Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b52709-38af-4545-a8db-c6d4c1a54a4b/1/a3tNxJzDUDQveq4ssyBbn3dfZh0.mft
File:                     a3tNxJzDUDQveq4ssyBbn3dfZh0.mft (raw, json)
Hash identifier:          pCZRXaj9AYMV7CHcNF2z+BLXbdf2ZXefPb+Zap9tzIA=
Subject key identifier:   A7:5A:D2:EB:81:88:BF:0B:09:C6:5A:8D:94:7C:96:04:07:1E:7D:73
Authority key identifier: 6B:7B:4D:C4:9C:C3:50:34:2F:7A:AE:2C:B3:20:5B:9F:77:5F:66:1D
Certificate issuer:       /CN=6b7b4dc49cc350342f7aae2cb3205b9f775f661d
Certificate serial:       019A71B7EE8F54AE673F7076CE1EA2C1F08D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a3tNxJzDUDQveq4ssyBbn3dfZh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b52709-38af-4545-a8db-c6d4c1a54a4b/1/a3tNxJzDUDQveq4ssyBbn3dfZh0.mft
Manifest number:          171A
Signing time:             Tue 11 Nov 2025 07:01:10 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:10 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:10 +0000
Files and hashes:         1: a3tNxJzDUDQveq4ssyBbn3dfZh0.crl (hash: atVHytzLTqlLMyOb3X9IcY4zLqQ1kvqy6RGXdMxysvA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b52709-38af-4545-a8db-c6d4c1a54a4b/1/a3tNxJzDUDQveq4ssyBbn3dfZh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b52709-38af-4545-a8db-c6d4c1a54a4b/1/a3tNxJzDUDQveq4ssyBbn3dfZh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a3tNxJzDUDQveq4ssyBbn3dfZh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b7:ee:8f:54:ae:67:3f:70:76:ce:1e:a2:c1:f0:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b7b4dc49cc350342f7aae2cb3205b9f775f661d
        Validity
            Not Before: Nov 11 07:01:10 2025 GMT
            Not After : Nov 12 07:01:10 2025 GMT
        Subject: CN=a75ad2eb8188bf0b09c65a8d947c9604071e7d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ce:0a:ec:33:c7:a2:26:f8:7b:f4:43:0d:c1:
                    3c:a9:84:8d:d5:af:c3:aa:d4:3e:d1:c7:c4:8f:3e:
                    a5:0c:e8:7d:d6:6f:4e:1a:0d:d6:a8:61:69:65:4a:
                    ee:49:ae:63:8b:8e:4f:fa:16:5d:50:f1:e0:1a:bd:
                    4e:dd:cc:5c:23:f4:24:87:b1:1e:d5:63:2d:60:a1:
                    16:34:14:43:db:7b:42:fc:c9:ba:d9:a3:30:38:33:
                    98:a8:b9:69:22:bb:e5:a8:b6:78:24:2a:5f:4d:1d:
                    f8:93:ad:c0:f5:a2:86:40:09:b4:49:a1:1f:d6:90:
                    91:27:a8:87:9d:7e:d5:51:27:08:48:12:1c:82:96:
                    dd:cf:f9:41:d0:31:8b:3a:b9:dd:68:2b:52:c7:20:
                    0a:cd:9b:43:16:1e:58:35:16:6c:17:4c:e5:0b:b5:
                    a7:74:d8:08:55:17:e6:60:f0:20:30:1b:7e:c1:54:
                    d8:e4:97:bc:a2:33:cc:50:45:84:ec:48:ba:b7:19:
                    f1:11:4d:51:52:50:49:f4:83:ab:dc:9d:7f:4f:6f:
                    f2:b8:f2:8c:db:cc:11:67:27:70:e4:a1:d2:4a:71:
                    29:4a:6a:25:42:61:b7:9d:01:9f:2c:2f:cd:e3:61:
                    71:bc:25:84:f4:d5:41:3b:9a:41:a4:2b:7a:8a:0a:
                    bb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:5A:D2:EB:81:88:BF:0B:09:C6:5A:8D:94:7C:96:04:07:1E:7D:73
            X509v3 Authority Key Identifier:
                keyid:6B:7B:4D:C4:9C:C3:50:34:2F:7A:AE:2C:B3:20:5B:9F:77:5F:66:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3tNxJzDUDQveq4ssyBbn3dfZh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b52709-38af-4545-a8db-c6d4c1a54a4b/1/a3tNxJzDUDQveq4ssyBbn3dfZh0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b52709-38af-4545-a8db-c6d4c1a54a4b/1/a3tNxJzDUDQveq4ssyBbn3dfZh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a9:f1:3a:0a:f7:58:c7:42:6d:4a:5d:bd:86:81:31:94:95:43:
         00:05:b7:53:8c:a9:f6:8b:f0:47:7b:72:9e:aa:96:41:38:88:
         2b:e7:61:b9:48:12:a5:1e:6d:44:8c:e4:40:75:a3:ce:02:be:
         eb:9f:f9:69:fe:90:d1:77:5e:35:8b:de:99:7a:7b:7d:1d:40:
         cb:f6:36:80:d8:00:a6:48:aa:ee:76:be:d1:be:d3:23:44:16:
         09:ec:26:e9:b6:68:4b:42:0f:aa:df:4a:2b:ae:c6:9b:48:3e:
         e8:71:15:a1:e1:7e:29:f4:0b:73:a5:b6:d4:b7:ef:ee:59:e9:
         c6:b9:25:2b:05:20:b4:0d:ca:ac:0d:73:18:3d:60:fd:6c:60:
         b9:0d:2e:f0:c3:34:e3:ad:41:85:92:7f:9e:47:df:8d:ff:62:
         d9:42:8d:e5:ed:d4:d1:e7:7a:95:f6:63:e9:14:0b:2e:b5:43:
         3b:7e:29:cf:fe:ec:5f:9e:aa:80:69:b7:a3:c6:a3:c6:33:17:
         1d:c3:c4:03:8d:09:92:74:b6:a5:09:11:ad:8f:54:31:1c:a6:
         f1:90:ac:b7:a9:2b:26:80:9a:05:28:b7:11:84:04:4d:61:e9:
         9a:cb:b2:e3:ff:8f:a1:ae:7e:fb:5d:0e:15:d8:89:28:d9:27:
         14:32:a7:9f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxt+6PVK5nP3B2zh6iwfCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiN2I0ZGM0OWNjMzUwMzQyZjdhYWUyY2IzMjA1YjlmNzc1
ZjY2MWQwHhcNMjUxMTExMDcwMTEwWhcNMjUxMTEyMDcwMTEwWjAzMTEwLwYDVQQD
EyhhNzVhZDJlYjgxODhiZjBiMDljNjVhOGQ5NDdjOTYwNDA3MWU3ZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuc4K7DPHoib4e/RDDcE8qYSN1a/D
qtQ+0cfEjz6lDOh91m9OGg3WqGFpZUruSa5ji45P+hZdUPHgGr1O3cxcI/Qkh7Ee
1WMtYKEWNBRD23tC/Mm62aMwODOYqLlpIrvlqLZ4JCpfTR34k63A9aKGQAm0SaEf
1pCRJ6iHnX7VUScISBIcgpbdz/lB0DGLOrndaCtSxyAKzZtDFh5YNRZsF0zlC7Wn
dNgIVRfmYPAgMBt+wVTY5Je8ojPMUEWE7Ei6txnxEU1RUlBJ9IOr3J1/T2/yuPKM
28wRZydw5KHSSnEpSmolQmG3nQGfLC/N42FxvCWE9NVBO5pBpCt6igq7eQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKda0uuBiL8LCcZajZR8lgQHHn1zMB8GA1UdIwQY
MBaAFGt7TcScw1A0L3quLLMgW593X2YdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTN0TnhKekRVRFF2ZXE0c3N5QmJuM2RmWmgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNTI3MDktMzhhZi00NTQ1LWE4ZGIt
YzZkNGMxYTU0YTRiLzEvYTN0TnhKekRVRFF2ZXE0c3N5QmJuM2RmWmgwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNTI3MDktMzhhZi00NTQ1LWE4ZGItYzZkNGMxYTU0YTRi
LzEvYTN0TnhKekRVRFF2ZXE0c3N5QmJuM2RmWmgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAqfE6CvdY
x0JtSl29hoExlJVDAAW3U4yp9ovwR3tynqqWQTiIK+dhuUgSpR5tRIzkQHWjzgK+
65/5af6Q0XdeNYvemXp7fR1Ay/Y2gNgApkiq7na+0b7TI0QWCewm6bZoS0IPqt9K
K67Gm0g+6HEVoeF+KfQLc6W21Lfv7lnpxrklKwUgtA3KrA1zGD1g/WxguQ0u8MM0
461BhZJ/nkffjf9i2UKN5e3U0ed6lfZj6RQLLrVDO34pz/7sX56qgGm3o8ajxjMX
HcPEA40JknS2pQkRrY9UMRym8ZCst6krJoCaBSi3EYQETWHpmsuy4/+Poa5++10O
FdiJKNknFDKnnw==
-----END CERTIFICATE-----