Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          thOx78vrNYSQv9B+/hjBkMvzCY6Q+zB1XZGC0klEGvI=
Subject key identifier:   A5:5D:00:3B:52:F4:D7:CD:3E:55:52:36:24:0A:F6:C2:7D:57:A5:B5
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       0191F9A2829AAFCD3F8EA643535D9C2DB640
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          0149
Signing time:             Mon 16 Sep 2024 07:01:02 +0000
Manifest this update:     Mon 16 Sep 2024 07:01:02 +0000
Manifest next update:     Tue 17 Sep 2024 07:01:02 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: ROq5D+ubg0R88aN3ba0YboWeIwnAKqSz6l4JCZk+3L0=)

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Sep 2024 07:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f9:a2:82:9a:af:cd:3f:8e:a6:43:53:5d:9c:2d:b6:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Sep 16 07:01:02 2024 GMT
            Not After : Sep 17 07:01:02 2024 GMT
        Subject: CN=a55d003b52f4d7cd3e555236240af6c27d57a5b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:91:1d:a1:0c:f6:7c:66:66:e4:08:c9:b9:18:
                    49:5f:a3:1a:e7:0c:98:59:10:c9:45:94:15:0b:44:
                    18:46:ba:0e:5e:a5:48:fe:c2:d3:ff:91:29:49:51:
                    de:00:be:8d:d8:31:1a:4d:09:b1:e7:58:ac:01:c4:
                    b2:4d:b4:d8:81:8d:af:e9:b3:fb:b7:1f:0c:c6:e8:
                    25:30:5e:57:df:92:a4:3f:3d:0f:ec:5a:ec:e2:88:
                    fa:8f:2e:ec:cd:f0:09:f6:3d:ce:dc:bd:ff:e3:24:
                    cb:e7:25:b9:fe:8b:c9:7a:33:04:e8:76:f4:94:e2:
                    1b:2e:3c:6f:1e:5b:bb:0e:d5:36:91:ee:0f:99:49:
                    84:d4:99:55:e7:16:1d:61:30:88:de:e9:ad:15:7b:
                    e2:ef:85:da:6b:f9:ca:43:29:19:6f:ed:7f:04:85:
                    3e:de:6d:be:6c:3a:d4:47:c1:66:fd:c6:e0:c4:a0:
                    8f:8f:9c:65:d9:92:98:97:06:e6:36:eb:9c:0d:e1:
                    4b:cd:cf:da:84:b1:2b:5f:03:71:28:2a:2e:0d:54:
                    e4:d8:31:77:49:2f:20:19:9b:b1:46:30:8c:c6:d3:
                    9e:83:8e:57:3a:09:48:9e:a9:07:5b:58:7a:91:fd:
                    d2:74:4a:e7:f3:aa:8c:00:60:e0:19:63:86:ef:07:
                    ef:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:5D:00:3B:52:F4:D7:CD:3E:55:52:36:24:0A:F6:C2:7D:57:A5:B5
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5d:80:61:76:f7:ca:f1:c3:f6:33:00:55:af:16:8e:25:08:54:
         e0:97:b8:dc:86:1a:62:0d:5e:24:57:74:4e:1e:d4:32:c4:3a:
         78:20:62:5f:d4:0f:2d:3b:2e:65:9f:98:2d:59:8e:8b:23:ef:
         9d:7a:99:cc:53:4f:c5:a2:6f:06:4b:34:6e:0c:be:5e:0b:c1:
         1c:a8:20:e6:8c:1a:b7:67:4e:80:c1:27:aa:4d:fb:a8:ba:c8:
         6e:b5:1b:fe:56:49:39:63:34:b6:0d:f7:e2:01:c9:51:40:2a:
         b9:76:d2:3d:68:0c:0a:33:bb:7d:a1:3c:01:c9:d2:59:a6:a3:
         e5:34:a8:f2:f5:d1:ed:25:be:5f:93:5b:5a:05:47:d1:cd:77:
         c7:6b:3d:37:05:f3:12:a9:ef:c9:eb:b2:69:91:cb:e3:f6:b6:
         75:37:0e:03:b2:b4:d3:a2:45:28:bf:39:db:62:84:78:c6:7e:
         50:02:c4:59:5a:80:58:3b:1f:e0:95:25:33:04:df:5c:61:15:
         32:f9:6a:49:82:40:c3:a4:f8:50:81:7a:5d:66:e0:f3:32:2a:
         5f:e2:94:ea:44:98:02:0e:25:51:41:4d:f0:45:ff:1a:b9:93:
         84:1e:be:59:8b:17:26:51:29:89:e5:4e:08:66:0c:49:d0:97:
         4f:49:3d:32
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZH5ooKar80/jqZDU12cLbZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjQwOTE2MDcwMTAyWhcNMjQwOTE3MDcwMTAyWjAzMTEwLwYDVQQD
EyhhNTVkMDAzYjUyZjRkN2NkM2U1NTUyMzYyNDBhZjZjMjdkNTdhNWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5EdoQz2fGZm5AjJuRhJX6Ma5wyY
WRDJRZQVC0QYRroOXqVI/sLT/5EpSVHeAL6N2DEaTQmx51isAcSyTbTYgY2v6bP7
tx8MxuglMF5X35KkPz0P7Frs4oj6jy7szfAJ9j3O3L3/4yTL5yW5/ovJejME6Hb0
lOIbLjxvHlu7DtU2ke4PmUmE1JlV5xYdYTCI3umtFXvi74Xaa/nKQykZb+1/BIU+
3m2+bDrUR8Fm/cbgxKCPj5xl2ZKYlwbmNuucDeFLzc/ahLErXwNxKCouDVTk2DF3
SS8gGZuxRjCMxtOeg45XOglInqkHW1h6kf3SdErn86qMAGDgGWOG7wfvwQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKVdADtS9NfNPlVSNiQK9sJ9V6W1MB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAXYBhdvfK
8cP2MwBVrxaOJQhU4Je43IYaYg1eJFd0Th7UMsQ6eCBiX9QPLTsuZZ+YLVmOiyPv
nXqZzFNPxaJvBks0bgy+XgvBHKgg5owat2dOgMEnqk37qLrIbrUb/lZJOWM0tg33
4gHJUUAquXbSPWgMCjO7faE8AcnSWaaj5TSo8vXR7SW+X5NbWgVH0c13x2s9NwXz
EqnvyeuyaZHL4/a2dTcOA7K006JFKL8522KEeMZ+UALEWVqAWDsf4JUlMwTfXGEV
MvlqSYJAw6T4UIF6XWbg8zIqX+KU6kSYAg4lUUFN8EX/GrmThB6+WYsXJlEpieVO
CGYMSdCXT0k9Mg==
-----END CERTIFICATE-----