Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4cb72b-3f82-46d2-bf25-ab8abcc69016/1/898KdcnvaBuNIzZ9vo7a0FPzvZU.mft
File:                     898KdcnvaBuNIzZ9vo7a0FPzvZU.mft (raw, json)
Hash identifier:          CocHbfIK0XocEfQYwUsb/4hSfUB0+6/QM9wHOLJjwyM=
Subject key identifier:   D9:C9:64:6B:FF:89:F3:06:F3:FE:FE:07:EB:D6:E1:0B:94:6E:17:EC
Authority key identifier: F3:DF:0A:75:C9:EF:68:1B:8D:23:36:7D:BE:8E:DA:D0:53:F3:BD:95
Certificate issuer:       /CN=f3df0a75c9ef681b8d23367dbe8edad053f3bd95
Certificate serial:       019A71B86DE32294D2AC02307DEF4E86D949
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/898KdcnvaBuNIzZ9vo7a0FPzvZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4cb72b-3f82-46d2-bf25-ab8abcc69016/1/898KdcnvaBuNIzZ9vo7a0FPzvZU.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 07:01:43 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:43 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:43 +0000
Files and hashes:         1: 898KdcnvaBuNIzZ9vo7a0FPzvZU.crl (hash: cTS35CWteAmaOlxTVsw6msBJkSY+u5fpOIB6mfnP8lE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4cb72b-3f82-46d2-bf25-ab8abcc69016/1/898KdcnvaBuNIzZ9vo7a0FPzvZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4cb72b-3f82-46d2-bf25-ab8abcc69016/1/898KdcnvaBuNIzZ9vo7a0FPzvZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/898KdcnvaBuNIzZ9vo7a0FPzvZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:6d:e3:22:94:d2:ac:02:30:7d:ef:4e:86:d9:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3df0a75c9ef681b8d23367dbe8edad053f3bd95
        Validity
            Not Before: Nov 11 07:01:43 2025 GMT
            Not After : Nov 12 07:01:43 2025 GMT
        Subject: CN=d9c9646bff89f306f3fefe07ebd6e10b946e17ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ed:9a:40:33:d8:ed:62:55:b5:23:e4:45:c6:
                    26:98:9b:6c:d5:44:a5:e0:fd:73:ef:bc:44:20:9b:
                    32:72:cd:88:b6:b8:d6:48:cb:c1:ca:1b:36:02:7f:
                    40:99:6e:16:7a:ea:d8:6d:5e:bd:11:77:a1:d1:61:
                    e9:03:d5:a7:98:83:32:36:3f:e2:95:bf:86:ad:40:
                    74:e0:87:a6:be:4e:c0:8a:be:16:0b:fb:31:f3:fc:
                    75:9c:7b:e9:88:a7:49:e1:3a:d5:58:39:75:5e:ce:
                    fd:84:b3:a5:d2:82:5b:f0:bd:cf:b5:97:f7:93:f0:
                    df:29:01:b3:5e:e4:63:0a:76:ab:8e:91:40:38:36:
                    09:1a:b0:18:77:85:a5:b2:7a:3a:4a:aa:47:81:7a:
                    56:cd:fe:1f:fa:41:20:fd:40:a9:cc:62:2c:81:f5:
                    59:12:2a:a0:cb:02:2e:98:99:0b:99:e9:0d:e6:6a:
                    f5:03:b9:64:de:ee:56:00:5f:d9:0c:c8:1d:e3:c4:
                    df:e9:df:d4:39:52:db:cf:55:33:95:bb:ec:98:b0:
                    67:3d:c5:86:60:23:76:6f:71:78:f5:ee:2a:ed:66:
                    68:44:57:6c:8e:b9:7e:36:9b:53:19:c7:11:78:34:
                    09:9f:6b:c9:b4:f3:9d:bd:64:e4:2d:d9:f2:03:32:
                    90:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:C9:64:6B:FF:89:F3:06:F3:FE:FE:07:EB:D6:E1:0B:94:6E:17:EC
            X509v3 Authority Key Identifier:
                keyid:F3:DF:0A:75:C9:EF:68:1B:8D:23:36:7D:BE:8E:DA:D0:53:F3:BD:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/898KdcnvaBuNIzZ9vo7a0FPzvZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4cb72b-3f82-46d2-bf25-ab8abcc69016/1/898KdcnvaBuNIzZ9vo7a0FPzvZU.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4cb72b-3f82-46d2-bf25-ab8abcc69016/1/898KdcnvaBuNIzZ9vo7a0FPzvZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         ab:c2:0a:cd:6b:b8:0b:4d:b1:4a:98:25:1c:1f:7a:7f:9e:c1:
         a0:f1:b4:1e:a1:cd:62:5c:ef:2b:1b:cd:7c:c1:3e:82:93:ef:
         9a:9f:ef:fa:7a:c9:06:dd:a2:b7:6d:71:9e:95:d3:f8:8c:c8:
         74:f4:80:1e:b6:c8:ab:88:e7:60:f8:dd:ff:ec:c2:11:09:d7:
         52:64:6d:1f:58:b8:3c:b4:07:e5:29:f0:d5:84:07:ef:dc:9e:
         a8:00:53:57:5b:6b:11:07:0a:c6:a3:8e:6c:1d:75:10:ca:20:
         b8:f0:1d:ca:b7:24:d7:d8:c8:11:d3:54:2a:9c:a7:19:7e:87:
         9e:bc:af:93:86:b3:e7:92:6e:5b:52:f4:a5:8c:df:d4:46:e0:
         29:62:9c:0f:c3:90:40:f4:47:83:e4:76:82:d2:00:8d:72:df:
         2f:35:de:84:58:9a:9a:e1:61:c4:5e:48:b7:c9:2f:db:cf:28:
         f2:13:48:da:65:7e:cf:32:ef:da:df:91:45:0c:dd:15:90:30:
         2e:05:c2:29:57:2b:61:de:31:58:27:21:f0:21:e4:84:0d:cf:
         47:44:eb:86:8c:f9:a1:25:1e:17:39:01:0a:92:de:ac:fb:25:
         2d:20:f7:87:2f:04:da:09:16:b2:40:fb:59:ed:fb:8a:6c:af:
         4d:3d:bd:0e
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuG3jIpTSrAIwfe9OhtlJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZGYwYTc1YzllZjY4MWI4ZDIzMzY3ZGJlOGVkYWQwNTNm
M2JkOTUwHhcNMjUxMTExMDcwMTQzWhcNMjUxMTEyMDcwMTQzWjAzMTEwLwYDVQQD
EyhkOWM5NjQ2YmZmODlmMzA2ZjNmZWZlMDdlYmQ2ZTEwYjk0NmUxN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO2aQDPY7WJVtSPkRcYmmJts1USl
4P1z77xEIJsycs2ItrjWSMvByhs2An9AmW4WeurYbV69EXeh0WHpA9WnmIMyNj/i
lb+GrUB04Iemvk7Air4WC/sx8/x1nHvpiKdJ4TrVWDl1Xs79hLOl0oJb8L3PtZf3
k/DfKQGzXuRjCnarjpFAODYJGrAYd4Wlsno6SqpHgXpWzf4f+kEg/UCpzGIsgfVZ
EiqgywIumJkLmekN5mr1A7lk3u5WAF/ZDMgd48Tf6d/UOVLbz1UzlbvsmLBnPcWG
YCN2b3F49e4q7WZoRFdsjrl+NptTGccReDQJn2vJtPOdvWTkLdnyAzKQ7wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNnJZGv/ifMG8/7+B+vW4QuUbhfsMB8GA1UdIwQY
MBaAFPPfCnXJ72gbjSM2fb6O2tBT872VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODk4S2RjbnZhQnVOSXpaOXZvN2EwRlB6dlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80Y2I3MmItM2Y4Mi00NmQyLWJmMjUt
YWI4YWJjYzY5MDE2LzEvODk4S2RjbnZhQnVOSXpaOXZvN2EwRlB6dlpVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80Y2I3MmItM2Y4Mi00NmQyLWJmMjUtYWI4YWJjYzY5MDE2
LzEvODk4S2RjbnZhQnVOSXpaOXZvN2EwRlB6dlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAq8IKzWu4
C02xSpglHB96f57BoPG0HqHNYlzvKxvNfME+gpPvmp/v+nrJBt2it21xnpXT+IzI
dPSAHrbIq4jnYPjd/+zCEQnXUmRtH1i4PLQH5Snw1YQH79yeqABTV1trEQcKxqOO
bB11EMoguPAdyrck19jIEdNUKpynGX6Hnryvk4az55JuW1L0pYzf1EbgKWKcD8OQ
QPRHg+R2gtIAjXLfLzXehFiamuFhxF5It8kv288o8hNI2mV+zzLv2t+RRQzdFZAw
LgXCKVcrYd4xWCch8CHkhA3PR0Trhoz5oSUeFzkBCpLerPslLSD3hy8E2gkWskD7
We37imyvTT29Dg==
-----END CERTIFICATE-----