Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
File:                     bOl89NjQvBezrx1ixNcUiGYb0hI.mft (raw, json)
Hash identifier:          qsDp6mVXxLAe3EZulrPKvAI8DKRtw7ytAbcbPMtS/tY=
Subject key identifier:   31:22:3B:B6:CD:0C:06:47:97:20:2A:5A:E4:F8:46:7B:DF:18:D3:F1
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019936137B50BEBC1741A8F13CB8A185A9B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
Manifest number:          1686
Signing time:             Thu 11 Sep 2025 00:01:10 +0000
Manifest this update:     Thu 11 Sep 2025 00:01:10 +0000
Manifest next update:     Fri 12 Sep 2025 00:01:10 +0000
Files and hashes:         1: Af8LoP7Lc3Ri1EjEl2aPSimN8N8.roa (hash: K3jq+ZPDX3ZWFw5k3Zz+FhB98xNgrxje9TzL4q7xQ84=)
                          2: F2A4Y0MrgEztwlWitJZvMyHSYcU.roa (hash: w50mpPDFrcclMXuIaVxZ4+xtSUk5AU18fPWu5EoX+LA=)
                          3: HDwNTyOMXjdcFIbI5Dg8ZGceIPc.roa (hash: xGqkyX+qZQ75xb5Nb+DtuxrBcbMbXYywOv/jqNzFE9U=)
                          4: J1CKtsXx9r_LHHrlYsJGTJF509U.roa (hash: Wy6xl+FAMDx5u89yFxnteVYqnAsEeBLLKMZFfJdUW6I=)
                          5: Uh2lETEq8E5x-jAu-VnjQrM5VGg.roa (hash: SoBuut5hx6X/4eMmfxkxmJvGDUdRqdsnwXxbmDCgQsE=)
                          6: XJb3trIMR2o2CfWTOuYiqHcFzws.roa (hash: BRkLNlJqve/L2aNsuMJ+5pqTXL5/kYQCmhET9weR1yA=)
                          7: YY5vnq-WY3ttKAPBwWUwZDNoZ94.roa (hash: otf25hemgRYV3JPKjRYvJ8q5HrlB5I1ctES0TPSG1ck=)
                          8: Z48A1_I47mYSHVTo4XpKWd1w_wY.roa (hash: NvJ6V/CehduL5Zgko7xVcI92EacH0CBv0m1gyVIWLQM=)
                          9: _sq0c5GTAFHDkK0kB1xS-FJEkxE.roa (hash: 0/aQ7T6vcLRIStkXpDsfCFlQb8OkLcG1wf2/+Q//xZk=)
                          10: bOl89NjQvBezrx1ixNcUiGYb0hI.crl (hash: yyjPa/aJQypMJBnJozufpwV8LVRyAK5aF5GqHqqio48=)
                          11: bgndW0CmBQuiHxQFDGV1p4kfQ0w.roa (hash: 69wNM6Nj33ysdv0n+TRiRf/aZRUnSe2bA4XmQXvr6Ug=)
                          12: nRXz0JWuVzTuqgJJowbVl480fPU.roa (hash: 8yilskVPxe2I/+785iQCSlJBQxLK7FQ+9fHJRaIbBIk=)
                          13: ok2coLlZfCNf012-KQnTYpk7lZE.roa (hash: jPQ1+YObpchvAlB5pc4INo3tzPPIYQQgACezxT56CVQ=)
                          14: whbNPX7xpImhIktrpipKoQzAFZo.roa (hash: Jtvnk0ncEqCQ/ZQ9F0sCk3O4UoG6D0dlD2s9B3IWjbk=)
                          15: y2chyLi0MiNw5kPgCGuG_lAJm6E.roa (hash: aBY4sS6r8TuI74TUuwhLmDR0B3e0KyzhgW6eBiCSGXY=)
                          16: yCCs4shbMfXFkRbB-dbVm3aK1dE.roa (hash: ERGKfWwqWpDoNIV4hNRq6bDPGoH2AztZvrPKQ4MnRxU=)
                          17: yqrbohxedJqZYRfOM_ZbeFgbUDk.roa (hash: 5D+jOOYzSjHZwRxIJ5GcJlLwrz/EOLrzaFXp3+Dosvg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Sep 2025 00:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:36:13:7b:50:be:bc:17:41:a8:f1:3c:b8:a1:85:a9:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Sep 11 00:01:10 2025 GMT
            Not After : Sep 12 00:01:10 2025 GMT
        Subject: CN=31223bb6cd0c064797202a5ae4f8467bdf18d3f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:83:cb:ec:2b:f5:85:2e:c5:6c:d1:c7:51:ec:
                    d5:61:51:9b:2f:62:d4:34:1b:63:3f:73:ce:38:54:
                    ca:49:5c:9c:9c:79:7f:38:10:86:34:11:28:77:71:
                    8f:98:f5:8d:67:3c:c6:2c:de:35:a2:ec:ea:74:07:
                    3c:5f:0b:4d:cf:a9:54:0a:3f:8e:90:12:d1:41:0b:
                    96:68:68:98:f0:be:b2:d5:7f:4a:36:72:4f:39:39:
                    f1:1e:6c:dc:91:76:17:c6:ee:a9:10:bb:4c:d8:f3:
                    10:68:dd:14:f8:eb:9b:e1:45:36:99:6b:ae:cd:d0:
                    3a:59:82:0a:37:93:c4:b7:c9:a3:57:85:b8:86:ac:
                    60:21:18:9a:a8:ec:dd:96:4a:5a:ba:b1:00:59:e4:
                    38:5e:0f:15:66:9f:9f:0e:d9:df:ad:f2:37:c9:f3:
                    27:16:e0:77:9c:b8:7a:3b:43:13:c3:8c:db:3e:2b:
                    9e:b2:2d:0a:a5:1e:0f:be:1e:66:66:ce:dc:99:ac:
                    22:60:3f:fb:bc:3a:3f:21:58:94:40:a7:85:53:13:
                    a9:6c:20:d2:35:f0:3a:cf:68:df:8d:70:14:e0:20:
                    2c:05:a3:5a:68:f7:11:f6:4d:2b:6f:67:13:ea:c0:
                    28:5e:ae:ff:3c:77:be:fa:46:a6:80:3e:62:3c:5b:
                    24:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:22:3B:B6:CD:0C:06:47:97:20:2A:5A:E4:F8:46:7B:DF:18:D3:F1
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4d:ff:0f:fa:09:a5:ad:7f:51:dc:99:0d:83:e7:c6:2d:aa:dd:
         57:46:e3:fc:68:b9:08:24:3e:e2:d7:3d:50:58:c0:2b:2c:94:
         56:46:39:29:45:45:fb:53:9c:a1:54:5f:12:a6:a2:bb:9e:99:
         a7:8e:41:c4:3c:21:1b:8f:0e:f4:94:ae:b7:9e:e6:be:3e:e4:
         6f:69:01:c3:f5:5f:18:36:2a:6f:82:38:65:23:eb:78:06:de:
         92:3f:fc:91:95:b5:4f:7a:b4:29:a9:8f:82:2b:24:75:30:d6:
         56:87:76:42:90:9d:02:63:cb:13:b5:b0:dc:d4:46:82:19:06:
         97:ba:8b:04:df:6c:9a:43:e5:44:f9:b4:2f:d8:3d:7c:17:b3:
         5a:23:06:6e:f5:7c:da:a2:6e:fd:72:f5:b8:f0:41:96:ec:70:
         a7:1e:77:5f:ba:9e:bf:a1:ae:ae:85:b1:7a:54:b9:46:47:3d:
         aa:88:f3:65:e5:45:a0:29:d8:41:46:39:38:8a:18:5f:bf:94:
         fa:43:bb:5b:80:ba:f8:d3:3c:3b:39:80:3f:06:96:d7:c2:4b:
         a2:1d:e3:7e:c5:fd:a9:ae:37:bc:2e:80:36:11:df:fd:be:d1:
         75:23:69:39:c9:bf:0d:a7:79:7a:76:9e:ec:97:7d:7f:b8:04:
         88:52:70:5e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZk2E3tQvrwXQajxPLihham4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUwOTExMDAwMTEwWhcNMjUwOTEyMDAwMTEwWjAzMTEwLwYDVQQD
EygzMTIyM2JiNmNkMGMwNjQ3OTcyMDJhNWFlNGY4NDY3YmRmMThkM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloPL7Cv1hS7FbNHHUezVYVGbL2LU
NBtjP3POOFTKSVycnHl/OBCGNBEod3GPmPWNZzzGLN41ouzqdAc8XwtNz6lUCj+O
kBLRQQuWaGiY8L6y1X9KNnJPOTnxHmzckXYXxu6pELtM2PMQaN0U+Oub4UU2mWuu
zdA6WYIKN5PEt8mjV4W4hqxgIRiaqOzdlkpaurEAWeQ4Xg8VZp+fDtnfrfI3yfMn
FuB3nLh6O0MTw4zbPiuesi0KpR4Pvh5mZs7cmawiYD/7vDo/IViUQKeFUxOpbCDS
NfA6z2jfjXAU4CAsBaNaaPcR9k0rb2cT6sAoXq7/PHe++kamgD5iPFskuQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDEiO7bNDAZHlyAqWuT4RnvfGNPxMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEATf8P+gml
rX9R3JkNg+fGLardV0bj/Gi5CCQ+4tc9UFjAKyyUVkY5KUVF+1OcoVRfEqaiu56Z
p45BxDwhG48O9JSut57mvj7kb2kBw/VfGDYqb4I4ZSPreAbekj/8kZW1T3q0KamP
giskdTDWVod2QpCdAmPLE7Ww3NRGghkGl7qLBN9smkPlRPm0L9g9fBezWiMGbvV8
2qJu/XL1uPBBluxwpx53X7qev6GuroWxelS5Rkc9qojzZeVFoCnYQUY5OIoYX7+U
+kO7W4C6+NM8OzmAPwaW18JLoh3jfsX9qa43vC6ANhHf/b7RdSNpOcm/Dad5enae
7Jd9f7gEiFJwXg==
-----END CERTIFICATE-----