Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
File:                     QHsur7H0zNuzzWzU10srM5eKC3A.mft (raw, json)
Hash identifier:          si7jRIhCcjR4kTW8vJTPYGH3Pb9u2nNteIO0mIQqJI0=
Subject key identifier:   17:17:5D:A4:EE:01:C4:DB:32:CD:F9:38:6B:9C:D8:F5:C0:00:B7:92
Authority key identifier: 40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70
Certificate issuer:       /CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
Certificate serial:       019A71B89C2F6E4DA3552543B2392FF94353
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 07:01:55 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:55 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:55 +0000
Files and hashes:         1: QHsur7H0zNuzzWzU10srM5eKC3A.crl (hash: nhwVQGFaMdC7qDY8KHMnJdN5y4glWfiQTaDVGZFZXVY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:9c:2f:6e:4d:a3:55:25:43:b2:39:2f:f9:43:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
        Validity
            Not Before: Nov 11 07:01:55 2025 GMT
            Not After : Nov 12 07:01:55 2025 GMT
        Subject: CN=17175da4ee01c4db32cdf9386b9cd8f5c000b792
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:06:8b:0f:91:e9:db:10:6d:ac:12:76:d7:70:
                    d3:fa:bb:bb:f8:7a:63:41:86:e6:f1:73:66:22:76:
                    b9:08:1a:4a:59:3f:5d:07:8a:03:17:de:4f:42:16:
                    7f:53:72:08:c2:2d:97:c5:7f:32:bf:92:1b:68:9b:
                    55:d6:4a:96:d8:a7:54:4f:ed:eb:16:49:e3:cb:d6:
                    93:6c:24:50:ed:e8:10:e6:41:61:42:e0:ca:31:26:
                    17:79:bb:3b:b5:66:fb:89:8d:38:28:56:29:2e:db:
                    eb:dd:38:5d:e3:71:7e:10:b8:1e:61:f7:6f:82:de:
                    dc:8a:01:70:06:cc:b8:3a:6d:2e:d0:fe:0d:42:5f:
                    d0:52:aa:21:cd:3d:9b:58:b0:c5:38:e0:b3:4e:56:
                    2f:d4:00:4e:3a:97:6c:be:e2:53:db:65:10:bb:ee:
                    f9:65:f2:ca:74:07:98:97:fc:97:a7:47:1b:2f:fe:
                    d6:55:a9:fd:ea:6a:c3:27:0c:8f:11:8f:b4:0d:0d:
                    3d:73:e9:23:a9:a8:e1:ae:70:74:47:53:74:88:b7:
                    f7:6f:eb:ea:0c:1d:39:d5:c2:99:fd:41:a8:54:3c:
                    7c:b4:1e:02:62:d5:b1:5b:8f:22:f7:6d:92:06:5e:
                    53:77:d3:69:4e:0e:c8:d3:72:ca:12:24:1a:13:fb:
                    44:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:17:5D:A4:EE:01:C4:DB:32:CD:F9:38:6B:9C:D8:F5:C0:00:B7:92
            X509v3 Authority Key Identifier:
                keyid:40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         98:ca:7c:47:18:e1:1b:ce:c5:9d:d8:9b:e2:22:93:b8:52:a5:
         eb:85:30:b6:f7:c1:38:d8:fb:d9:2b:40:33:d4:46:b8:83:e4:
         e8:a0:25:1a:7b:d0:63:af:0f:93:c3:cb:45:ff:15:b1:70:a4:
         90:4b:95:d4:fa:68:76:6c:8e:4a:e0:d9:d0:e2:09:40:47:74:
         a2:f3:46:f6:ab:94:cb:1f:24:4c:73:1b:9d:65:5c:96:61:0e:
         7a:5c:39:b3:6c:28:74:20:53:73:4e:ba:eb:5d:ea:1e:92:be:
         c8:b9:0b:e1:b7:bd:9e:7c:e4:cb:5a:c9:f3:6c:9f:e1:9f:87:
         c4:46:67:df:2a:07:60:f2:df:f7:1a:64:f9:a5:d1:7c:42:cf:
         d4:49:de:0e:30:2b:c2:51:07:1a:d8:13:ad:d2:26:cf:b0:45:
         d2:35:b4:0d:16:78:10:7a:ac:72:e3:e3:c2:17:3c:eb:fd:b9:
         59:24:fe:a0:15:c3:41:e5:6a:c1:3a:b9:9f:64:a1:4f:f4:2f:
         3a:b6:17:83:32:2b:2b:52:46:22:9c:e0:3b:fb:34:83:a4:df:
         04:91:7e:5e:97:6e:df:76:a4:e9:51:aa:22:d4:e4:77:67:1b:
         c9:46:c9:73:4f:02:7f:8b:5c:d9:67:58:da:2f:2f:15:82:2b:
         b4:bc:ed:19
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuJwvbk2jVSVDsjkv+UNTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2IyZWFmYjFmNGNjZGJiM2NkNmNkNGQ3NGIyYjMzOTc4
YTBiNzAwHhcNMjUxMTExMDcwMTU1WhcNMjUxMTEyMDcwMTU1WjAzMTEwLwYDVQQD
EygxNzE3NWRhNGVlMDFjNGRiMzJjZGY5Mzg2YjljZDhmNWMwMDBiNzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAaLD5Hp2xBtrBJ213DT+ru7+Hpj
QYbm8XNmIna5CBpKWT9dB4oDF95PQhZ/U3IIwi2XxX8yv5IbaJtV1kqW2KdUT+3r
Fknjy9aTbCRQ7egQ5kFhQuDKMSYXebs7tWb7iY04KFYpLtvr3Thd43F+ELgeYfdv
gt7cigFwBsy4Om0u0P4NQl/QUqohzT2bWLDFOOCzTlYv1ABOOpdsvuJT22UQu+75
ZfLKdAeYl/yXp0cbL/7WVan96mrDJwyPEY+0DQ09c+kjqajhrnB0R1N0iLf3b+vq
DB051cKZ/UGoVDx8tB4CYtWxW48i922SBl5Td9NpTg7I03LKEiQaE/tEgQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBcXXaTuAcTbMs35OGuc2PXAALeSMB8GA1UdIwQY
MBaAFEB7Lq+x9Mzbs81s1NdLKzOXigtwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgt
YzJlNjY4YzE5NzI3LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgtYzJlNjY4YzE5NzI3
LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAmMp8Rxjh
G87Fndib4iKTuFKl64UwtvfBONj72StAM9RGuIPk6KAlGnvQY68Pk8PLRf8VsXCk
kEuV1PpodmyOSuDZ0OIJQEd0ovNG9quUyx8kTHMbnWVclmEOelw5s2wodCBTc066
613qHpK+yLkL4be9nnzky1rJ82yf4Z+HxEZn3yoHYPLf9xpk+aXRfELP1EneDjAr
wlEHGtgTrdImz7BF0jW0DRZ4EHqscuPjwhc86/25WST+oBXDQeVqwTq5n2ShT/Qv
OrYXgzIrK1JGIpzgO/s0g6TfBJF+Xpdu33ak6VGqItTkd2cbyUbJc08Cf4tc2WdY
2i8vFYIrtLztGQ==
-----END CERTIFICATE-----