Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/8d0c68-61a5-4ae1-a831-aa104732f573/1/kdTzrA50tq60hL0U9ocdmjBCK30.mft
File:                     kdTzrA50tq60hL0U9ocdmjBCK30.mft (raw, json)
Hash identifier:          mLQKUg67UQ2zw95kOB1xKpZ7Z6qX6qRHiq4sxRL9vLY=
Subject key identifier:   1D:83:B0:C9:A8:BC:A8:5C:96:DE:BB:5D:E5:01:AA:2C:9F:98:53:EF
Authority key identifier: 91:D4:F3:AC:0E:74:B6:AE:B4:84:BD:14:F6:87:1D:9A:30:42:2B:7D
Certificate issuer:       /CN=91d4f3ac0e74b6aeb484bd14f6871d9a30422b7d
Certificate serial:       019A71B8A587CC0CD1981B255A1CD02BFD23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdTzrA50tq60hL0U9ocdmjBCK30.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/8d0c68-61a5-4ae1-a831-aa104732f573/1/kdTzrA50tq60hL0U9ocdmjBCK30.mft
Manifest number:          0196
Signing time:             Tue 11 Nov 2025 07:01:57 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:57 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:57 +0000
Files and hashes:         1: kdTzrA50tq60hL0U9ocdmjBCK30.crl (hash: ph99Tr6Ts653W688w8X20M5FA6Bc4kCqZjml51LoJzs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/8d0c68-61a5-4ae1-a831-aa104732f573/1/kdTzrA50tq60hL0U9ocdmjBCK30.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/8d0c68-61a5-4ae1-a831-aa104732f573/1/kdTzrA50tq60hL0U9ocdmjBCK30.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdTzrA50tq60hL0U9ocdmjBCK30.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:a5:87:cc:0c:d1:98:1b:25:5a:1c:d0:2b:fd:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d4f3ac0e74b6aeb484bd14f6871d9a30422b7d
        Validity
            Not Before: Nov 11 07:01:57 2025 GMT
            Not After : Nov 12 07:01:57 2025 GMT
        Subject: CN=1d83b0c9a8bca85c96debb5de501aa2c9f9853ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e9:be:ee:74:ed:a0:ca:7c:8b:3e:b7:67:e8:
                    29:3a:6f:1d:8b:89:a1:81:76:a3:de:7a:78:45:75:
                    c3:5c:35:c1:3c:87:c4:1a:c1:bb:88:76:26:ea:39:
                    7b:5c:fa:c4:c4:17:bc:36:0a:41:f6:34:92:ae:b6:
                    06:c5:a3:f1:29:b1:af:95:0b:b4:37:cc:71:1c:6b:
                    42:47:ab:27:67:8e:ae:2b:d5:3c:70:ec:f1:cc:7c:
                    03:7e:fd:ae:91:2a:b1:f1:dd:59:83:fa:34:0a:51:
                    5f:5c:33:17:e1:44:a0:8a:c3:bc:d6:0d:da:cb:44:
                    3a:1e:0f:66:4f:1b:d9:a8:39:73:a5:29:8d:9a:e5:
                    b2:14:96:8a:a0:2d:e8:f0:5f:f4:16:0b:58:52:4d:
                    d0:ac:7f:71:32:1e:0c:11:7c:b8:ed:74:da:5c:cf:
                    54:3b:d9:12:f5:8d:54:d2:ff:ed:36:8b:75:23:7c:
                    0f:aa:8a:28:54:0e:f5:5c:06:62:5e:ec:6a:1d:95:
                    42:ad:bf:79:9c:c4:86:9f:c9:ad:91:74:49:65:c6:
                    96:d4:f7:7f:8e:a8:55:71:06:84:36:f1:d9:bb:22:
                    dc:65:a6:db:c4:6e:9c:b1:f3:0c:b1:83:0d:52:6f:
                    59:b9:c9:87:df:bc:6a:93:84:4c:57:4a:b0:51:60:
                    1d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:83:B0:C9:A8:BC:A8:5C:96:DE:BB:5D:E5:01:AA:2C:9F:98:53:EF
            X509v3 Authority Key Identifier:
                keyid:91:D4:F3:AC:0E:74:B6:AE:B4:84:BD:14:F6:87:1D:9A:30:42:2B:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdTzrA50tq60hL0U9ocdmjBCK30.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/8d0c68-61a5-4ae1-a831-aa104732f573/1/kdTzrA50tq60hL0U9ocdmjBCK30.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/8d0c68-61a5-4ae1-a831-aa104732f573/1/kdTzrA50tq60hL0U9ocdmjBCK30.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         66:00:1d:dd:8e:72:21:7c:f8:86:51:bd:d9:8f:c9:d7:72:e6:
         3b:ae:35:53:92:ab:01:90:0d:d7:b5:bd:bc:4f:01:11:5c:69:
         5a:3c:f8:eb:28:8b:eb:14:34:41:d2:98:6b:bc:f7:04:4d:9a:
         19:fe:00:29:b8:33:53:2c:28:39:f6:5c:de:92:63:b1:d6:d4:
         2e:a7:0e:88:ba:58:70:dc:33:c5:b3:b2:21:1c:55:5d:8d:0b:
         46:44:22:e3:29:d2:f5:b1:49:ff:60:6e:2a:4f:2a:47:61:5c:
         91:da:de:07:d0:09:18:0f:f1:de:57:7c:c4:1a:bc:e1:2a:9e:
         80:7f:72:c3:1b:0c:ff:2a:00:12:18:85:66:96:ae:ab:c3:83:
         26:c5:ae:d1:3e:5a:cb:e4:82:07:f7:01:e6:e9:84:7b:ce:c1:
         78:c6:db:e4:81:b8:7b:b6:4e:a0:96:06:bc:9e:43:11:56:3a:
         73:9a:66:1d:b7:1b:0c:e4:b3:a6:25:11:2f:16:8a:a6:ab:ed:
         2b:bc:d0:be:25:e5:34:fb:41:75:f7:ea:95:d1:80:92:29:0d:
         e0:e9:ac:cf:85:d4:ef:a9:38:84:d1:2a:96:a8:11:11:87:09:
         09:a4:8f:43:81:46:df:f0:85:fd:27:c4:0b:76:93:40:08:14:
         ee:73:df:57
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuKWHzAzRmBslWhzQK/0jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDRmM2FjMGU3NGI2YWViNDg0YmQxNGY2ODcxZDlhMzA0
MjJiN2QwHhcNMjUxMTExMDcwMTU3WhcNMjUxMTEyMDcwMTU3WjAzMTEwLwYDVQQD
EygxZDgzYjBjOWE4YmNhODVjOTZkZWJiNWRlNTAxYWEyYzlmOTg1M2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+m+7nTtoMp8iz63Z+gpOm8di4mh
gXaj3np4RXXDXDXBPIfEGsG7iHYm6jl7XPrExBe8NgpB9jSSrrYGxaPxKbGvlQu0
N8xxHGtCR6snZ46uK9U8cOzxzHwDfv2ukSqx8d1Zg/o0ClFfXDMX4USgisO81g3a
y0Q6Hg9mTxvZqDlzpSmNmuWyFJaKoC3o8F/0FgtYUk3QrH9xMh4MEXy47XTaXM9U
O9kS9Y1U0v/tNot1I3wPqoooVA71XAZiXuxqHZVCrb95nMSGn8mtkXRJZcaW1Pd/
jqhVcQaENvHZuyLcZabbxG6csfMMsYMNUm9ZucmH37xqk4RMV0qwUWAdUwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFB2DsMmovKhclt67XeUBqiyfmFPvMB8GA1UdIwQY
MBaAFJHU86wOdLautIS9FPaHHZowQit9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RUenJBNTB0cTYwaEwwVTlvY2RtakJDSzMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84ZDBjNjgtNjFhNS00YWUxLWE4MzEt
YWExMDQ3MzJmNTczLzEva2RUenJBNTB0cTYwaEwwVTlvY2RtakJDSzMwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84ZDBjNjgtNjFhNS00YWUxLWE4MzEtYWExMDQ3MzJmNTcz
LzEva2RUenJBNTB0cTYwaEwwVTlvY2RtakJDSzMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZgAd3Y5y
IXz4hlG92Y/J13LmO641U5KrAZAN17W9vE8BEVxpWjz46yiL6xQ0QdKYa7z3BE2a
Gf4AKbgzUywoOfZc3pJjsdbULqcOiLpYcNwzxbOyIRxVXY0LRkQi4ynS9bFJ/2Bu
Kk8qR2FckdreB9AJGA/x3ld8xBq84SqegH9ywxsM/yoAEhiFZpauq8ODJsWu0T5a
y+SCB/cB5umEe87BeMbb5IG4e7ZOoJYGvJ5DEVY6c5pmHbcbDOSzpiURLxaKpqvt
K7zQviXlNPtBdffqldGAkikN4Omsz4XU76k4hNEqlqgREYcJCaSPQ4FG3/CF/SfE
C3aTQAgU7nPfVw==
-----END CERTIFICATE-----