Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/8544a0-ae46-4da2-ad2d-e893b13b2c9f/1/JchJyqV3LJi4E8E7TzD85PSNLa4.mft
File:                     JchJyqV3LJi4E8E7TzD85PSNLa4.mft (raw, json)
Hash identifier:          UtTNgmaP8oKXmRSPA3um2mH78xIo0lfs7v/hO4c4RmI=
Subject key identifier:   42:96:B4:10:67:3B:A9:7C:A7:02:8E:BD:58:66:91:E8:95:A6:5B:76
Authority key identifier: 25:C8:49:CA:A5:77:2C:98:B8:13:C1:3B:4F:30:FC:E4:F4:8D:2D:AE
Certificate issuer:       /CN=25c849caa5772c98b813c13b4f30fce4f48d2dae
Certificate serial:       019A725C5BA3D2CBB3BD83D95E51263C8E8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JchJyqV3LJi4E8E7TzD85PSNLa4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/8544a0-ae46-4da2-ad2d-e893b13b2c9f/1/JchJyqV3LJi4E8E7TzD85PSNLa4.mft
Manifest number:          0AF4
Signing time:             Tue 11 Nov 2025 10:00:46 +0000
Manifest this update:     Tue 11 Nov 2025 10:00:46 +0000
Manifest next update:     Wed 12 Nov 2025 10:00:46 +0000
Files and hashes:         1: JchJyqV3LJi4E8E7TzD85PSNLa4.crl (hash: sf95UiYppNRa4p9m9ZESly9ulGvl5LYqyJDt1EkGKVg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/8544a0-ae46-4da2-ad2d-e893b13b2c9f/1/JchJyqV3LJi4E8E7TzD85PSNLa4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/8544a0-ae46-4da2-ad2d-e893b13b2c9f/1/JchJyqV3LJi4E8E7TzD85PSNLa4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JchJyqV3LJi4E8E7TzD85PSNLa4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:5c:5b:a3:d2:cb:b3:bd:83:d9:5e:51:26:3c:8e:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25c849caa5772c98b813c13b4f30fce4f48d2dae
        Validity
            Not Before: Nov 11 10:00:46 2025 GMT
            Not After : Nov 12 10:00:46 2025 GMT
        Subject: CN=4296b410673ba97ca7028ebd586691e895a65b76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8a:bf:6b:90:e9:e0:c5:9d:31:31:92:62:fd:
                    94:c4:ab:9e:53:18:6e:c2:c1:15:2c:ab:a7:1b:a8:
                    40:f1:d4:3b:6a:20:4f:04:08:60:70:7d:a5:5e:93:
                    80:9d:c2:1e:49:cc:4d:bd:5f:f8:76:fb:36:b4:93:
                    a2:e3:b6:41:5c:0f:f8:b3:6c:34:cc:69:db:ed:dc:
                    9e:9d:7d:48:44:37:9d:ed:6d:73:74:2f:0b:aa:bd:
                    d3:c5:74:2a:00:83:15:5c:68:a9:b0:02:7e:3c:cb:
                    a0:01:fe:40:ee:c6:d1:5d:1f:a9:e7:7a:1b:7e:79:
                    e2:c1:c5:40:71:dc:7e:ec:fc:2a:1f:5e:97:7b:66:
                    cd:ff:d2:98:4a:29:fb:6b:4b:1d:a0:3d:f4:48:2c:
                    46:cb:45:a6:f6:cb:06:a9:ee:a8:a2:b9:bb:01:1b:
                    1e:1f:e1:be:0e:f4:65:b7:a6:5d:27:f7:19:ec:0a:
                    6a:13:f2:f0:49:2f:ec:da:24:b3:86:b5:72:b3:28:
                    ea:55:a3:cb:cf:9a:a6:af:dd:b6:dc:be:6a:01:14:
                    56:ad:1e:73:7c:39:48:a6:7d:8e:86:8f:88:22:5e:
                    80:a6:4a:39:c9:0d:65:4c:17:ef:da:ff:21:e7:69:
                    eb:42:a3:6a:de:8d:90:cd:12:d7:de:84:0e:54:bd:
                    69:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:96:B4:10:67:3B:A9:7C:A7:02:8E:BD:58:66:91:E8:95:A6:5B:76
            X509v3 Authority Key Identifier:
                keyid:25:C8:49:CA:A5:77:2C:98:B8:13:C1:3B:4F:30:FC:E4:F4:8D:2D:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JchJyqV3LJi4E8E7TzD85PSNLa4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8544a0-ae46-4da2-ad2d-e893b13b2c9f/1/JchJyqV3LJi4E8E7TzD85PSNLa4.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/8544a0-ae46-4da2-ad2d-e893b13b2c9f/1/JchJyqV3LJi4E8E7TzD85PSNLa4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         99:75:6b:48:77:a1:27:28:1c:05:3c:3c:2a:c4:55:87:31:b4:
         d5:db:48:5f:fd:ba:00:dc:4a:d2:a1:72:4c:f5:28:c5:80:00:
         55:f1:d0:89:2f:fd:16:b0:3a:55:ba:e3:18:ec:1e:01:3f:08:
         b6:48:2b:3e:1d:42:66:bf:32:10:1b:9b:01:66:67:65:ed:c4:
         b0:00:6f:ef:cd:91:a6:7a:6a:f2:a6:4b:9a:ab:69:de:f0:1d:
         dc:12:70:b6:36:1f:44:9b:a6:b1:b3:75:3b:f7:f7:91:f2:2b:
         96:8a:03:cd:73:e4:92:0f:8d:d4:5a:3f:25:12:20:2a:4e:69:
         20:31:a7:6c:e1:28:22:de:bf:be:ae:72:c0:50:af:e7:dc:5c:
         08:bc:0e:5f:09:f0:22:d1:32:a6:8a:7c:08:e3:ae:ef:e7:1e:
         17:e7:48:f1:7e:68:2c:b6:78:06:24:d7:18:82:b2:6f:5d:ad:
         3f:5e:52:2e:bd:c8:fd:95:85:5d:a1:f4:b8:b3:38:aa:b8:5c:
         8e:72:c7:72:e9:ce:54:7d:1c:64:25:47:1d:9f:23:55:a9:99:
         5e:f0:dc:28:0f:95:84:1f:62:0b:07:2d:10:06:8c:d2:cb:4f:
         c4:d8:51:d6:e3:ac:b6:76:87:d5:4a:07:e3:0a:e0:23:9d:ad:
         c5:bb:e3:39
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyXFuj0suzvYPZXlEmPI6LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Yzg0OWNhYTU3NzJjOThiODEzYzEzYjRmMzBmY2U0ZjQ4
ZDJkYWUwHhcNMjUxMTExMTAwMDQ2WhcNMjUxMTEyMTAwMDQ2WjAzMTEwLwYDVQQD
Eyg0Mjk2YjQxMDY3M2JhOTdjYTcwMjhlYmQ1ODY2OTFlODk1YTY1Yjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYq/a5Dp4MWdMTGSYv2UxKueUxhu
wsEVLKunG6hA8dQ7aiBPBAhgcH2lXpOAncIeScxNvV/4dvs2tJOi47ZBXA/4s2w0
zGnb7dyenX1IRDed7W1zdC8Lqr3TxXQqAIMVXGipsAJ+PMugAf5A7sbRXR+p53ob
fnniwcVAcdx+7PwqH16Xe2bN/9KYSin7a0sdoD30SCxGy0Wm9ssGqe6oorm7ARse
H+G+DvRlt6ZdJ/cZ7ApqE/LwSS/s2iSzhrVysyjqVaPLz5qmr9223L5qARRWrR5z
fDlIpn2Oho+IIl6Apko5yQ1lTBfv2v8h52nrQqNq3o2QzRLX3oQOVL1p1QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEKWtBBnO6l8pwKOvVhmkeiVplt2MB8GA1UdIwQY
MBaAFCXIScqldyyYuBPBO08w/OT0jS2uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmNoSnlxVjNMSmk0RThFN1R6RDg1UFNOTGE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS84NTQ0YTAtYWU0Ni00ZGEyLWFkMmQt
ZTg5M2IxM2IyYzlmLzEvSmNoSnlxVjNMSmk0RThFN1R6RDg1UFNOTGE0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS84NTQ0YTAtYWU0Ni00ZGEyLWFkMmQtZTg5M2IxM2IyYzlm
LzEvSmNoSnlxVjNMSmk0RThFN1R6RDg1UFNOTGE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAmXVrSHeh
JygcBTw8KsRVhzG01dtIX/26ANxK0qFyTPUoxYAAVfHQiS/9FrA6VbrjGOweAT8I
tkgrPh1CZr8yEBubAWZnZe3EsABv782Rpnpq8qZLmqtp3vAd3BJwtjYfRJumsbN1
O/f3kfIrlooDzXPkkg+N1Fo/JRIgKk5pIDGnbOEoIt6/vq5ywFCv59xcCLwOXwnw
ItEypop8COOu7+ceF+dI8X5oLLZ4BiTXGIKyb12tP15SLr3I/ZWFXaH0uLM4qrhc
jnLHcunOVH0cZCVHHZ8jVamZXvDcKA+VhB9iCwctEAaM0stPxNhR1uOstnaH1UoH
4wrgI52txbvjOQ==
-----END CERTIFICATE-----