Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft
File:                     ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft (raw, json)
Hash identifier:          Rhok53jOe8zkfvUTMZMb7hCmqcng2p4vcZWZLebmZzg=
Subject key identifier:   BF:82:CE:FD:85:B8:98:DE:96:2E:F9:F0:B1:F4:C4:CE:6B:C2:08:7C
Authority key identifier: 8A:41:E2:F2:D1:45:2E:7C:4C:C0:7D:BF:A7:83:9D:58:DF:57:F2:18
Certificate issuer:       /CN=8a41e2f2d1452e7c4cc07dbfa7839d58df57f218
Certificate serial:       019A71B908AC1531EC1D724888E864DB33C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ikHi8tFFLnxMwH2_p4OdWN9X8hg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft
Manifest number:          171B
Signing time:             Tue 11 Nov 2025 07:02:23 +0000
Manifest this update:     Tue 11 Nov 2025 07:02:23 +0000
Manifest next update:     Wed 12 Nov 2025 07:02:23 +0000
Files and hashes:         1: ikHi8tFFLnxMwH2_p4OdWN9X8hg.crl (hash: lKaHprVPP2lsfACKe5UIQ0i4vuvJXLGj2uuyyU37syE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ikHi8tFFLnxMwH2_p4OdWN9X8hg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b9:08:ac:15:31:ec:1d:72:48:88:e8:64:db:33:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a41e2f2d1452e7c4cc07dbfa7839d58df57f218
        Validity
            Not Before: Nov 11 07:02:23 2025 GMT
            Not After : Nov 12 07:02:23 2025 GMT
        Subject: CN=bf82cefd85b898de962ef9f0b1f4c4ce6bc2087c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5c:18:25:86:da:c8:f0:3a:dd:2d:19:f3:d0:
                    99:df:f1:1e:63:40:38:29:b2:3d:53:f9:19:f3:6b:
                    cd:9d:67:5b:27:a9:02:b5:62:6b:93:cd:04:f3:74:
                    07:e7:9b:c3:48:3b:4e:65:46:c5:b8:9f:14:47:48:
                    79:da:7f:09:81:3a:59:fb:83:2e:76:d2:1b:af:a7:
                    83:1e:c6:4b:98:94:46:65:b8:73:66:89:7e:4b:68:
                    e0:f6:17:0d:b9:27:28:66:dc:77:bc:5e:db:46:1b:
                    b7:b5:31:45:f9:f3:49:a3:1f:5f:2c:ed:14:d2:43:
                    ee:65:ed:a6:04:77:d8:de:f7:b1:5e:35:21:3e:7b:
                    42:66:0e:2b:bb:f2:d9:c3:b7:fe:5b:85:2b:00:40:
                    2b:24:ee:23:b4:da:b9:31:1e:29:61:d0:c3:90:41:
                    84:2f:cb:39:df:29:6b:b4:e1:4a:76:c5:54:12:9b:
                    f5:35:21:b9:f6:f9:12:f2:5b:44:89:00:39:f5:20:
                    ef:78:29:4b:86:2c:ec:88:1d:2c:14:6b:a6:07:9b:
                    d5:32:62:78:d1:77:e4:45:54:8a:da:5e:f5:04:e8:
                    23:14:f0:17:eb:86:62:5d:ab:80:0c:6a:8e:5e:d4:
                    3d:86:42:3b:db:75:71:b2:d1:f1:2b:e7:e3:fe:ae:
                    a0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:82:CE:FD:85:B8:98:DE:96:2E:F9:F0:B1:F4:C4:CE:6B:C2:08:7C
            X509v3 Authority Key Identifier:
                keyid:8A:41:E2:F2:D1:45:2E:7C:4C:C0:7D:BF:A7:83:9D:58:DF:57:F2:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ikHi8tFFLnxMwH2_p4OdWN9X8hg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/bf69c4-d64a-4340-9bf1-364854cbc0e8/1/ikHi8tFFLnxMwH2_p4OdWN9X8hg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         30:9d:2d:80:84:3a:43:48:f1:43:3b:17:cb:9e:5e:8f:53:b4:
         64:10:76:06:f0:c1:7a:17:01:cc:98:30:15:61:fe:43:5a:15:
         f5:dc:ca:3c:44:ac:0b:13:f8:5b:17:3c:ae:a9:5b:6d:f4:da:
         4f:53:f3:86:f0:66:6d:d9:5d:b0:dd:40:43:90:84:97:fd:79:
         f3:6c:54:fa:76:54:f1:3f:f4:0d:1f:70:dd:3f:1e:77:f9:99:
         bd:3f:a8:37:d4:d4:0d:5b:35:54:27:95:f6:0e:c0:a8:54:eb:
         51:2c:54:28:c4:a9:d5:7d:87:bc:36:58:7b:14:4d:f0:fc:4a:
         ab:b0:96:fd:6b:bb:f4:26:59:9c:e1:c0:ac:8d:39:3f:05:d8:
         88:15:88:02:54:dc:79:31:3a:43:6d:d5:10:e6:68:a7:56:60:
         6b:97:bf:1a:93:f0:36:1e:de:b2:2a:5e:ba:33:f0:ed:04:97:
         76:cb:31:5b:19:57:67:b9:d4:a0:a5:01:0d:d1:72:96:7b:d3:
         71:f2:de:f3:0c:a1:5e:3d:5b:59:63:34:e5:36:b2:d5:7c:e0:
         10:32:85:0b:38:1c:e3:b2:0f:e5:82:55:26:ae:8a:3f:21:7f:
         a0:18:56:c1:67:57:74:34:4c:55:73:a0:1c:96:4f:b9:e5:36:
         d5:5c:5e:b5
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuQisFTHsHXJIiOhk2zPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNDFlMmYyZDE0NTJlN2M0Y2MwN2RiZmE3ODM5ZDU4ZGY1
N2YyMTgwHhcNMjUxMTExMDcwMjIzWhcNMjUxMTEyMDcwMjIzWjAzMTEwLwYDVQQD
EyhiZjgyY2VmZDg1Yjg5OGRlOTYyZWY5ZjBiMWY0YzRjZTZiYzIwODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVwYJYbayPA63S0Z89CZ3/EeY0A4
KbI9U/kZ82vNnWdbJ6kCtWJrk80E83QH55vDSDtOZUbFuJ8UR0h52n8JgTpZ+4Mu
dtIbr6eDHsZLmJRGZbhzZol+S2jg9hcNuScoZtx3vF7bRhu3tTFF+fNJox9fLO0U
0kPuZe2mBHfY3vexXjUhPntCZg4ru/LZw7f+W4UrAEArJO4jtNq5MR4pYdDDkEGE
L8s53ylrtOFKdsVUEpv1NSG59vkS8ltEiQA59SDveClLhizsiB0sFGumB5vVMmJ4
0XfkRVSK2l71BOgjFPAX64ZiXauADGqOXtQ9hkI723VxstHxK+fj/q6g2QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFL+Czv2FuJjeli758LH0xM5rwgh8MB8GA1UdIwQY
MBaAFIpB4vLRRS58TMB9v6eDnVjfV/IYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWtIaTh0RkZMbnhNd0gyX3A0T2RXTjlYOGhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iZjY5YzQtZDY0YS00MzQwLTliZjEt
MzY0ODU0Y2JjMGU4LzEvaWtIaTh0RkZMbnhNd0gyX3A0T2RXTjlYOGhnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iZjY5YzQtZDY0YS00MzQwLTliZjEtMzY0ODU0Y2JjMGU4
LzEvaWtIaTh0RkZMbnhNd0gyX3A0T2RXTjlYOGhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAMJ0tgIQ6
Q0jxQzsXy55ej1O0ZBB2BvDBehcBzJgwFWH+Q1oV9dzKPESsCxP4Wxc8rqlbbfTa
T1PzhvBmbdldsN1AQ5CEl/1582xU+nZU8T/0DR9w3T8ed/mZvT+oN9TUDVs1VCeV
9g7AqFTrUSxUKMSp1X2HvDZYexRN8PxKq7CW/Wu79CZZnOHArI05PwXYiBWIAlTc
eTE6Q23VEOZop1Zga5e/GpPwNh7esipeujPw7QSXdssxWxlXZ7nUoKUBDdFylnvT
cfLe8wyhXj1bWWM05Tay1XzgEDKFCzgc47IP5YJVJq6KPyF/oBhWwWdXdDRMVXOg
HJZPueU21VxetQ==
-----END CERTIFICATE-----