Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          p+yGVgdvn5N17KySMdoWoUX3dbzuOVwxnffepqOYJy8=
Subject key identifier:   BE:E8:29:E1:E4:9C:CF:FA:78:76:94:E0:75:0F:BA:12:A0:77:63:A2
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       01974B1F737DE7CC75B42949E6F6A09D8D09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          040A
Signing time:             Sat 07 Jun 2025 16:00:41 +0000
Manifest this update:     Sat 07 Jun 2025 16:00:41 +0000
Manifest next update:     Sun 08 Jun 2025 16:00:41 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: owSuTHCdxPixbWHUste80wNimDZ/Zi/1ZxlkvNVJeUs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4b:1f:73:7d:e7:cc:75:b4:29:49:e6:f6:a0:9d:8d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Jun  7 16:00:41 2025 GMT
            Not After : Jun  8 16:00:41 2025 GMT
        Subject: CN=bee829e1e49ccffa787694e0750fba12a07763a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:ed:00:a3:35:3c:0b:68:90:7a:27:58:34:87:
                    75:e4:13:97:c9:fc:05:ee:b2:b2:96:06:83:a4:e7:
                    e1:0f:27:f5:2b:7e:2c:43:16:84:02:e8:2e:57:94:
                    83:fa:25:64:91:18:5b:6d:4a:92:b0:cb:d1:3d:67:
                    55:b5:88:7e:70:f9:21:6a:39:8c:df:e2:d3:e6:2a:
                    25:4c:b4:3b:01:a3:83:8f:e7:9c:93:af:6e:42:75:
                    47:04:57:fa:48:fb:dc:04:12:c0:4f:6d:76:b4:c4:
                    6a:cf:02:6f:3a:3a:68:bb:2d:ce:a8:19:48:2d:01:
                    6a:12:2a:c0:df:49:29:f2:f9:1f:20:bb:14:aa:45:
                    fd:1a:ab:93:cb:19:dc:8f:eb:15:f7:55:2e:ad:08:
                    05:65:62:3b:2b:05:70:ed:5f:fa:c1:2f:ca:36:67:
                    e9:d8:a9:b1:b8:ca:84:d0:73:95:2f:7a:81:3c:6d:
                    d0:36:3f:c8:ea:0f:a5:e5:0f:03:27:c7:3e:40:44:
                    2a:7b:ee:ec:f9:26:4c:ee:26:0c:8c:79:a6:fe:1b:
                    49:54:9b:c2:12:bd:19:b0:e7:e4:91:1a:8e:0c:a0:
                    27:b4:80:f7:b2:b7:38:27:d3:c9:14:31:df:8b:ac:
                    a1:ad:a0:ba:9f:ef:5a:04:89:7a:cc:50:22:79:87:
                    da:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:E8:29:E1:E4:9C:CF:FA:78:76:94:E0:75:0F:BA:12:A0:77:63:A2
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         81:90:c1:09:36:d8:17:a3:7d:01:41:5a:71:ed:b3:e3:cd:94:
         8b:31:4b:bc:4c:6a:f9:96:1b:99:c2:fa:6b:aa:21:8f:0d:18:
         f4:c9:e4:c3:93:97:cd:73:69:ad:f0:31:a6:a5:5c:ac:f6:df:
         38:f7:c5:9f:99:dd:5d:7a:39:54:0c:42:b6:01:f3:c1:60:d4:
         c7:46:dc:5b:06:37:9d:7e:c2:8b:e5:09:e0:b5:dd:92:49:e6:
         36:41:3b:32:6d:c3:0f:2a:d7:3f:ef:d6:d1:f3:64:da:a9:c5:
         23:a5:09:fb:27:55:af:52:2b:81:94:0d:5d:89:f8:21:c0:ff:
         aa:20:6d:e5:3e:ca:a6:62:35:31:1c:f6:63:48:ae:5f:77:51:
         bc:90:89:1b:7d:d2:c7:14:1d:bc:78:16:c1:5b:7b:4a:24:26:
         ac:0b:1a:21:16:92:3f:8e:15:dd:34:a8:d5:f8:4e:8b:89:72:
         78:cc:8b:1a:5c:14:fd:4a:51:ac:4a:25:8a:ff:8c:a4:aa:41:
         04:35:25:54:6c:7a:6d:90:0f:45:ee:e0:4b:6b:bd:b4:1a:9b:
         cb:e6:b9:c6:d3:34:d7:79:41:96:06:4d:f0:d3:1d:83:66:66:
         3d:46:c2:28:01:a9:21:94:01:25:a8:c3:31:17:37:f9:74:d5:
         20:ef:c5:a0
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZdLH3N958x1tClJ5vagnY0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwNjA3MTYwMDQxWhcNMjUwNjA4MTYwMDQxWjAzMTEwLwYDVQQD
EyhiZWU4MjllMWU0OWNjZmZhNzg3Njk0ZTA3NTBmYmExMmEwNzc2M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4u0AozU8C2iQeidYNId15BOXyfwF
7rKylgaDpOfhDyf1K34sQxaEAuguV5SD+iVkkRhbbUqSsMvRPWdVtYh+cPkhajmM
3+LT5iolTLQ7AaODj+eck69uQnVHBFf6SPvcBBLAT212tMRqzwJvOjpouy3OqBlI
LQFqEirA30kp8vkfILsUqkX9GquTyxncj+sV91UurQgFZWI7KwVw7V/6wS/KNmfp
2KmxuMqE0HOVL3qBPG3QNj/I6g+l5Q8DJ8c+QEQqe+7s+SZM7iYMjHmm/htJVJvC
Er0ZsOfkkRqODKAntID3src4J9PJFDHfi6yhraC6n+9aBIl6zFAieYfaRwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFL7oKeHknM/6eHaU4HUPuhKgd2OiMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAgZDBCTbY
F6N9AUFace2z482UizFLvExq+ZYbmcL6a6ohjw0Y9Mnkw5OXzXNprfAxpqVcrPbf
OPfFn5ndXXo5VAxCtgHzwWDUx0bcWwY3nX7Ci+UJ4LXdkknmNkE7Mm3DDyrXP+/W
0fNk2qnFI6UJ+ydVr1IrgZQNXYn4IcD/qiBt5T7KpmI1MRz2Y0iuX3dRvJCJG33S
xxQdvHgWwVt7SiQmrAsaIRaSP44V3TSo1fhOi4lyeMyLGlwU/UpRrEoliv+MpKpB
BDUlVGx6bZAPRe7gS2u9tBqby+a5xtM013lBlgZN8NMdg2ZmPUbCKAGpIZQBJajD
MRc3+XTVIO/FoA==
-----END CERTIFICATE-----