Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/7dbd11-1b22-404c-94d3-2b9d437fe902/1/bNmlABXpaTdlb8DKW21WXkWb02A.mft
File:                     bNmlABXpaTdlb8DKW21WXkWb02A.mft (raw, json)
Hash identifier:          +a+Dtc3B3diURUdGnvIA+/WyRSKARi5nJ4ataTgpI9k=
Subject key identifier:   1D:9C:0B:3B:B8:98:AB:1F:CD:EC:0F:78:36:0E:88:B0:C9:B0:CF:33
Authority key identifier: 6C:D9:A5:00:15:E9:69:37:65:6F:C0:CA:5B:6D:56:5E:45:9B:D3:60
Certificate issuer:       /CN=6cd9a50015e96937656fc0ca5b6d565e459bd360
Certificate serial:       019A71B7ABE7D14E4E08213A58334897D7BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmlABXpaTdlb8DKW21WXkWb02A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/7dbd11-1b22-404c-94d3-2b9d437fe902/1/bNmlABXpaTdlb8DKW21WXkWb02A.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 07:00:53 +0000
Manifest this update:     Tue 11 Nov 2025 07:00:53 +0000
Manifest next update:     Wed 12 Nov 2025 07:00:53 +0000
Files and hashes:         1: bNmlABXpaTdlb8DKW21WXkWb02A.crl (hash: OjzoCnOxqxWGLX/+18kvdOFjA8wRMdTDEQ9SlYG6SeA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/7dbd11-1b22-404c-94d3-2b9d437fe902/1/bNmlABXpaTdlb8DKW21WXkWb02A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/7dbd11-1b22-404c-94d3-2b9d437fe902/1/bNmlABXpaTdlb8DKW21WXkWb02A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmlABXpaTdlb8DKW21WXkWb02A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b7:ab:e7:d1:4e:4e:08:21:3a:58:33:48:97:d7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd9a50015e96937656fc0ca5b6d565e459bd360
        Validity
            Not Before: Nov 11 07:00:53 2025 GMT
            Not After : Nov 12 07:00:53 2025 GMT
        Subject: CN=1d9c0b3bb898ab1fcdec0f78360e88b0c9b0cf33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e9:1d:88:49:fe:41:e0:02:aa:23:6a:6a:d5:
                    91:99:3a:59:4c:cb:b5:30:75:e1:b2:fd:62:2f:eb:
                    95:40:69:6d:7a:85:94:73:6b:f5:5e:14:eb:fc:d9:
                    9f:cd:99:eb:2c:b4:e8:8b:41:43:5c:e9:b5:99:4a:
                    7d:eb:ee:6a:05:c3:92:6c:a1:0e:7a:c5:b4:06:d3:
                    16:f9:4d:57:be:28:d6:c2:9b:01:05:c2:d0:6d:83:
                    8b:4d:05:9d:d5:db:66:8f:13:e4:89:21:c5:c3:a9:
                    09:58:ec:66:24:68:ca:53:30:cd:be:f2:85:76:f3:
                    be:c1:51:58:a8:8f:af:0b:07:9e:7f:08:16:42:6e:
                    3c:bc:8b:55:93:bb:e3:8d:0b:c9:87:d4:60:7f:81:
                    f8:25:57:bb:06:0d:a5:55:42:f7:ed:77:8b:f1:7a:
                    0b:21:70:ad:90:d9:20:55:99:6d:53:57:37:7a:aa:
                    74:e5:d7:27:c1:0b:a1:19:23:88:37:56:25:bb:43:
                    4d:9b:f9:50:c1:18:02:c2:20:f2:f4:42:6a:da:cb:
                    0e:ad:4a:41:a9:95:7b:6f:69:a3:f6:7a:5f:a1:96:
                    f1:1f:80:89:f2:4b:a2:55:7b:d8:2b:cc:bb:08:9d:
                    c3:ef:77:cf:b8:8f:d1:4a:32:07:4c:6e:32:cf:89:
                    53:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:9C:0B:3B:B8:98:AB:1F:CD:EC:0F:78:36:0E:88:B0:C9:B0:CF:33
            X509v3 Authority Key Identifier:
                keyid:6C:D9:A5:00:15:E9:69:37:65:6F:C0:CA:5B:6D:56:5E:45:9B:D3:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmlABXpaTdlb8DKW21WXkWb02A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/7dbd11-1b22-404c-94d3-2b9d437fe902/1/bNmlABXpaTdlb8DKW21WXkWb02A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/7dbd11-1b22-404c-94d3-2b9d437fe902/1/bNmlABXpaTdlb8DKW21WXkWb02A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         03:4c:e7:d3:4b:18:0e:fe:59:03:79:8e:9e:aa:f0:a4:81:17:
         ec:38:80:6c:99:bf:3b:c4:c9:f1:0f:e8:4a:4c:b8:ac:60:ab:
         1e:af:19:6f:35:52:ff:62:42:38:f2:7b:01:c9:56:7c:3f:ad:
         d8:7a:98:ad:85:64:c9:b2:9d:60:c5:f1:ab:db:82:61:35:d3:
         37:a9:69:fd:56:5e:4a:56:8b:53:2c:11:a5:ed:61:71:6b:88:
         3c:ca:fb:64:54:c8:07:2a:9d:06:d9:79:5d:69:02:10:39:f3:
         47:7f:df:dc:4a:90:d3:d8:69:07:ad:06:a2:f7:c7:bc:0f:a5:
         18:09:b0:50:bb:a4:45:e3:7a:0e:71:fb:5c:fc:3f:13:73:36:
         be:56:7f:96:cf:70:16:ac:8c:b8:68:4b:8e:12:55:86:24:01:
         13:a2:f0:23:86:50:48:89:d1:39:db:80:ab:eb:4b:ff:34:56:
         66:3d:71:4a:e9:a4:11:53:05:53:f2:d2:84:51:4e:8a:48:87:
         94:b8:dd:b5:73:9a:7b:25:21:4c:97:e1:69:26:9c:d7:8d:21:
         44:ca:0d:77:aa:a0:7b:13:3f:10:96:71:11:24:ba:38:98:c7:
         85:86:e8:2e:4a:d2:7f:23:77:c1:b9:f0:42:e3:43:8d:29:e6:
         f9:cb:e1:4a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxt6vn0U5OCCE6WDNIl9e8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDlhNTAwMTVlOTY5Mzc2NTZmYzBjYTViNmQ1NjVlNDU5
YmQzNjAwHhcNMjUxMTExMDcwMDUzWhcNMjUxMTEyMDcwMDUzWjAzMTEwLwYDVQQD
EygxZDljMGIzYmI4OThhYjFmY2RlYzBmNzgzNjBlODhiMGM5YjBjZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqekdiEn+QeACqiNqatWRmTpZTMu1
MHXhsv1iL+uVQGlteoWUc2v1XhTr/NmfzZnrLLToi0FDXOm1mUp96+5qBcOSbKEO
esW0BtMW+U1XvijWwpsBBcLQbYOLTQWd1dtmjxPkiSHFw6kJWOxmJGjKUzDNvvKF
dvO+wVFYqI+vCweefwgWQm48vItVk7vjjQvJh9Rgf4H4JVe7Bg2lVUL37XeL8XoL
IXCtkNkgVZltU1c3eqp05dcnwQuhGSOIN1Ylu0NNm/lQwRgCwiDy9EJq2ssOrUpB
qZV7b2mj9npfoZbxH4CJ8kuiVXvYK8y7CJ3D73fPuI/RSjIHTG4yz4lTfQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFB2cCzu4mKsfzewPeDYOiLDJsM8zMB8GA1UdIwQY
MBaAFGzZpQAV6Wk3ZW/AylttVl5Fm9NgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tbEFCWHBhVGRsYjhES1cyMVdYa1diMDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi83ZGJkMTEtMWIyMi00MDRjLTk0ZDMt
MmI5ZDQzN2ZlOTAyLzEvYk5tbEFCWHBhVGRsYjhES1cyMVdYa1diMDJBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi83ZGJkMTEtMWIyMi00MDRjLTk0ZDMtMmI5ZDQzN2ZlOTAy
LzEvYk5tbEFCWHBhVGRsYjhES1cyMVdYa1diMDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAA0zn00sY
Dv5ZA3mOnqrwpIEX7DiAbJm/O8TJ8Q/oSky4rGCrHq8ZbzVS/2JCOPJ7AclWfD+t
2HqYrYVkybKdYMXxq9uCYTXTN6lp/VZeSlaLUywRpe1hcWuIPMr7ZFTIByqdBtl5
XWkCEDnzR3/f3EqQ09hpB60GovfHvA+lGAmwULukReN6DnH7XPw/E3M2vlZ/ls9w
FqyMuGhLjhJVhiQBE6LwI4ZQSInROduAq+tL/zRWZj1xSumkEVMFU/LShFFOikiH
lLjdtXOaeyUhTJfhaSac140hRMoNd6qgexM/EJZxESS6OJjHhYboLkrSfyN3wbnw
QuNDjSnm+cvhSg==
-----END CERTIFICATE-----