Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/a01938-fabc-4362-9fd0-d4343d9e47bf/1/avKqUEvzdkSAPC7vFgTThgsd74Y.mft
File:                     avKqUEvzdkSAPC7vFgTThgsd74Y.mft (raw, json)
Hash identifier:          NixuUe4bnMlB5t8BJaoj/SAmR64MlkyLP7e3v4BW3w0=
Subject key identifier:   D2:71:2B:34:90:E1:E7:89:FC:CC:3C:CB:29:55:54:3B:8B:96:CD:BE
Authority key identifier: 6A:F2:AA:50:4B:F3:76:44:80:3C:2E:EF:16:04:D3:86:0B:1D:EF:86
Certificate issuer:       /CN=6af2aa504bf37644803c2eef1604d3860b1def86
Certificate serial:       019A725C96E624EE4A7EA7A6E9FEB983CA7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/avKqUEvzdkSAPC7vFgTThgsd74Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/a01938-fabc-4362-9fd0-d4343d9e47bf/1/avKqUEvzdkSAPC7vFgTThgsd74Y.mft
Manifest number:          067E
Signing time:             Tue 11 Nov 2025 10:01:01 +0000
Manifest this update:     Tue 11 Nov 2025 10:01:01 +0000
Manifest next update:     Wed 12 Nov 2025 10:01:01 +0000
Files and hashes:         1: avKqUEvzdkSAPC7vFgTThgsd74Y.crl (hash: j1Ywx6W8cIRV4NE77qhkMhWzv7K0ahj+TEpJFAbFtTg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/a01938-fabc-4362-9fd0-d4343d9e47bf/1/avKqUEvzdkSAPC7vFgTThgsd74Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/a01938-fabc-4362-9fd0-d4343d9e47bf/1/avKqUEvzdkSAPC7vFgTThgsd74Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/avKqUEvzdkSAPC7vFgTThgsd74Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:96:e6:24:ee:4a:7e:a7:a6:e9:fe:b9:83:ca:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6af2aa504bf37644803c2eef1604d3860b1def86
        Validity
            Not Before: Nov 11 10:01:01 2025 GMT
            Not After : Nov 12 10:01:01 2025 GMT
        Subject: CN=d2712b3490e1e789fccc3ccb2955543b8b96cdbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f8:a3:b3:6b:58:14:ba:67:b3:98:d8:20:f4:
                    c3:ec:fc:b2:aa:f7:40:6b:b8:d9:af:6b:61:48:b9:
                    be:56:88:d6:e1:84:a1:0b:e5:5f:dc:cf:43:7d:9b:
                    27:5c:2a:b9:a6:14:ba:1a:ae:44:e8:db:46:39:48:
                    cc:66:ec:eb:38:09:60:da:40:22:21:a3:a6:77:3e:
                    86:68:aa:6c:11:99:0e:af:a3:55:00:6a:20:73:bf:
                    41:3b:f8:5f:18:65:37:ec:6b:3d:16:2b:09:30:39:
                    c3:82:e6:7e:ed:4d:24:b3:63:6d:70:b2:4c:0f:20:
                    7d:84:1c:7e:b7:7f:95:ce:6f:0b:9c:7f:a8:3b:7b:
                    1a:d6:a1:4f:87:58:2c:ac:f8:aa:de:38:b3:fd:1d:
                    85:0a:61:1b:39:ce:6e:53:45:12:9e:0f:64:9c:81:
                    5b:b5:cc:ac:1e:36:23:19:1d:b8:2a:63:37:08:a9:
                    f3:42:20:07:15:86:66:2b:3c:7e:1a:b4:a2:04:17:
                    4b:46:99:d8:a3:51:f4:93:53:8f:4e:dc:f1:25:5e:
                    82:a8:88:d5:30:f1:a0:ee:db:79:ae:ab:55:20:bb:
                    38:6d:39:5e:a4:fd:c2:ab:58:63:f1:a1:60:72:95:
                    15:2e:dd:24:92:1b:60:c1:c8:1a:4d:d3:cb:02:16:
                    e9:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:71:2B:34:90:E1:E7:89:FC:CC:3C:CB:29:55:54:3B:8B:96:CD:BE
            X509v3 Authority Key Identifier:
                keyid:6A:F2:AA:50:4B:F3:76:44:80:3C:2E:EF:16:04:D3:86:0B:1D:EF:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/avKqUEvzdkSAPC7vFgTThgsd74Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a01938-fabc-4362-9fd0-d4343d9e47bf/1/avKqUEvzdkSAPC7vFgTThgsd74Y.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/a01938-fabc-4362-9fd0-d4343d9e47bf/1/avKqUEvzdkSAPC7vFgTThgsd74Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         31:6e:4f:88:f3:e1:d7:c9:3f:c7:12:23:42:5f:b9:ee:f5:ce:
         07:f4:7d:d0:8f:5f:bb:52:51:63:fc:f3:a2:19:86:90:81:e0:
         cb:8a:ba:e4:e8:cf:b3:9b:e5:c4:f3:eb:ed:50:83:54:8f:de:
         7e:43:f6:74:59:83:51:4a:0b:18:7b:36:88:90:47:d9:62:63:
         df:32:7e:94:28:08:7d:32:4e:44:d0:9b:91:5b:84:13:2a:af:
         5b:75:4f:0d:1b:2a:7a:55:1a:1b:a8:74:5f:ca:a5:b6:93:67:
         ab:88:1f:96:86:9a:1c:b0:3f:0e:3a:64:ef:39:54:64:45:5b:
         16:69:cd:74:8c:3b:d0:73:73:25:c3:9a:92:13:cf:f2:30:2f:
         05:f3:c3:26:89:f2:6d:8d:97:42:fe:3e:ba:4c:52:ac:18:b6:
         0f:f2:fa:b4:aa:54:f3:71:d5:19:ee:d0:41:3a:e3:9e:d6:aa:
         1e:3b:a2:49:29:1f:c1:3e:c6:c1:cd:85:45:72:2a:c6:73:11:
         13:a3:27:42:4a:86:03:e2:b6:96:fd:14:25:55:85:82:60:af:
         6c:51:13:9d:f9:e4:e2:d0:8e:c4:8e:b0:45:c2:ba:ab:f5:63:
         66:0d:54:0e:95:7d:a1:9a:d6:e5:64:05:6b:ef:e8:0d:22:9e:
         6d:93:c4:1a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXJbmJO5Kfqem6f65g8p9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZjJhYTUwNGJmMzc2NDQ4MDNjMmVlZjE2MDRkMzg2MGIx
ZGVmODYwHhcNMjUxMTExMTAwMTAxWhcNMjUxMTEyMTAwMTAxWjAzMTEwLwYDVQQD
EyhkMjcxMmIzNDkwZTFlNzg5ZmNjYzNjY2IyOTU1NTQzYjhiOTZjZGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvijs2tYFLpns5jYIPTD7PyyqvdA
a7jZr2thSLm+VojW4YShC+Vf3M9DfZsnXCq5phS6Gq5E6NtGOUjMZuzrOAlg2kAi
IaOmdz6GaKpsEZkOr6NVAGogc79BO/hfGGU37Gs9FisJMDnDguZ+7U0ks2NtcLJM
DyB9hBx+t3+Vzm8LnH+oO3sa1qFPh1gsrPiq3jiz/R2FCmEbOc5uU0USng9knIFb
tcysHjYjGR24KmM3CKnzQiAHFYZmKzx+GrSiBBdLRpnYo1H0k1OPTtzxJV6CqIjV
MPGg7tt5rqtVILs4bTlepP3Cq1hj8aFgcpUVLt0kkhtgwcgaTdPLAhbpVwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNJxKzSQ4eeJ/Mw8yylVVDuLls2+MB8GA1UdIwQY
MBaAFGryqlBL83ZEgDwu7xYE04YLHe+GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXZLcVVFdnpka1NBUEM3dkZnVFRoZ3NkNzRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9hMDE5MzgtZmFiYy00MzYyLTlmZDAt
ZDQzNDNkOWU0N2JmLzEvYXZLcVVFdnpka1NBUEM3dkZnVFRoZ3NkNzRZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9hMDE5MzgtZmFiYy00MzYyLTlmZDAtZDQzNDNkOWU0N2Jm
LzEvYXZLcVVFdnpka1NBUEM3dkZnVFRoZ3NkNzRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAMW5PiPPh
18k/xxIjQl+57vXOB/R90I9fu1JRY/zzohmGkIHgy4q65OjPs5vlxPPr7VCDVI/e
fkP2dFmDUUoLGHs2iJBH2WJj3zJ+lCgIfTJORNCbkVuEEyqvW3VPDRsqelUaG6h0
X8qltpNnq4gfloaaHLA/Djpk7zlUZEVbFmnNdIw70HNzJcOakhPP8jAvBfPDJony
bY2XQv4+ukxSrBi2D/L6tKpU83HVGe7QQTrjntaqHjuiSSkfwT7Gwc2FRXIqxnMR
E6MnQkqGA+K2lv0UJVWFgmCvbFETnfnk4tCOxI6wRcK6q/VjZg1UDpV9oZrW5WQF
a+/oDSKebZPEGg==
-----END CERTIFICATE-----