Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/1d98b0-4a4d-4190-bd85-372f65d99a9f/1/3XzvizrZIDFjCqyiJqntebpgVYY.mft
File:                     3XzvizrZIDFjCqyiJqntebpgVYY.mft (raw, json)
Hash identifier:          Tq3fdb2d6rgL7wJEA7gNLuGYHehpTBgiN1KwRHtzCb8=
Subject key identifier:   86:96:FD:20:6E:16:A1:27:C2:8A:29:77:CE:17:1F:C2:38:15:B3:7E
Authority key identifier: DD:7C:EF:8B:3A:D9:20:31:63:0A:AC:A2:26:A9:ED:79:BA:60:55:86
Certificate issuer:       /CN=dd7cef8b3ad92031630aaca226a9ed79ba605586
Certificate serial:       019A72CAD3B9646C1E88F303D04A1B281237
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XzvizrZIDFjCqyiJqntebpgVYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/1d98b0-4a4d-4190-bd85-372f65d99a9f/1/3XzvizrZIDFjCqyiJqntebpgVYY.mft
Manifest number:          0286
Signing time:             Tue 11 Nov 2025 12:01:26 +0000
Manifest this update:     Tue 11 Nov 2025 12:01:26 +0000
Manifest next update:     Wed 12 Nov 2025 12:01:26 +0000
Files and hashes:         1: 3XzvizrZIDFjCqyiJqntebpgVYY.crl (hash: DNmLl/jivUx9juOj6+2wbY64+873/6joy4P5aXhk0OM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/1d98b0-4a4d-4190-bd85-372f65d99a9f/1/3XzvizrZIDFjCqyiJqntebpgVYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/1d98b0-4a4d-4190-bd85-372f65d99a9f/1/3XzvizrZIDFjCqyiJqntebpgVYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3XzvizrZIDFjCqyiJqntebpgVYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:ca:d3:b9:64:6c:1e:88:f3:03:d0:4a:1b:28:12:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd7cef8b3ad92031630aaca226a9ed79ba605586
        Validity
            Not Before: Nov 11 12:01:26 2025 GMT
            Not After : Nov 12 12:01:26 2025 GMT
        Subject: CN=8696fd206e16a127c28a2977ce171fc23815b37e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:93:d3:da:1d:bb:41:83:5a:28:0a:41:f1:d7:
                    36:e9:21:c9:fc:75:47:91:fe:b4:42:48:90:64:e9:
                    72:9d:bd:b1:ea:5a:0f:63:87:1b:a0:90:67:a7:c8:
                    8f:da:51:a3:18:13:f3:31:df:80:41:12:a3:e8:0a:
                    f1:bf:09:2a:4c:b5:19:b4:25:1e:da:2d:9c:28:6c:
                    6f:18:89:52:33:ca:49:01:d0:cf:f5:d0:96:61:2e:
                    34:be:cd:a7:0f:84:11:a0:a9:23:c3:0a:c9:0a:3c:
                    42:f8:16:d4:ed:f3:a7:dc:57:50:09:03:6c:17:b8:
                    29:ad:21:49:d4:b8:c8:9e:5c:40:4c:cf:10:4e:dd:
                    e5:5c:0e:b6:1b:f9:b9:7c:7b:6d:eb:07:53:da:3c:
                    ec:f0:99:f6:98:a7:a0:49:6b:fd:7d:7c:64:c0:03:
                    27:ed:bb:7c:76:41:2b:30:f2:59:dd:b9:9a:9b:d6:
                    7c:63:bd:6f:a1:f2:eb:87:d7:da:b8:4e:11:4d:d2:
                    c7:76:81:ff:ed:a1:66:3a:7b:13:06:17:d1:b0:1d:
                    31:33:11:a7:fd:95:b7:9b:b3:1c:37:05:79:c2:bc:
                    32:e9:fb:b1:d4:f8:1a:ce:41:7c:07:62:2a:9a:71:
                    e8:6e:51:11:ce:a9:e9:95:c4:4f:f6:17:31:85:7e:
                    6f:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:96:FD:20:6E:16:A1:27:C2:8A:29:77:CE:17:1F:C2:38:15:B3:7E
            X509v3 Authority Key Identifier:
                keyid:DD:7C:EF:8B:3A:D9:20:31:63:0A:AC:A2:26:A9:ED:79:BA:60:55:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XzvizrZIDFjCqyiJqntebpgVYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1d98b0-4a4d-4190-bd85-372f65d99a9f/1/3XzvizrZIDFjCqyiJqntebpgVYY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/1d98b0-4a4d-4190-bd85-372f65d99a9f/1/3XzvizrZIDFjCqyiJqntebpgVYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         11:b2:39:b8:de:e2:bc:58:9a:ba:6c:c4:19:e4:30:26:c5:60:
         43:8d:79:20:da:8a:04:dc:f3:d8:df:fd:a5:fa:06:e7:91:f3:
         84:1d:93:52:b8:04:96:5d:f8:45:0b:56:48:0a:2f:13:0a:59:
         64:fd:56:37:33:06:70:3d:18:dc:8c:04:8f:65:62:7e:f2:e9:
         c2:b2:77:e8:bd:40:92:f1:05:11:1a:41:dd:0a:9a:21:92:4c:
         e5:a5:7c:d7:a2:f9:64:06:a9:46:c1:22:df:a3:83:89:af:12:
         91:69:d9:28:d1:c6:82:a7:67:5c:75:37:58:06:cf:eb:0f:1a:
         62:11:c6:a8:03:96:86:4f:db:06:3f:39:14:cc:2f:54:00:1f:
         2a:29:d9:e7:3b:a5:3e:60:d6:40:b8:65:a1:e9:09:66:e0:16:
         98:1e:7e:c7:27:83:9d:37:9d:5a:03:c6:d7:f5:04:59:10:f5:
         8d:dc:e4:33:47:1c:6b:30:47:08:dd:98:25:81:db:e1:3f:fc:
         9b:f8:26:b1:35:7e:e3:36:19:6e:f3:9b:e6:5e:9f:f6:99:f6:
         ac:0d:78:22:85:40:b2:90:3d:45:15:85:d9:f9:73:fd:2b:4b:
         95:eb:64:ea:c1:0e:e0:a7:65:10:47:cb:ad:e3:c4:77:fd:03:
         a7:67:42:31
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyytO5ZGweiPMD0EobKBI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkN2NlZjhiM2FkOTIwMzE2MzBhYWNhMjI2YTllZDc5YmE2
MDU1ODYwHhcNMjUxMTExMTIwMTI2WhcNMjUxMTEyMTIwMTI2WjAzMTEwLwYDVQQD
Eyg4Njk2ZmQyMDZlMTZhMTI3YzI4YTI5NzdjZTE3MWZjMjM4MTViMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJPT2h27QYNaKApB8dc26SHJ/HVH
kf60QkiQZOlynb2x6loPY4cboJBnp8iP2lGjGBPzMd+AQRKj6ArxvwkqTLUZtCUe
2i2cKGxvGIlSM8pJAdDP9dCWYS40vs2nD4QRoKkjwwrJCjxC+BbU7fOn3FdQCQNs
F7gprSFJ1LjInlxATM8QTt3lXA62G/m5fHtt6wdT2jzs8Jn2mKegSWv9fXxkwAMn
7bt8dkErMPJZ3bmam9Z8Y71vofLrh9fauE4RTdLHdoH/7aFmOnsTBhfRsB0xMxGn
/ZW3m7McNwV5wrwy6fux1PgazkF8B2IqmnHoblERzqnplcRP9hcxhX5v8QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIaW/SBuFqEnwoopd84XH8I4FbN+MB8GA1UdIwQY
MBaAFN1874s62SAxYwqsoiap7Xm6YFWGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1h6dml6clpJREZqQ3F5aUpxbnRlYnBnVllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS8xZDk4YjAtNGE0ZC00MTkwLWJkODUt
MzcyZjY1ZDk5YTlmLzEvM1h6dml6clpJREZqQ3F5aUpxbnRlYnBnVllZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS8xZDk4YjAtNGE0ZC00MTkwLWJkODUtMzcyZjY1ZDk5YTlm
LzEvM1h6dml6clpJREZqQ3F5aUpxbnRlYnBnVllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAEbI5uN7i
vFiaumzEGeQwJsVgQ415INqKBNzz2N/9pfoG55HzhB2TUrgEll34RQtWSAovEwpZ
ZP1WNzMGcD0Y3IwEj2VifvLpwrJ36L1AkvEFERpB3QqaIZJM5aV816L5ZAapRsEi
36ODia8SkWnZKNHGgqdnXHU3WAbP6w8aYhHGqAOWhk/bBj85FMwvVAAfKinZ5zul
PmDWQLhloekJZuAWmB5+xyeDnTedWgPG1/UEWRD1jdzkM0ccazBHCN2YJYHb4T/8
m/gmsTV+4zYZbvOb5l6f9pn2rA14IoVAspA9RRWF2flz/StLletk6sEO4KdlEEfL
rePEd/0Dp2dCMQ==
-----END CERTIFICATE-----