Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/943903-bee9-4dd7-84c2-a48fec1fcb70/1/NSfzoow8WhVFLOxPVswmno6tnXI.mft
File:                     NSfzoow8WhVFLOxPVswmno6tnXI.mft (raw, json)
Hash identifier:          SG1k2LfAdfz97WiL2+l/TJHTJNWsGM56C0h6llGgzRA=
Subject key identifier:   DB:5E:DA:F7:B7:A4:5A:B9:31:BC:4C:97:94:71:9D:45:CE:17:8B:09
Authority key identifier: 35:27:F3:A2:8C:3C:5A:15:45:2C:EC:4F:56:CC:26:9E:8E:AD:9D:72
Certificate issuer:       /CN=3527f3a28c3c5a15452cec4f56cc269e8ead9d72
Certificate serial:       019A71B7D83196497D854E130B7504B845E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSfzoow8WhVFLOxPVswmno6tnXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/943903-bee9-4dd7-84c2-a48fec1fcb70/1/NSfzoow8WhVFLOxPVswmno6tnXI.mft
Manifest number:          171A
Signing time:             Tue 11 Nov 2025 07:01:05 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:05 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:05 +0000
Files and hashes:         1: NSfzoow8WhVFLOxPVswmno6tnXI.crl (hash: GZTcKDAnbaNSxe12YeRbPIrjb99rFSeDnTKdRn2TuPQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/943903-bee9-4dd7-84c2-a48fec1fcb70/1/NSfzoow8WhVFLOxPVswmno6tnXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/943903-bee9-4dd7-84c2-a48fec1fcb70/1/NSfzoow8WhVFLOxPVswmno6tnXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSfzoow8WhVFLOxPVswmno6tnXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b7:d8:31:96:49:7d:85:4e:13:0b:75:04:b8:45:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3527f3a28c3c5a15452cec4f56cc269e8ead9d72
        Validity
            Not Before: Nov 11 07:01:05 2025 GMT
            Not After : Nov 12 07:01:05 2025 GMT
        Subject: CN=db5edaf7b7a45ab931bc4c9794719d45ce178b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2f:93:04:65:de:18:d9:74:32:e7:fe:29:04:
                    0e:ae:af:6c:8e:73:f3:f2:f9:09:db:70:33:b6:6d:
                    35:b0:d8:b8:0f:20:e9:c5:cc:bc:c8:27:61:be:be:
                    ac:ed:b6:c9:03:17:d4:cf:30:6a:3f:6b:cf:4e:6b:
                    8a:55:5f:77:95:d1:7b:3f:5f:23:ae:8c:83:f9:76:
                    af:4f:65:1b:f2:e3:fa:bf:e4:aa:49:f7:95:30:07:
                    32:bd:60:66:73:19:eb:cf:07:1d:62:5d:7c:f1:fe:
                    f5:ee:17:dd:67:59:f3:cf:7d:6a:ca:f8:04:42:d6:
                    3e:7b:a3:d0:45:0c:a3:4b:3b:32:ca:0b:54:fe:98:
                    ab:38:a6:fb:8a:79:fd:82:01:6d:21:94:25:aa:ee:
                    02:62:89:be:81:87:c5:ff:4b:eb:a1:b5:a4:dd:d5:
                    a0:6a:ef:f3:e3:57:fe:0c:93:bf:3c:1f:7b:e2:12:
                    8f:04:83:5e:d6:c2:4f:7a:55:5b:3a:cb:0e:65:78:
                    0d:f1:fa:37:47:11:a0:04:8a:61:9e:97:7a:fa:c8:
                    79:18:03:03:d5:e6:22:cb:43:9f:7a:6c:40:13:76:
                    d3:40:ed:f3:e4:d3:55:71:0a:99:6b:33:99:3e:81:
                    45:1e:04:58:f4:cc:63:1f:3b:f0:72:f1:3b:ca:98:
                    0b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:5E:DA:F7:B7:A4:5A:B9:31:BC:4C:97:94:71:9D:45:CE:17:8B:09
            X509v3 Authority Key Identifier:
                keyid:35:27:F3:A2:8C:3C:5A:15:45:2C:EC:4F:56:CC:26:9E:8E:AD:9D:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSfzoow8WhVFLOxPVswmno6tnXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/943903-bee9-4dd7-84c2-a48fec1fcb70/1/NSfzoow8WhVFLOxPVswmno6tnXI.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/943903-bee9-4dd7-84c2-a48fec1fcb70/1/NSfzoow8WhVFLOxPVswmno6tnXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         30:fd:d1:da:11:d5:5d:4a:76:b9:2a:15:e6:5a:fd:2f:7d:f5:
         37:f3:6e:3b:1a:8a:1b:c0:13:8f:bd:82:5e:b2:cb:a0:04:2e:
         51:fc:fe:f6:35:2f:2e:18:ab:77:ad:c3:32:a9:3b:4b:4e:d9:
         f2:ab:f0:7b:31:ac:d0:66:e0:9a:93:2d:4e:8e:5c:44:f4:01:
         0b:19:7f:b9:b7:23:7c:06:b0:dc:e8:3c:b7:a7:12:67:8e:76:
         7e:12:33:c0:dd:a9:cb:14:e0:38:e8:ae:36:58:c5:ac:28:12:
         18:ca:ae:27:3d:c7:ef:d5:11:2a:ed:05:33:3b:96:be:e5:64:
         05:06:a6:82:6b:a7:12:ce:ad:50:6b:7e:d1:d9:69:d4:d6:9d:
         aa:9f:c4:98:2f:8e:9d:48:07:41:1b:ba:a8:c5:09:42:fd:53:
         4e:fe:64:9c:d9:8d:34:b6:29:f9:5a:d9:d0:56:6b:0e:f6:d2:
         e7:5d:4b:8c:06:98:77:b9:3f:13:c0:39:60:f8:2f:b5:9e:5d:
         68:58:b7:38:78:e0:45:e4:e2:ed:43:8d:4a:74:a6:5d:cb:d5:
         20:5a:a1:55:07:b1:e5:c8:2c:da:96:27:1a:07:13:12:8a:50:
         8f:0e:c0:ed:1a:dc:91:c1:17:81:02:b3:dc:ca:28:d9:6e:58:
         d3:97:bf:74
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxt9gxlkl9hU4TC3UEuEXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MjdmM2EyOGMzYzVhMTU0NTJjZWM0ZjU2Y2MyNjllOGVh
ZDlkNzIwHhcNMjUxMTExMDcwMTA1WhcNMjUxMTEyMDcwMTA1WjAzMTEwLwYDVQQD
EyhkYjVlZGFmN2I3YTQ1YWI5MzFiYzRjOTc5NDcxOWQ0NWNlMTc4YjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC+TBGXeGNl0Muf+KQQOrq9sjnPz
8vkJ23Aztm01sNi4DyDpxcy8yCdhvr6s7bbJAxfUzzBqP2vPTmuKVV93ldF7P18j
royD+XavT2Ub8uP6v+SqSfeVMAcyvWBmcxnrzwcdYl188f717hfdZ1nzz31qyvgE
QtY+e6PQRQyjSzsyygtU/pirOKb7inn9ggFtIZQlqu4CYom+gYfF/0vrobWk3dWg
au/z41f+DJO/PB974hKPBINe1sJPelVbOssOZXgN8fo3RxGgBIphnpd6+sh5GAMD
1eYiy0OfemxAE3bTQO3z5NNVcQqZazOZPoFFHgRY9MxjHzvwcvE7ypgLDQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNte2ve3pFq5MbxMl5RxnUXOF4sJMB8GA1UdIwQY
MBaAFDUn86KMPFoVRSzsT1bMJp6OrZ1yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNmem9vdzhXaFZGTE94UFZzd21ubzZ0blhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS85NDM5MDMtYmVlOS00ZGQ3LTg0YzIt
YTQ4ZmVjMWZjYjcwLzEvTlNmem9vdzhXaFZGTE94UFZzd21ubzZ0blhJLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS85NDM5MDMtYmVlOS00ZGQ3LTg0YzItYTQ4ZmVjMWZjYjcw
LzEvTlNmem9vdzhXaFZGTE94UFZzd21ubzZ0blhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAMP3R2hHV
XUp2uSoV5lr9L331N/NuOxqKG8ATj72CXrLLoAQuUfz+9jUvLhird63DMqk7S07Z
8qvwezGs0GbgmpMtTo5cRPQBCxl/ubcjfAaw3Og8t6cSZ452fhIzwN2pyxTgOOiu
NljFrCgSGMquJz3H79URKu0FMzuWvuVkBQamgmunEs6tUGt+0dlp1Nadqp/EmC+O
nUgHQRu6qMUJQv1TTv5knNmNNLYp+VrZ0FZrDvbS511LjAaYd7k/E8A5YPgvtZ5d
aFi3OHjgReTi7UONSnSmXcvVIFqhVQex5cgs2pYnGgcTEopQjw7A7RrckcEXgQKz
3Moo2W5Y05e/dA==
-----END CERTIFICATE-----