Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft
File:                     pzfikBac_OajOKZrykXP5jXRVEY.mft (raw, json)
Hash identifier:          llEEs1RbKNc0YjkSAzwYoxnFIskH6Fj0c2Etxi6/MW4=
Subject key identifier:   29:04:A1:52:5C:65:5B:B7:48:F2:D4:56:A7:D2:8B:BB:0B:19:24:17
Authority key identifier: A7:37:E2:90:16:9C:FC:E6:A3:38:A6:6B:CA:45:CF:E6:35:D1:54:46
Certificate issuer:       /CN=a737e290169cfce6a338a66bca45cfe635d15446
Certificate serial:       019A722586207425EBD1CA65A3EB2C9FCA26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pzfikBac_OajOKZrykXP5jXRVEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft
Manifest number:          171C
Signing time:             Tue 11 Nov 2025 09:00:53 +0000
Manifest this update:     Tue 11 Nov 2025 09:00:53 +0000
Manifest next update:     Wed 12 Nov 2025 09:00:53 +0000
Files and hashes:         1: pzfikBac_OajOKZrykXP5jXRVEY.crl (hash: 2E9OUgZr9gcfqMWh0vbirEK/nenZHW8jQJBKfss7aGI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pzfikBac_OajOKZrykXP5jXRVEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:25:86:20:74:25:eb:d1:ca:65:a3:eb:2c:9f:ca:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a737e290169cfce6a338a66bca45cfe635d15446
        Validity
            Not Before: Nov 11 09:00:53 2025 GMT
            Not After : Nov 12 09:00:53 2025 GMT
        Subject: CN=2904a1525c655bb748f2d456a7d28bbb0b192417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:64:07:62:09:6c:e1:4a:72:68:e5:ec:fb:54:
                    2b:ff:18:fd:83:51:c2:38:2d:0b:58:e7:1a:c5:e4:
                    64:51:fe:22:70:2b:ab:a8:74:1c:dd:82:e4:6e:bd:
                    0f:bc:30:bb:d3:3c:e0:8f:15:33:57:0b:ad:83:a1:
                    c1:c8:33:c6:2b:0a:71:31:7d:68:97:44:b5:72:56:
                    d3:87:4c:8e:d6:c9:c0:a8:cb:58:94:67:39:6a:86:
                    4b:f7:d2:01:52:79:48:b8:98:21:84:56:83:a4:72:
                    04:5f:d6:88:23:6b:6c:e6:82:16:a0:46:01:47:2a:
                    8d:8d:3a:d8:59:e1:77:d7:ca:84:18:50:fd:20:88:
                    3d:8c:a9:b7:9e:40:fb:eb:53:9d:83:53:94:e3:a0:
                    89:b4:84:d4:d7:fd:da:b7:2c:da:ac:53:a3:d5:7f:
                    e6:1e:d5:a1:b9:d5:a3:67:81:4c:3d:86:e9:e6:3a:
                    22:ad:bf:e0:93:4d:aa:7c:d8:b7:88:1b:39:e4:31:
                    b7:1c:86:ce:90:3a:18:04:79:ec:d1:15:32:83:e1:
                    1b:fd:d9:ad:5b:5f:5d:54:30:69:66:c0:f4:f8:45:
                    50:4b:41:a5:df:5d:bc:0e:76:16:f2:6f:5e:b6:c4:
                    5d:ce:14:5e:8e:6a:6a:40:96:d5:99:cd:0b:5e:b6:
                    1e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:04:A1:52:5C:65:5B:B7:48:F2:D4:56:A7:D2:8B:BB:0B:19:24:17
            X509v3 Authority Key Identifier:
                keyid:A7:37:E2:90:16:9C:FC:E6:A3:38:A6:6B:CA:45:CF:E6:35:D1:54:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pzfikBac_OajOKZrykXP5jXRVEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         37:95:14:68:0a:e1:3b:46:b4:2d:c7:41:41:0f:85:ae:57:20:
         18:09:ca:3d:0e:b1:4b:e9:42:9c:9a:f1:8c:66:31:44:db:d7:
         50:52:0b:28:02:42:0f:34:3b:6f:90:d6:71:98:52:56:37:cb:
         f2:14:d7:12:4e:2a:c4:c7:a6:4e:30:aa:65:fd:3a:d3:b4:0b:
         e1:0a:b2:20:4d:0f:ec:d2:d8:6e:4f:82:dd:e0:1a:f5:ca:7c:
         ee:9b:b3:7a:06:36:3e:83:a9:f0:87:90:7d:99:13:cf:ba:62:
         49:be:bb:6c:1c:25:c1:c1:33:42:39:b1:02:d1:68:48:34:7c:
         32:b9:7c:f8:1d:ae:87:db:d2:7c:d1:0f:bb:35:ac:ac:be:c6:
         e6:ed:d2:09:48:dd:b3:df:ed:df:a3:26:ee:99:9b:ef:a8:fd:
         b0:50:1e:a0:7b:fc:38:44:0e:87:53:3b:18:12:1b:a6:78:06:
         74:8b:c8:8e:5d:86:3a:5f:5d:c9:7c:c9:9c:3d:84:f4:70:96:
         49:ea:fa:49:9e:93:2f:b8:40:3e:e5:31:b2:36:bb:ea:b6:a4:
         b2:75:9e:e4:5a:11:1e:e6:54:47:ca:89:31:0b:c4:6d:f8:f2:
         d7:d5:51:84:6a:99:84:f4:9f:f8:c8:ae:f4:30:f5:da:94:3c:
         0a:a1:c5:80
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyJYYgdCXr0cplo+ssn8omMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MzdlMjkwMTY5Y2ZjZTZhMzM4YTY2YmNhNDVjZmU2MzVk
MTU0NDYwHhcNMjUxMTExMDkwMDUzWhcNMjUxMTEyMDkwMDUzWjAzMTEwLwYDVQQD
EygyOTA0YTE1MjVjNjU1YmI3NDhmMmQ0NTZhN2QyOGJiYjBiMTkyNDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02QHYgls4UpyaOXs+1Qr/xj9g1HC
OC0LWOcaxeRkUf4icCurqHQc3YLkbr0PvDC70zzgjxUzVwutg6HByDPGKwpxMX1o
l0S1clbTh0yO1snAqMtYlGc5aoZL99IBUnlIuJghhFaDpHIEX9aII2ts5oIWoEYB
RyqNjTrYWeF318qEGFD9IIg9jKm3nkD761Odg1OU46CJtITU1/3atyzarFOj1X/m
HtWhudWjZ4FMPYbp5joirb/gk02qfNi3iBs55DG3HIbOkDoYBHns0RUyg+Eb/dmt
W19dVDBpZsD0+EVQS0Gl3128DnYW8m9etsRdzhRejmpqQJbVmc0LXrYehwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCkEoVJcZVu3SPLUVqfSi7sLGSQXMB8GA1UdIwQY
MBaAFKc34pAWnPzmozima8pFz+Y10VRGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHpmaWtCYWNfT2FqT0tacnlrWFA1alhSVkVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hZmE5YWYtZmU1ZS00MDIzLWFjMGYt
NzZkMjY3YTI0ODlkLzEvcHpmaWtCYWNfT2FqT0tacnlrWFA1alhSVkVZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hZmE5YWYtZmU1ZS00MDIzLWFjMGYtNzZkMjY3YTI0ODlk
LzEvcHpmaWtCYWNfT2FqT0tacnlrWFA1alhSVkVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAN5UUaArh
O0a0LcdBQQ+FrlcgGAnKPQ6xS+lCnJrxjGYxRNvXUFILKAJCDzQ7b5DWcZhSVjfL
8hTXEk4qxMemTjCqZf0607QL4QqyIE0P7NLYbk+C3eAa9cp87puzegY2PoOp8IeQ
fZkTz7piSb67bBwlwcEzQjmxAtFoSDR8Mrl8+B2uh9vSfNEPuzWsrL7G5u3SCUjd
s9/t36Mm7pmb76j9sFAeoHv8OEQOh1M7GBIbpngGdIvIjl2GOl9dyXzJnD2E9HCW
Ser6SZ6TL7hAPuUxsja76raksnWe5FoRHuZUR8qJMQvEbfjy19VRhGqZhPSf+Miu
9DD12pQ8CqHFgA==
-----END CERTIFICATE-----