Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/03d3fa-9e22-441e-b5c5-d203e20018f5/1/ulnZ9a887kQgFLc1lhxzuWkmDhk.mft
File:                     ulnZ9a887kQgFLc1lhxzuWkmDhk.mft (raw, json)
Hash identifier:          IyRE2BOYzxMSdvtEbauVbk2DPwGVVFYC3YZaer1u1cc=
Subject key identifier:   F3:A9:77:BB:B4:8A:78:31:A7:53:5F:5D:5A:CA:A5:C6:13:7C:E7:83
Authority key identifier: BA:59:D9:F5:AF:3C:EE:44:20:14:B7:35:96:1C:73:B9:69:26:0E:19
Certificate issuer:       /CN=ba59d9f5af3cee442014b735961c73b969260e19
Certificate serial:       019A71B7E1BBEA9443A6BAE55283837ACC7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ulnZ9a887kQgFLc1lhxzuWkmDhk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/03d3fa-9e22-441e-b5c5-d203e20018f5/1/ulnZ9a887kQgFLc1lhxzuWkmDhk.mft
Manifest number:          171A
Signing time:             Tue 11 Nov 2025 07:01:07 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:07 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:07 +0000
Files and hashes:         1: ulnZ9a887kQgFLc1lhxzuWkmDhk.crl (hash: tqlUhhWjLUx8y1mn2L6zgnADS2iUKWFa+JAehsaIqdI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/03d3fa-9e22-441e-b5c5-d203e20018f5/1/ulnZ9a887kQgFLc1lhxzuWkmDhk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/03d3fa-9e22-441e-b5c5-d203e20018f5/1/ulnZ9a887kQgFLc1lhxzuWkmDhk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ulnZ9a887kQgFLc1lhxzuWkmDhk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b7:e1:bb:ea:94:43:a6:ba:e5:52:83:83:7a:cc:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba59d9f5af3cee442014b735961c73b969260e19
        Validity
            Not Before: Nov 11 07:01:07 2025 GMT
            Not After : Nov 12 07:01:07 2025 GMT
        Subject: CN=f3a977bbb48a7831a7535f5d5acaa5c6137ce783
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:36:c0:70:9f:a8:01:56:ef:74:a4:61:9c:2a:
                    60:14:55:9e:69:3e:73:7b:0a:e7:91:27:b5:fd:4b:
                    b3:8f:1a:28:c5:9a:92:c7:7e:8e:14:da:fc:a1:ca:
                    04:60:df:11:05:7c:39:3d:53:8a:79:45:75:5e:3f:
                    a9:d5:9b:7e:02:42:86:3d:fe:14:19:43:ec:e4:43:
                    36:63:41:b1:28:4f:13:6a:41:71:d6:b7:fa:28:10:
                    9a:1a:f6:ab:82:4e:33:15:e4:9d:37:49:c1:c2:52:
                    b4:51:c3:68:85:50:84:87:f6:20:66:09:d4:c3:8d:
                    d2:f1:ab:27:8c:99:8b:a6:5e:51:83:12:c2:4c:b2:
                    75:43:eb:63:85:b6:25:d9:48:b5:c9:d0:7a:5b:11:
                    25:f5:b3:4e:6f:0f:b4:9f:8a:d3:f1:4a:34:e6:4b:
                    49:45:80:c3:84:fb:4b:97:3b:e3:0a:b9:cb:a1:c6:
                    08:24:db:60:7e:ed:ed:88:68:ec:aa:ce:7c:f8:ec:
                    77:1d:01:2a:fe:45:b1:4f:ad:2d:8f:5d:15:7c:11:
                    75:bd:ee:04:73:8f:5a:f5:4e:f5:08:39:39:30:7d:
                    53:8b:6a:93:8f:3a:20:aa:29:bf:cd:d3:ec:67:1e:
                    2d:b7:71:39:eb:2c:d9:38:95:72:3f:9d:d5:a9:cc:
                    da:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A9:77:BB:B4:8A:78:31:A7:53:5F:5D:5A:CA:A5:C6:13:7C:E7:83
            X509v3 Authority Key Identifier:
                keyid:BA:59:D9:F5:AF:3C:EE:44:20:14:B7:35:96:1C:73:B9:69:26:0E:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ulnZ9a887kQgFLc1lhxzuWkmDhk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/03d3fa-9e22-441e-b5c5-d203e20018f5/1/ulnZ9a887kQgFLc1lhxzuWkmDhk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/03d3fa-9e22-441e-b5c5-d203e20018f5/1/ulnZ9a887kQgFLc1lhxzuWkmDhk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         17:11:ff:32:c2:15:ec:ee:f3:b3:2b:75:c7:e2:2a:b1:e7:c8:
         71:85:ec:cc:47:6a:6d:e9:c1:f7:ee:20:8f:d1:57:5d:18:85:
         ab:57:52:86:25:17:2b:64:05:ca:8c:14:9e:69:c1:82:14:9a:
         75:85:29:2d:a0:eb:e0:a2:9c:99:23:55:d0:fc:a5:9c:43:84:
         6a:96:dc:02:c6:08:f3:da:5e:63:e1:8c:9d:92:ee:be:90:3e:
         38:e1:eb:6a:f1:33:0f:ae:33:b7:8c:a7:f8:c1:b4:58:67:9b:
         2e:26:1e:af:d6:4e:0f:fd:e0:9f:d0:9e:61:3c:14:4e:b2:18:
         90:69:24:d9:c2:42:fd:da:cf:b4:2a:4c:2a:fa:29:69:68:fa:
         63:44:58:b6:04:ec:5e:f7:1a:e0:fc:61:51:f1:57:4e:78:0c:
         b0:87:5e:2c:c3:fb:d4:35:4c:b1:51:a0:20:ae:bf:31:71:b5:
         51:45:47:25:67:86:0b:1c:03:0f:1f:d4:a6:12:13:fc:dc:30:
         93:e2:12:45:13:d6:40:24:b2:fa:af:89:36:eb:f0:2c:3e:5e:
         72:a9:10:d0:37:02:42:ca:ff:0f:1e:c6:39:e9:9e:cb:b0:53:
         3d:49:51:7a:c5:e7:8a:8a:09:21:ac:50:49:f8:f5:0b:26:34:
         0b:d2:71:0a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxt+G76pRDprrlUoODesx/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNTlkOWY1YWYzY2VlNDQyMDE0YjczNTk2MWM3M2I5Njky
NjBlMTkwHhcNMjUxMTExMDcwMTA3WhcNMjUxMTEyMDcwMTA3WjAzMTEwLwYDVQQD
EyhmM2E5NzdiYmI0OGE3ODMxYTc1MzVmNWQ1YWNhYTVjNjEzN2NlNzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzbAcJ+oAVbvdKRhnCpgFFWeaT5z
ewrnkSe1/UuzjxooxZqSx36OFNr8ocoEYN8RBXw5PVOKeUV1Xj+p1Zt+AkKGPf4U
GUPs5EM2Y0GxKE8TakFx1rf6KBCaGvargk4zFeSdN0nBwlK0UcNohVCEh/YgZgnU
w43S8asnjJmLpl5RgxLCTLJ1Q+tjhbYl2Ui1ydB6WxEl9bNObw+0n4rT8Uo05ktJ
RYDDhPtLlzvjCrnLocYIJNtgfu3tiGjsqs58+Ox3HQEq/kWxT60tj10VfBF1ve4E
c49a9U71CDk5MH1Ti2qTjzogqim/zdPsZx4tt3E56yzZOJVyP53VqczaTQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPOpd7u0ingxp1NfXVrKpcYTfOeDMB8GA1UdIwQY
MBaAFLpZ2fWvPO5EIBS3NZYcc7lpJg4ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWxuWjlhODg3a1FnRkxjMWxoeHp1V2ttRGhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC8wM2QzZmEtOWUyMi00NDFlLWI1YzUt
ZDIwM2UyMDAxOGY1LzEvdWxuWjlhODg3a1FnRkxjMWxoeHp1V2ttRGhrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC8wM2QzZmEtOWUyMi00NDFlLWI1YzUtZDIwM2UyMDAxOGY1
LzEvdWxuWjlhODg3a1FnRkxjMWxoeHp1V2ttRGhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFxH/MsIV
7O7zsyt1x+IqsefIcYXszEdqbenB9+4gj9FXXRiFq1dShiUXK2QFyowUnmnBghSa
dYUpLaDr4KKcmSNV0PylnEOEapbcAsYI89peY+GMnZLuvpA+OOHravEzD64zt4yn
+MG0WGebLiYer9ZOD/3gn9CeYTwUTrIYkGkk2cJC/drPtCpMKvopaWj6Y0RYtgTs
Xvca4PxhUfFXTngMsIdeLMP71DVMsVGgIK6/MXG1UUVHJWeGCxwDDx/UphIT/Nww
k+ISRRPWQCSy+q+JNuvwLD5ecqkQ0DcCQsr/Dx7GOemey7BTPUlResXniooJIaxQ
Sfj1CyY0C9JxCg==
-----END CERTIFICATE-----