Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
File:                     OpzyvclyZDBARldYsyWap8kubhw.mft (raw, json)
Hash identifier:          tQsZBhBRCFqw5+Sg68VfuLKGfuETK04cD9X1dB54uDw=
Subject key identifier:   7E:F3:4D:5B:A1:FC:EB:7D:83:36:51:9B:EB:AA:CE:5E:CE:8D:2F:31
Authority key identifier: 3A:9C:F2:BD:C9:72:64:30:40:46:57:58:B3:25:9A:A7:C9:2E:6E:1C
Certificate issuer:       /CN=3a9cf2bdc972643040465758b3259aa7c92e6e1c
Certificate serial:       01965982437D6ABC1FC595EDD40CC7178A5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
Manifest number:          14FB
Signing time:             Mon 21 Apr 2025 18:00:31 +0000
Manifest this update:     Mon 21 Apr 2025 18:00:31 +0000
Manifest next update:     Tue 22 Apr 2025 18:00:31 +0000
Files and hashes:         1: OpzyvclyZDBARldYsyWap8kubhw.crl (hash: 3OfWPO/cd59VAE3Fc07twLjHJTwXLU+X/8llIMj/7ME=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:59:82:43:7d:6a:bc:1f:c5:95:ed:d4:0c:c7:17:8a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a9cf2bdc972643040465758b3259aa7c92e6e1c
        Validity
            Not Before: Apr 21 18:00:31 2025 GMT
            Not After : Apr 22 18:00:31 2025 GMT
        Subject: CN=7ef34d5ba1fceb7d8336519bebaace5ece8d2f31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:8d:98:c3:0e:a7:17:d7:c9:5f:a0:2d:58:49:
                    80:cb:99:6a:8f:6d:38:11:9c:2d:32:3f:5c:69:9c:
                    76:68:c4:9a:20:87:ce:1f:28:95:81:9d:0b:6f:af:
                    05:a7:7f:e7:99:e9:01:28:79:20:fa:25:1a:29:a0:
                    2b:07:68:af:31:c4:27:f5:70:84:8f:cb:cb:d6:5a:
                    c2:64:5e:1e:0a:0e:7c:56:41:c3:8c:c8:15:62:ed:
                    61:08:48:ef:ad:5a:fb:30:82:44:6a:68:98:7c:1c:
                    74:09:14:7d:1b:5e:ff:2b:08:8f:fc:23:00:97:e5:
                    e8:c1:da:6b:4b:4d:ea:8b:0f:5f:ac:8f:f1:80:cf:
                    7f:34:af:7b:9d:5b:32:b7:b3:f7:14:1f:67:2b:57:
                    fa:29:1b:ca:20:40:eb:8f:d6:2a:8e:d1:0e:62:39:
                    15:15:ff:0e:8a:9d:eb:c8:f0:2b:c5:25:2a:1c:9b:
                    01:5e:9b:6b:42:a2:bd:cf:59:ed:f3:ff:2c:ab:89:
                    44:62:8f:71:4a:f5:fd:08:32:ef:8c:c7:e8:d6:31:
                    70:bf:4e:f1:c7:6d:d6:a3:6c:7c:7d:0d:d8:15:8f:
                    dd:4e:c0:77:63:bd:94:c8:d6:5c:bc:35:b7:d1:b8:
                    b9:af:d4:dc:be:90:c4:9c:9a:3c:57:b2:50:67:30:
                    d4:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F3:4D:5B:A1:FC:EB:7D:83:36:51:9B:EB:AA:CE:5E:CE:8D:2F:31
            X509v3 Authority Key Identifier:
                keyid:3A:9C:F2:BD:C9:72:64:30:40:46:57:58:B3:25:9A:A7:C9:2E:6E:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         21:75:16:68:66:7e:6b:f8:ad:50:b0:02:a0:da:90:09:4b:31:
         3b:7b:31:0f:24:69:23:29:23:b4:fa:33:75:1d:b7:10:94:93:
         f5:ee:9b:8b:54:88:68:fd:b5:d1:6a:11:51:ca:12:ca:4e:4f:
         1d:16:fa:0e:33:55:4d:fb:f1:54:92:cf:93:58:26:25:da:34:
         a1:1e:23:81:89:54:d3:f1:07:ea:83:3d:31:e5:55:bf:52:2c:
         db:52:d2:5e:30:81:91:14:5b:ae:69:3a:16:d1:1b:e5:90:e4:
         a8:5c:06:4c:87:60:db:36:0f:3e:4a:57:ab:a6:e0:6a:cd:06:
         af:e0:8d:76:8c:10:76:2b:29:e0:45:3a:3f:8e:e2:3e:10:f9:
         80:2c:74:f5:3c:85:de:55:4b:20:5c:c6:4b:b2:89:35:cc:d5:
         5f:03:63:1a:42:a1:9f:a5:99:49:96:18:0f:46:d8:6d:8d:05:
         59:ba:e0:fa:7f:d7:4d:09:41:ce:0f:33:f8:f1:05:f3:d2:ac:
         15:b9:66:78:69:1d:68:99:d1:c9:56:62:ba:5c:96:c5:6b:7b:
         2a:7d:76:67:0a:a5:85:c1:10:de:f7:b0:49:7f:72:91:e9:bc:
         c2:52:37:18:69:18:04:34:bd:4c:8f:f4:b6:e1:0a:7e:5b:34:
         35:eb:8e:59
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZZgkN9arwfxZXt1AzHF4pfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhOWNmMmJkYzk3MjY0MzA0MDQ2NTc1OGIzMjU5YWE3Yzky
ZTZlMWMwHhcNMjUwNDIxMTgwMDMxWhcNMjUwNDIyMTgwMDMxWjAzMTEwLwYDVQQD
Eyg3ZWYzNGQ1YmExZmNlYjdkODMzNjUxOWJlYmFhY2U1ZWNlOGQyZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA442Yww6nF9fJX6AtWEmAy5lqj204
EZwtMj9caZx2aMSaIIfOHyiVgZ0Lb68Fp3/nmekBKHkg+iUaKaArB2ivMcQn9XCE
j8vL1lrCZF4eCg58VkHDjMgVYu1hCEjvrVr7MIJEamiYfBx0CRR9G17/KwiP/CMA
l+XowdprS03qiw9frI/xgM9/NK97nVsyt7P3FB9nK1f6KRvKIEDrj9YqjtEOYjkV
Ff8Oip3ryPArxSUqHJsBXptrQqK9z1nt8/8sq4lEYo9xSvX9CDLvjMfo1jFwv07x
x23Wo2x8fQ3YFY/dTsB3Y72UyNZcvDW30bi5r9TcvpDEnJo8V7JQZzDURwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFH7zTVuh/Ot9gzZRm+uqzl7OjS8xMB8GA1UdIwQY
MBaAFDqc8r3JcmQwQEZXWLMlmqfJLm4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83MWM1NzktNTA4MC00MWZlLTg2NTMt
MDI0ZjdjNTBmNDI4LzEvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83MWM1NzktNTA4MC00MWZlLTg2NTMtMDI0ZjdjNTBmNDI4
LzEvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIXUWaGZ+
a/itULACoNqQCUsxO3sxDyRpIykjtPozdR23EJST9e6bi1SIaP210WoRUcoSyk5P
HRb6DjNVTfvxVJLPk1gmJdo0oR4jgYlU0/EH6oM9MeVVv1Is21LSXjCBkRRbrmk6
FtEb5ZDkqFwGTIdg2zYPPkpXq6bgas0Gr+CNdowQdisp4EU6P47iPhD5gCx09TyF
3lVLIFzGS7KJNczVXwNjGkKhn6WZSZYYD0bYbY0FWbrg+n/XTQlBzg8z+PEF89Ks
FblmeGkdaJnRyVZiulyWxWt7Kn12ZwqlhcEQ3vewSX9ykem8wlI3GGkYBDS9TI/0
tuEKfls0NeuOWQ==
-----END CERTIFICATE-----