Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/3bc865-386b-4bea-aba0-66c98c01dfd7/1/tj8U3_NUhamVlBKGMDe4XfqfE9g.mft
File:                     tj8U3_NUhamVlBKGMDe4XfqfE9g.mft (raw, json)
Hash identifier:          4HFYTm7iK/BpZwD37It3J5IfLz71pFcp2Q2Oy80Shlo=
Subject key identifier:   54:88:43:CE:4C:5C:35:BE:F7:8E:65:C3:5A:60:FA:C9:52:E2:FF:18
Authority key identifier: B6:3F:14:DF:F3:54:85:A9:95:94:12:86:30:37:B8:5D:FA:9F:13:D8
Certificate issuer:       /CN=b63f14dff35485a9959412863037b85dfa9f13d8
Certificate serial:       019A7113031617921A591947D67EF4EA9488
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tj8U3_NUhamVlBKGMDe4XfqfE9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/3bc865-386b-4bea-aba0-66c98c01dfd7/1/tj8U3_NUhamVlBKGMDe4XfqfE9g.mft
Manifest number:          0654
Signing time:             Tue 11 Nov 2025 04:01:02 +0000
Manifest this update:     Tue 11 Nov 2025 04:01:02 +0000
Manifest next update:     Wed 12 Nov 2025 04:01:02 +0000
Files and hashes:         1: tj8U3_NUhamVlBKGMDe4XfqfE9g.crl (hash: icPmd/Q06JxQxw7rZfVaVMmPCkkMK9MMiRUlU0630Lk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/3bc865-386b-4bea-aba0-66c98c01dfd7/1/tj8U3_NUhamVlBKGMDe4XfqfE9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/3bc865-386b-4bea-aba0-66c98c01dfd7/1/tj8U3_NUhamVlBKGMDe4XfqfE9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tj8U3_NUhamVlBKGMDe4XfqfE9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:13:03:16:17:92:1a:59:19:47:d6:7e:f4:ea:94:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b63f14dff35485a9959412863037b85dfa9f13d8
        Validity
            Not Before: Nov 11 04:01:02 2025 GMT
            Not After : Nov 12 04:01:02 2025 GMT
        Subject: CN=548843ce4c5c35bef78e65c35a60fac952e2ff18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0b:73:23:28:b7:21:bd:b5:ed:1c:a0:1b:10:
                    ce:27:e1:d1:bf:c6:e1:fd:27:e7:ef:e9:53:91:5a:
                    bd:5e:74:57:d0:50:c0:a3:19:71:0a:ee:5f:14:9d:
                    92:de:59:00:1a:b5:5c:a5:10:10:bd:21:ca:a7:8f:
                    b0:e0:e7:68:41:34:58:d1:90:52:d5:cf:97:c1:b0:
                    9f:d2:25:b0:06:38:c8:37:42:81:9a:68:61:51:2f:
                    72:c5:73:4c:54:43:b7:c9:f1:db:72:51:eb:f0:43:
                    dc:61:08:a0:d0:cb:ee:7d:7d:1d:57:02:ea:4b:e3:
                    a6:20:40:d0:67:2e:c0:af:bc:dd:42:46:a6:a0:25:
                    61:68:3e:4c:da:7b:98:ab:49:bd:3b:64:69:17:6e:
                    65:96:49:4d:53:2e:d7:eb:91:ea:fd:52:e9:cb:ac:
                    fe:3c:18:8c:f4:94:44:e0:14:ed:c2:ca:6b:ed:e4:
                    61:34:b0:51:6d:ab:eb:cf:41:b9:46:51:d3:ed:db:
                    3b:36:38:b1:df:44:a3:08:80:fd:1f:44:e3:34:9a:
                    0f:76:dd:20:42:f7:8b:0c:3a:37:c4:36:02:a2:54:
                    ba:ce:af:36:b6:64:32:84:1b:81:bd:58:86:67:60:
                    00:43:3d:8f:05:82:81:8d:b3:97:d9:f6:6e:c6:4c:
                    48:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:88:43:CE:4C:5C:35:BE:F7:8E:65:C3:5A:60:FA:C9:52:E2:FF:18
            X509v3 Authority Key Identifier:
                keyid:B6:3F:14:DF:F3:54:85:A9:95:94:12:86:30:37:B8:5D:FA:9F:13:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tj8U3_NUhamVlBKGMDe4XfqfE9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3bc865-386b-4bea-aba0-66c98c01dfd7/1/tj8U3_NUhamVlBKGMDe4XfqfE9g.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3bc865-386b-4bea-aba0-66c98c01dfd7/1/tj8U3_NUhamVlBKGMDe4XfqfE9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         11:b6:65:33:88:db:5a:e1:55:57:2d:fa:99:63:7e:b8:9f:9b:
         ad:16:03:cc:79:d7:1c:1e:32:37:fc:bc:14:cd:68:6a:8c:14:
         26:cc:a5:c0:8e:22:06:a3:19:ac:a7:31:bf:71:17:86:51:45:
         3d:f6:47:f9:e8:59:c9:fb:77:52:56:96:74:02:a3:de:ea:58:
         2d:30:aa:46:28:64:00:42:17:4f:54:41:29:41:53:86:8f:b9:
         ee:f3:2b:41:2d:7a:db:54:75:22:4b:cd:07:aa:b1:f5:51:3d:
         96:d8:d2:00:b9:f2:17:18:79:16:db:c4:86:64:00:e2:b8:a8:
         3c:31:c4:a6:74:f8:4d:f4:b6:1c:b1:0b:5a:ec:90:d9:41:e4:
         90:82:31:41:e5:8d:3d:d8:73:8d:81:7d:2c:5f:fe:60:93:27:
         9e:da:89:26:01:78:52:05:44:f7:d2:d5:d7:38:3d:2b:b7:c9:
         52:59:79:49:d2:61:e4:92:90:bf:a1:e5:19:63:be:31:0b:e9:
         20:76:42:a3:8a:7d:ab:38:b3:73:05:cf:14:93:1f:66:0e:ed:
         8d:88:fa:b3:ea:bb:94:0b:8a:b8:8d:65:6b:cd:f8:ab:53:22:
         9b:a0:21:e3:e8:20:b0:cb:73:3d:0e:1b:a5:bc:a2:ea:11:1e:
         09:da:3b:0c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxEwMWF5IaWRlH1n706pSIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2M2YxNGRmZjM1NDg1YTk5NTk0MTI4NjMwMzdiODVkZmE5
ZjEzZDgwHhcNMjUxMTExMDQwMTAyWhcNMjUxMTEyMDQwMTAyWjAzMTEwLwYDVQQD
Eyg1NDg4NDNjZTRjNWMzNWJlZjc4ZTY1YzM1YTYwZmFjOTUyZTJmZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQtzIyi3Ib217RygGxDOJ+HRv8bh
/Sfn7+lTkVq9XnRX0FDAoxlxCu5fFJ2S3lkAGrVcpRAQvSHKp4+w4OdoQTRY0ZBS
1c+XwbCf0iWwBjjIN0KBmmhhUS9yxXNMVEO3yfHbclHr8EPcYQig0MvufX0dVwLq
S+OmIEDQZy7Ar7zdQkamoCVhaD5M2nuYq0m9O2RpF25llklNUy7X65Hq/VLpy6z+
PBiM9JRE4BTtwspr7eRhNLBRbavrz0G5RlHT7ds7Njix30SjCID9H0TjNJoPdt0g
QveLDDo3xDYColS6zq82tmQyhBuBvViGZ2AAQz2PBYKBjbOX2fZuxkxIPQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFSIQ85MXDW+945lw1pg+slS4v8YMB8GA1UdIwQY
MBaAFLY/FN/zVIWplZQShjA3uF36nxPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGo4VTNfTlVoYW1WbEJLR01EZTRYZnFmRTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8zYmM4NjUtMzg2Yi00YmVhLWFiYTAt
NjZjOThjMDFkZmQ3LzEvdGo4VTNfTlVoYW1WbEJLR01EZTRYZnFmRTlnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8zYmM4NjUtMzg2Yi00YmVhLWFiYTAtNjZjOThjMDFkZmQ3
LzEvdGo4VTNfTlVoYW1WbEJLR01EZTRYZnFmRTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAEbZlM4jb
WuFVVy36mWN+uJ+brRYDzHnXHB4yN/y8FM1oaowUJsylwI4iBqMZrKcxv3EXhlFF
PfZH+ehZyft3UlaWdAKj3upYLTCqRihkAEIXT1RBKUFTho+57vMrQS1621R1IkvN
B6qx9VE9ltjSALnyFxh5FtvEhmQA4rioPDHEpnT4TfS2HLELWuyQ2UHkkIIxQeWN
PdhzjYF9LF/+YJMnntqJJgF4UgVE99LV1zg9K7fJUll5SdJh5JKQv6HlGWO+MQvp
IHZCo4p9qzizcwXPFJMfZg7tjYj6s+q7lAuKuI1la834q1Mim6Ah4+ggsMtzPQ4b
pbyi6hEeCdo7DA==
-----END CERTIFICATE-----