Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          oU69uXWkL31ltAuB+aD2RwbgHDOwOJYE/Ib6fouOl2A=
Subject key identifier:   6B:6E:E0:5E:22:88:74:4F:66:F7:4E:A3:29:AE:D9:7D:57:EB:F1:D1
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       01964C347EC882F9E237EF3AEAB0FB41F6CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          0386
Signing time:             Sat 19 Apr 2025 04:00:30 +0000
Manifest this update:     Sat 19 Apr 2025 04:00:30 +0000
Manifest next update:     Sun 20 Apr 2025 04:00:30 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: NQn6aYMz7C3DKPAdL2H/rtY2tkD5gDtA/te+22u8UoQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4c:34:7e:c8:82:f9:e2:37:ef:3a:ea:b0:fb:41:f6:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Apr 19 04:00:30 2025 GMT
            Not After : Apr 20 04:00:30 2025 GMT
        Subject: CN=6b6ee05e2288744f66f74ea329aed97d57ebf1d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3e:4c:05:5c:60:23:c7:49:c8:73:d2:b7:da:
                    c5:5a:9f:12:95:95:0a:f3:cc:df:e1:24:96:f0:72:
                    78:e5:68:dc:0e:13:e5:a5:94:f7:6a:16:b3:3c:36:
                    45:a6:70:61:6f:34:eb:63:54:9a:8c:62:0f:75:7f:
                    80:c2:7c:2f:80:26:90:7a:f7:62:c8:2b:43:55:51:
                    1f:a5:0a:6a:f2:9c:47:56:0f:5b:5f:cc:02:83:33:
                    07:c4:c0:d3:33:c6:ff:10:b0:65:dc:3b:e0:89:df:
                    02:bf:7e:b1:51:f4:e0:20:83:2d:f1:ef:85:63:4f:
                    0c:e0:7c:bb:db:d6:25:a7:5e:03:35:8a:cb:ec:4a:
                    88:fc:8e:df:bd:78:b3:68:75:75:be:9a:79:03:f1:
                    0a:ab:e6:d1:b7:53:e0:da:e5:c9:da:76:89:21:98:
                    43:c6:b6:33:c5:6c:b3:7b:47:6c:c4:20:e3:a9:a2:
                    b1:59:22:0a:4b:54:ee:d4:1a:4f:76:bd:62:b3:be:
                    3e:ed:03:34:2f:bf:85:8f:09:ef:d0:c1:07:0a:c3:
                    ef:52:cb:0b:40:89:60:00:c7:17:79:2c:11:83:47:
                    70:d1:c5:be:9f:d8:c0:5c:89:cd:e5:0f:2d:6d:df:
                    cb:65:c2:5f:72:28:96:1d:7a:ad:8f:06:25:dd:5b:
                    f1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:6E:E0:5E:22:88:74:4F:66:F7:4E:A3:29:AE:D9:7D:57:EB:F1:D1
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         b7:e4:a2:40:56:52:3d:0d:75:de:d2:5e:22:8c:e8:4e:3b:c1:
         d0:ff:97:f1:89:b8:83:b5:00:5e:17:13:6d:a0:b5:48:57:7d:
         4c:39:ee:44:a5:ec:04:c4:71:b8:53:9b:a6:41:2a:5e:bf:d7:
         09:de:91:9d:95:99:29:ba:8e:30:8e:7a:e1:db:e6:54:92:65:
         82:e7:71:c9:d8:74:16:da:89:a4:5b:5d:ee:78:92:92:95:c9:
         e5:30:98:55:eb:83:1b:5f:43:52:ba:40:99:a8:53:ab:89:18:
         a1:d6:c3:a0:36:de:89:df:14:6d:ea:26:e4:ce:e2:fb:ac:ff:
         19:da:b0:2f:45:e5:dc:98:06:1d:34:0a:dc:16:65:bb:c2:9d:
         33:06:40:a2:5d:35:39:18:a4:80:ec:92:d5:8c:cc:66:31:23:
         f6:44:e4:f3:dc:f6:c6:ad:6f:02:ac:53:a7:24:3c:f1:78:fe:
         12:4f:a7:3c:d3:83:99:98:f4:59:7c:9c:75:4f:c5:cf:8d:03:
         b9:a8:81:b4:b2:fc:ab:41:0d:88:7a:c9:eb:82:dd:66:0c:b8:
         b4:f3:2b:08:69:b4:b5:85:5f:d1:fc:0a:64:93:4d:87:fc:a7:
         0e:25:b0:d8:69:47:5e:96:48:b3:4b:d6:b3:27:eb:f0:e2:32:
         4f:7d:41:e3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZMNH7IgvniN+866rD7QfbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwNDE5MDQwMDMwWhcNMjUwNDIwMDQwMDMwWjAzMTEwLwYDVQQD
Eyg2YjZlZTA1ZTIyODg3NDRmNjZmNzRlYTMyOWFlZDk3ZDU3ZWJmMWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzz5MBVxgI8dJyHPSt9rFWp8SlZUK
88zf4SSW8HJ45WjcDhPlpZT3ahazPDZFpnBhbzTrY1SajGIPdX+AwnwvgCaQevdi
yCtDVVEfpQpq8pxHVg9bX8wCgzMHxMDTM8b/ELBl3Dvgid8Cv36xUfTgIIMt8e+F
Y08M4Hy729Ylp14DNYrL7EqI/I7fvXizaHV1vpp5A/EKq+bRt1Pg2uXJ2naJIZhD
xrYzxWyze0dsxCDjqaKxWSIKS1Tu1BpPdr1is74+7QM0L7+Fjwnv0MEHCsPvUssL
QIlgAMcXeSwRg0dw0cW+n9jAXInN5Q8tbd/LZcJfciiWHXqtjwYl3Vvx2QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGtu4F4iiHRPZvdOoymu2X1X6/HRMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAt+SiQFZS
PQ113tJeIozoTjvB0P+X8Ym4g7UAXhcTbaC1SFd9TDnuRKXsBMRxuFObpkEqXr/X
Cd6RnZWZKbqOMI564dvmVJJlgudxydh0FtqJpFtd7niSkpXJ5TCYVeuDG19DUrpA
mahTq4kYodbDoDbeid8Ubeom5M7i+6z/GdqwL0Xl3JgGHTQK3BZlu8KdMwZAol01
ORikgOyS1YzMZjEj9kTk89z2xq1vAqxTpyQ88Xj+Ek+nPNODmZj0WXycdU/Fz40D
uaiBtLL8q0ENiHrJ64LdZgy4tPMrCGm0tYVf0fwKZJNNh/ynDiWw2GlHXpZIs0vW
syfr8OIyT31B4w==
-----END CERTIFICATE-----