Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft
File:                     Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft (raw, json)
Hash identifier:          cvWVQFpHEWDTafPD2wMJ+m4InG4eanfgeCIOuF49VD0=
Subject key identifier:   E9:67:6F:18:B2:46:AE:9E:D9:90:A3:99:F1:F5:FB:AE:72:EC:A5:A7
Authority key identifier: 3A:78:7C:1A:72:39:39:8F:EF:42:FB:F4:E6:B8:BA:67:FB:41:64:7A
Certificate issuer:       /CN=3a787c1a7239398fef42fbf4e6b8ba67fb41647a
Certificate serial:       019A72262310E88FD8344FA94F622FD4BFA7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Onh8GnI5OY_vQvv05ri6Z_tBZHo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft
Manifest number:          171C
Signing time:             Tue 11 Nov 2025 09:01:33 +0000
Manifest this update:     Tue 11 Nov 2025 09:01:33 +0000
Manifest next update:     Wed 12 Nov 2025 09:01:33 +0000
Files and hashes:         1: Onh8GnI5OY_vQvv05ri6Z_tBZHo.crl (hash: honxZg7fXvL3i5NeC1wl6k5Y3UT/n+/wOHvCuuEZMFY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Onh8GnI5OY_vQvv05ri6Z_tBZHo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:26:23:10:e8:8f:d8:34:4f:a9:4f:62:2f:d4:bf:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a787c1a7239398fef42fbf4e6b8ba67fb41647a
        Validity
            Not Before: Nov 11 09:01:33 2025 GMT
            Not After : Nov 12 09:01:33 2025 GMT
        Subject: CN=e9676f18b246ae9ed990a399f1f5fbae72eca5a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:2d:c2:0c:b2:82:bd:bf:6d:cb:c8:45:07:89:
                    d7:c9:a7:5a:6b:63:33:cb:a4:eb:b8:d6:1a:69:dd:
                    d7:da:c5:66:20:ab:13:31:bf:d1:04:98:b3:5a:70:
                    d0:9a:67:7f:61:b8:56:26:f2:7c:11:4c:26:25:81:
                    c0:bf:89:6c:17:44:d2:f7:3b:9c:90:86:89:17:f4:
                    ec:f2:c0:ea:0f:2f:81:39:35:fb:8f:a9:12:5a:ae:
                    58:44:0d:88:57:1c:27:da:80:4c:fa:fb:68:c4:4e:
                    8c:b9:37:70:91:d7:4c:52:6b:77:30:44:43:9c:ad:
                    f4:74:59:12:00:cb:ba:ae:f4:bf:41:6a:24:f8:4f:
                    d1:a8:a9:25:7d:43:a0:cb:e4:80:44:4a:71:59:df:
                    ef:76:77:15:a9:3a:bb:43:de:63:50:d2:fc:89:33:
                    17:6b:eb:d9:7d:a9:2f:dd:5d:3d:69:72:72:86:3b:
                    c4:40:04:8b:72:97:a5:07:27:f3:9b:08:cd:60:71:
                    a2:23:c2:4c:d3:97:5b:95:c0:02:a1:00:f0:ef:aa:
                    5f:bf:78:27:88:21:94:03:6c:b9:d0:ec:ac:03:1c:
                    31:58:62:00:8c:0f:ce:af:cc:9d:26:f1:9f:97:c6:
                    fd:d2:82:16:43:18:62:a4:ef:b9:3f:17:f9:ec:ad:
                    45:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:67:6F:18:B2:46:AE:9E:D9:90:A3:99:F1:F5:FB:AE:72:EC:A5:A7
            X509v3 Authority Key Identifier:
                keyid:3A:78:7C:1A:72:39:39:8F:EF:42:FB:F4:E6:B8:BA:67:FB:41:64:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Onh8GnI5OY_vQvv05ri6Z_tBZHo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d809b4-2025-41ed-a0c3-36d7921e93b3/1/Onh8GnI5OY_vQvv05ri6Z_tBZHo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         21:fc:61:be:98:e8:44:77:1f:67:ad:c8:86:35:a3:2b:78:37:
         46:85:fd:a6:ff:de:bd:61:0a:3d:96:d3:3f:e1:74:4d:5e:39:
         83:16:e9:01:4d:2b:1b:55:17:c3:88:84:a5:e8:68:c0:1f:62:
         74:78:40:b6:d0:fc:77:5c:b1:50:7c:71:07:ab:6a:9d:d7:fc:
         f2:bd:74:64:69:c2:ad:e0:f1:d8:f9:69:08:75:57:60:d4:1d:
         e2:0b:08:f6:6c:4e:d1:0f:e4:b4:3d:8e:1c:56:33:de:5d:52:
         8f:4c:8b:85:b2:96:14:4b:f6:b2:63:6d:7b:4e:1b:7a:1a:41:
         5c:06:64:40:05:40:d0:62:cb:bd:b3:89:3a:80:46:9e:fe:53:
         77:ff:ed:b1:ca:b1:19:1a:ca:ea:85:eb:48:a2:87:7d:cb:ce:
         9d:51:bc:80:ac:c6:c3:23:8c:95:dc:b9:d6:e5:43:dd:f5:ae:
         50:6f:94:6c:92:1f:c3:59:ee:34:c3:93:21:d6:35:af:be:5b:
         65:a8:6d:3f:f5:d7:14:8e:96:8b:f6:02:08:48:78:38:41:e9:
         67:1f:8c:aa:06:e0:ce:cd:e1:71:0b:16:df:55:c0:12:26:a4:
         36:6c:8c:10:2c:a8:85:52:7c:5c:e6:ca:55:98:55:61:3e:2d:
         68:0b:fb:63
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyJiMQ6I/YNE+pT2Iv1L+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNzg3YzFhNzIzOTM5OGZlZjQyZmJmNGU2YjhiYTY3ZmI0
MTY0N2EwHhcNMjUxMTExMDkwMTMzWhcNMjUxMTEyMDkwMTMzWjAzMTEwLwYDVQQD
EyhlOTY3NmYxOGIyNDZhZTllZDk5MGEzOTlmMWY1ZmJhZTcyZWNhNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6S3CDLKCvb9ty8hFB4nXyadaa2Mz
y6TruNYaad3X2sVmIKsTMb/RBJizWnDQmmd/YbhWJvJ8EUwmJYHAv4lsF0TS9zuc
kIaJF/Ts8sDqDy+BOTX7j6kSWq5YRA2IVxwn2oBM+vtoxE6MuTdwkddMUmt3MERD
nK30dFkSAMu6rvS/QWok+E/RqKklfUOgy+SAREpxWd/vdncVqTq7Q95jUNL8iTMX
a+vZfakv3V09aXJyhjvEQASLcpelByfzmwjNYHGiI8JM05dblcACoQDw76pfv3gn
iCGUA2y50OysAxwxWGIAjA/Or8ydJvGfl8b90oIWQxhipO+5Pxf57K1FRQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFOlnbxiyRq6e2ZCjmfH1+65y7KWnMB8GA1UdIwQY
MBaAFDp4fBpyOTmP70L79Oa4umf7QWR6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25oOEduSTVPWV92UXZ2MDVyaTZaX3RCWkhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kODA5YjQtMjAyNS00MWVkLWEwYzMt
MzZkNzkyMWU5M2IzLzEvT25oOEduSTVPWV92UXZ2MDVyaTZaX3RCWkhvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kODA5YjQtMjAyNS00MWVkLWEwYzMtMzZkNzkyMWU5M2Iz
LzEvT25oOEduSTVPWV92UXZ2MDVyaTZaX3RCWkhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIfxhvpjo
RHcfZ63IhjWjK3g3RoX9pv/evWEKPZbTP+F0TV45gxbpAU0rG1UXw4iEpehowB9i
dHhAttD8d1yxUHxxB6tqndf88r10ZGnCreDx2PlpCHVXYNQd4gsI9mxO0Q/ktD2O
HFYz3l1Sj0yLhbKWFEv2smNte04behpBXAZkQAVA0GLLvbOJOoBGnv5Td//tscqx
GRrK6oXrSKKHfcvOnVG8gKzGwyOMldy51uVD3fWuUG+UbJIfw1nuNMOTIdY1r75b
ZahtP/XXFI6Wi/YCCEh4OEHpZx+Mqgbgzs3hcQsW31XAEiakNmyMECyohVJ8XObK
VZhVYT4taAv7Yw==
-----END CERTIFICATE-----