Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.mft
File:                     PwbJ3z-o-T2e8O0EscoENduLxlA.mft (raw, json)
Hash identifier:          CiJL6/axGpYb1aC4lF5kX8RtENTqdlY3L5RA+qIBBfk=
Subject key identifier:   44:A4:6D:55:DC:BA:F2:B4:5A:19:3F:47:22:B1:11:D2:83:2B:E1:81
Authority key identifier: 3F:06:C9:DF:3F:A8:F9:3D:9E:F0:ED:04:B1:CA:04:35:DB:8B:C6:50
Certificate issuer:       /CN=3f06c9df3fa8f93d9ef0ed04b1ca0435db8bc650
Certificate serial:       019A7293CEEB8FBB175CA5B51CBD509F7861
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PwbJ3z-o-T2e8O0EscoENduLxlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.mft
Manifest number:          171C
Signing time:             Tue 11 Nov 2025 11:01:20 +0000
Manifest this update:     Tue 11 Nov 2025 11:01:20 +0000
Manifest next update:     Wed 12 Nov 2025 11:01:20 +0000
Files and hashes:         1: PwbJ3z-o-T2e8O0EscoENduLxlA.crl (hash: k/juPH+E1SjIoQ7iwKTHziOp194PUBG/G4/OPV+B9yg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PwbJ3z-o-T2e8O0EscoENduLxlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:93:ce:eb:8f:bb:17:5c:a5:b5:1c:bd:50:9f:78:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f06c9df3fa8f93d9ef0ed04b1ca0435db8bc650
        Validity
            Not Before: Nov 11 11:01:20 2025 GMT
            Not After : Nov 12 11:01:20 2025 GMT
        Subject: CN=44a46d55dcbaf2b45a193f4722b111d2832be181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:53:58:c0:43:8f:35:68:36:2b:db:f1:11:da:
                    b1:60:cf:a5:e0:fe:fe:04:74:6f:b1:74:c6:ca:f9:
                    e4:70:e2:35:d0:80:49:3b:df:62:29:5e:3c:b3:21:
                    b3:89:3a:88:ac:2d:87:4c:f7:91:e5:07:a3:84:ba:
                    d7:92:a0:97:7b:e4:5f:30:a8:af:3e:1e:41:0f:08:
                    53:fc:8b:35:df:57:9e:18:2a:48:c4:0b:03:bd:14:
                    76:c8:88:54:a9:83:b0:1e:76:9a:24:30:85:3c:50:
                    ff:e4:12:d4:69:3f:92:36:f3:15:63:44:a1:f2:2c:
                    3a:f8:6b:2d:25:eb:00:89:6d:85:27:8c:7b:9b:ef:
                    2c:b5:85:61:4c:53:56:c8:a7:4b:43:64:d0:b1:f5:
                    52:4d:07:20:c1:73:1d:e8:34:ed:32:f8:00:1c:7f:
                    80:8c:e0:07:93:05:75:7b:98:ab:7c:32:49:ab:78:
                    7d:86:26:f4:53:15:d6:20:a0:8c:7a:47:2d:5e:58:
                    9c:af:7c:c2:bc:30:04:5b:b9:9a:06:d7:12:34:dc:
                    b9:b7:31:c4:7e:f9:1d:89:8d:87:55:7f:74:41:fd:
                    7b:18:71:19:ac:26:cc:3a:55:63:71:f7:5c:cf:b4:
                    1f:52:f4:71:f8:3d:2f:14:03:67:e2:14:49:ad:70:
                    d5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A4:6D:55:DC:BA:F2:B4:5A:19:3F:47:22:B1:11:D2:83:2B:E1:81
            X509v3 Authority Key Identifier:
                keyid:3F:06:C9:DF:3F:A8:F9:3D:9E:F0:ED:04:B1:CA:04:35:DB:8B:C6:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PwbJ3z-o-T2e8O0EscoENduLxlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/d00e3d-54c7-436f-a8ce-338aa0cf98e2/1/PwbJ3z-o-T2e8O0EscoENduLxlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1f:fe:51:04:d5:80:90:12:7a:fd:46:1f:cb:f7:f9:17:bb:c3:
         6c:b7:fc:21:ff:b6:fc:ba:7b:6c:bb:c7:99:e5:42:bc:65:63:
         a7:3d:e5:7c:a0:eb:99:0c:1d:67:02:56:6c:52:b6:36:91:52:
         ac:c5:19:17:60:cc:cd:1f:0f:72:c5:8f:af:4e:93:dd:61:a9:
         22:7b:06:a5:f1:99:62:0f:63:1e:e1:30:9a:ad:a8:10:87:68:
         0f:ec:aa:a9:20:8e:f9:80:af:f5:7f:50:ae:87:91:bf:eb:7a:
         48:38:19:6c:06:31:8e:c7:a7:24:e2:32:4b:1f:77:43:b1:0b:
         1c:e6:22:3b:00:23:a7:b2:79:de:24:66:fa:4e:60:4b:26:f9:
         33:7a:ab:57:95:2a:fc:3d:3e:b7:26:2a:0f:14:97:72:a7:d5:
         a9:9b:31:a5:23:9a:fb:b1:45:bb:ad:96:4a:db:c3:ee:d5:65:
         2e:40:12:c1:17:2e:61:35:08:23:72:bb:0f:8c:8f:a8:be:e5:
         dd:30:05:a5:6e:57:a9:47:92:2c:03:74:54:af:0e:e2:ef:dc:
         b3:fa:52:b3:4b:22:9e:b7:f0:23:c1:b8:d6:e6:1e:df:d7:38:
         52:7e:3f:e5:56:56:2e:d8:d0:1c:ac:eb:18:6a:62:8c:3c:72:
         73:f6:9c:f0
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyk87rj7sXXKW1HL1Qn3hhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMDZjOWRmM2ZhOGY5M2Q5ZWYwZWQwNGIxY2EwNDM1ZGI4
YmM2NTAwHhcNMjUxMTExMTEwMTIwWhcNMjUxMTEyMTEwMTIwWjAzMTEwLwYDVQQD
Eyg0NGE0NmQ1NWRjYmFmMmI0NWExOTNmNDcyMmIxMTFkMjgzMmJlMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1NYwEOPNWg2K9vxEdqxYM+l4P7+
BHRvsXTGyvnkcOI10IBJO99iKV48syGziTqIrC2HTPeR5QejhLrXkqCXe+RfMKiv
Ph5BDwhT/Is131eeGCpIxAsDvRR2yIhUqYOwHnaaJDCFPFD/5BLUaT+SNvMVY0Sh
8iw6+GstJesAiW2FJ4x7m+8stYVhTFNWyKdLQ2TQsfVSTQcgwXMd6DTtMvgAHH+A
jOAHkwV1e5irfDJJq3h9hib0UxXWIKCMekctXlicr3zCvDAEW7maBtcSNNy5tzHE
fvkdiY2HVX90Qf17GHEZrCbMOlVjcfdcz7QfUvRx+D0vFANn4hRJrXDVHwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFESkbVXcuvK0Whk/RyKxEdKDK+GBMB8GA1UdIwQY
MBaAFD8Gyd8/qPk9nvDtBLHKBDXbi8ZQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHdiSjN6LW8tVDJlOE8wRXNjb0VOZHVMeGxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9kMDBlM2QtNTRjNy00MzZmLWE4Y2Ut
MzM4YWEwY2Y5OGUyLzEvUHdiSjN6LW8tVDJlOE8wRXNjb0VOZHVMeGxBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9kMDBlM2QtNTRjNy00MzZmLWE4Y2UtMzM4YWEwY2Y5OGUy
LzEvUHdiSjN6LW8tVDJlOE8wRXNjb0VOZHVMeGxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAH/5RBNWA
kBJ6/UYfy/f5F7vDbLf8If+2/Lp7bLvHmeVCvGVjpz3lfKDrmQwdZwJWbFK2NpFS
rMUZF2DMzR8PcsWPr06T3WGpInsGpfGZYg9jHuEwmq2oEIdoD+yqqSCO+YCv9X9Q
roeRv+t6SDgZbAYxjsenJOIySx93Q7ELHOYiOwAjp7J53iRm+k5gSyb5M3qrV5Uq
/D0+tyYqDxSXcqfVqZsxpSOa+7FFu62WStvD7tVlLkASwRcuYTUII3K7D4yPqL7l
3TAFpW5XqUeSLAN0VK8O4u/cs/pSs0sinrfwI8G41uYe39c4Un4/5VZWLtjQHKzr
GGpijDxyc/ac8A==
-----END CERTIFICATE-----