this update:     Sun 07 Sep 2025 06:00:49 +0000
Manifest next update:     Mon 08 Sep 2025 06:00:49 +0000
Files and hashes:         1: iQ8_qyNJwBsayP0LkhxgMYzhhNY.crl (hash: l3tVSU1IoDq3TcxwPdbdEzQECjKifEN20Bpl+GPaHM4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/1ce3e3-c859-4b71-b6d2-9359d8de2975/1/iQ8_qyNJwBsayP0LkhxgMYzhhNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/1ce3e3-c859-4b71-b6d2-9359d8de2975/1/iQ8_qyNJwBsayP0LkhxgMYzhhNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iQ8_qyNJwBsayP0LkhxgMYzhhNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 06:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:22:c3:51:77:59:4c:b9:a1:cf:a5:67:02:6f:4d:86:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=890f3fab2349c01b1ac8fd0b921c60318ce184d6
        Validity
            Not Before: Sep  7 06:00:49 2025 GMT
            Not After : Sep  8 06:00:49 2025 GMT
        Subject: CN=dcbfe4dd14ad3531cbb8798eb0d1b9872d2b2528
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:dc:8f:a1:b4:cd:01:da:9c:90:a2:fc:a5:0e:
                    64:d2:b7:7f:c1:b8:6c:20:41:d9:aa:82:87:92:b9:
                    5e:d3:3d:3b:f7:ec:2c:20:b9:73:4a:08:38:ba:37:
                    d9:ae:8f:da:f7:f8:90:fc:7d:49:44:69:94:1a:2c:
                    aa:3c:a0:2a:54:5d:3f:8b:dc:65:09:5a:73:75:6a:
                    77:f5:ee:97:ad:f5:47:0c:e0:67:08:09:53:27:fe:
                    47:41:f0:e7:d9:97:2f:58:02:03:ed:53:77:b8:4a:
                    bf:fd:6c:89:1f:a3:b8:47:be:3b:c4:c7:ee:c0:e5:
                    72:34:f1:81:3a:ed:81:36:e9:d9:ef:3b:24:8a:27:
                    0e:f7:e6:ce:13:b2:72:ce:68:ab:e2:70:1a:ae:b5:
                    ec:76:2c:49:0c:25:c4:1e:57:dc:09:a4:a7:09:0f:
                    8f:91:1f:c4:3f:33:11:21:3b:91:6a:bb:44:7c:e3:
                    93:a5:e0:06:4e:b0:44:0d:60:2d:87:a2:17:cd:56:
                    80:47:15:ed:67:6a:8f:a4:14:aa:38:50:e3:f9:ae:
                    9a:30:56:f4:56:bb:d3:d4:eb:ca:b9:82:62:a5:95:
                    49:69:4d:dd:a3:30:ea:3d:f2:c6:91:6a:43:74:02:
                    8f:43:36:b2:be:de:aa:fd:2d:c4:bf:a3:93:4c:40:
                    d9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:BF:E4:DD:14:AD:35:31:CB:B8:79:8E:B0:D1:B9:87:2D:2B:25:28
            X509v3 Authority Key Identifier:
                keyid:89:0F:3F:AB:23:49:C0:1B:1A:C8:FD:0B:92:1C:60:31:8C:E1:84:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iQ8_qyNJwBsayP0LkhxgMYzhhNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/1ce3e3-c859-4b71-b6d2-9359d8de2975/1/iQ8_qyNJwBsayP0LkhxgMYzhhNY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/1ce3e3-c859-4b71-b6d2-9359d8de2975/1/iQ8_qyNJwBsayP0LkhxgMYzhhNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         96:80:a4:a3:33:dc:d0:17:54:d7:22:4c:5e:3e:a9:74:bf:66:
         d9:d4:bb:7b:08:b7:88:f4:cb:d1:28:2f:c9:4f:14:11:54:7c:
         df:e7:fa:5a:9e:6c:31:c2:b9:4a:4b:94:bb:0b:37:0c:7a:02:
         33:31:1c:76:27:f5:5a:79:76:18:59:21:8f:59:b5:ce:36:7e:
         b2:34:39:70:67:92:8e:24:ea:17:e9:40:6f:a3:03:b6:ae:75:
         ed:30:dd:07:da:18:65:d8:33:6c:66:65:3b:b5:f6:88:61:f9:
         2a:63:8f:80:61:9c:12:03:6c:5a:6c:1b:44:a2:32:65:4f:a9:
         c9:c9:53:33:66:5d:08:a8:77:95:b4:db:36:14:55:37:a3:c9:
         6e:d4:84:0b:0d:ec:ea:38:8d:f8:1f:41:f9:8c:65:a5:8f:ac:
         01:a4:e9:bb:cf:62:5f:88:a2:54:ba:ec:c2:14:1e:76:2b:e0:
         96:36:99:31:6e:e2:11:8a:b3:31:9a:ad:bf:be:a1:28:c7:a2:
         1d:f4:c1:f5:38:07:6e:fa:8f:5f:a2:81:83:f7:b3:86:ab:7f:
         c6:d5:03:af:6f:4f:cb:21:fd:b9:d5:cb:17:ff:3b:73:e2:93:
         13:97:8b:85:44:b9:2f:a1:e7:14:49:b4:1d:1c:6c:93:ff:ef:
         75:f4:4b:70
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZkiw1F3WUy5oc+lZwJvTYbXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MGYzZmFiMjM0OWMwMWIxYWM4ZmQwYjkyMWM2MDMxOGNl
MTg0ZDYwHhcNMjUwOTA3MDYwMDQ5WhcNMjUwOTA4MDYwMDQ5WjAzMTEwLwYDVQQD
EyhkY2JmZTRkZDE0YWQzNTMxY2JiODc5OGViMGQxYjk4NzJkMmIyNTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNyPobTNAdqckKL8pQ5k0rd/wbhs
IEHZqoKHkrle0z079+wsILlzSgg4ujfZro/a9/iQ/H1JRGmUGiyqPKAqVF0/i9xl
CVpzdWp39e6XrfVHDOBnCAlTJ/5HQfDn2ZcvWAID7VN3uEq//WyJH6O4R747xMfu
wOVyNPGBOu2BNunZ7zskiicO9+bOE7Jyzmir4nAarrXsdixJDCXEHlfcCaSnCQ+P
kR/EPzMRITuRartEfOOTpeAGTrBEDWAth6IXzVaARxXtZ2qPpBSqOFDj+a6aMFb0
VrvT1OvKuYJipZVJaU3dozDqPfLGkWpDdAKPQzayvt6q/S3Ev6OTTEDZMQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNy/5N0UrTUxy7h5jrDRuYctKyUoMB8GA1UdIwQY
MBaAFIkPP6sjScAbGsj9C5IcYDGM4YTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVE4X3F5Tkp3QnNheVAwTGtoeGdNWXpoaE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8xY2UzZTMtYzg1OS00YjcxLWI2ZDIt
OTM1OWQ4ZGUyOTc1LzEvaVE4X3F5Tkp3QnNheVAwTGtoeGdNWXpoaE5ZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8xY2UzZTMtYzg1OS00YjcxLWI2ZDItOTM1OWQ4ZGUyOTc1
LzEvaVE4X3F5Tkp3QnNheVAwTGtoeGdNWXpoaE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAloCkozPc
0BdU1yJMXj6pdL9m2dS7ewi3iPTL0SgvyU8UEVR83+f6Wp5sMcK5SkuUuws3DHoC
MzEcdif1Wnl2GFkhj1m1zjZ+sjQ5cGeSjiTqF+lAb6MDtq517TDdB9oYZdgzbGZl
O7X2iGH5KmOPgGGcEgNsWmwbRKIyZU+pyclTM2ZdCKh3lbTbNhRVN6PJbtSECw3s
6jiN+B9B+YxlpY+sAaTpu89iX4iiVLrswhQedivgljaZMW7iEYqzMZqtv76hKMei
HfTB9TgHbvqPX6KBg/ezhqt/xtUDr29PyyH9udXLF/87c+KTE5eLhUS5L6HnFEm0
HRxsk//vdfRLcA==
-----END CERTIFICATE-----