Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/8cf1f5-2095-48fa-8c3a-a3137bc83d0a/1/cLQT-ngqMEKDDaI6o_NZSn1eovQ.mft
File:                     cLQT-ngqMEKDDaI6o_NZSn1eovQ.mft (raw, json)
Hash identifier:          amMdGeYv+5vNja1ZoONBwy/9KvPUmDfT4jAFRrHcafA=
Subject key identifier:   34:8A:5E:A0:70:FB:DB:1E:0E:74:B0:70:D6:8F:E5:23:2D:0E:21:84
Authority key identifier: 70:B4:13:FA:78:2A:30:42:83:0D:A2:3A:A3:F3:59:4A:7D:5E:A2:F4
Certificate issuer:       /CN=70b413fa782a3042830da23aa3f3594a7d5ea2f4
Certificate serial:       019A7225C476F8AE699EE7843CBC4C0847C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cLQT-ngqMEKDDaI6o_NZSn1eovQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/8cf1f5-2095-48fa-8c3a-a3137bc83d0a/1/cLQT-ngqMEKDDaI6o_NZSn1eovQ.mft
Manifest number:          171C
Signing time:             Tue 11 Nov 2025 09:01:08 +0000
Manifest this update:     Tue 11 Nov 2025 09:01:08 +0000
Manifest next update:     Wed 12 Nov 2025 09:01:08 +0000
Files and hashes:         1: cLQT-ngqMEKDDaI6o_NZSn1eovQ.crl (hash: ZD433n+HRiOA+s/w1Wu/LkbKAwohCwERRSnFjzTWTEM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/8cf1f5-2095-48fa-8c3a-a3137bc83d0a/1/cLQT-ngqMEKDDaI6o_NZSn1eovQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/8cf1f5-2095-48fa-8c3a-a3137bc83d0a/1/cLQT-ngqMEKDDaI6o_NZSn1eovQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cLQT-ngqMEKDDaI6o_NZSn1eovQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:25:c4:76:f8:ae:69:9e:e7:84:3c:bc:4c:08:47:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70b413fa782a3042830da23aa3f3594a7d5ea2f4
        Validity
            Not Before: Nov 11 09:01:08 2025 GMT
            Not After : Nov 12 09:01:08 2025 GMT
        Subject: CN=348a5ea070fbdb1e0e74b070d68fe5232d0e2184
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:3a:bf:4b:eb:ce:4b:95:65:0b:5d:24:72:1c:
                    bf:86:38:e7:3a:89:1c:de:38:b5:95:f1:4a:90:98:
                    40:82:c0:2d:88:b5:91:87:5a:ec:5c:5f:ae:5e:bc:
                    db:34:2a:13:bf:f0:01:51:95:22:3c:40:84:75:79:
                    51:97:01:6f:ea:fb:af:74:64:6d:7b:57:c8:6e:21:
                    3c:7f:bc:28:cc:79:f6:5e:c0:6d:92:31:1b:54:c4:
                    28:08:4e:04:b8:b9:e9:98:0c:48:05:7f:84:88:8c:
                    2e:c3:90:29:9a:b8:63:6e:d5:d5:92:40:8d:22:52:
                    a7:64:58:e8:b4:52:af:10:a5:54:46:10:b5:41:09:
                    20:9d:cc:68:55:4b:43:9b:1c:77:3f:36:87:55:eb:
                    c7:0d:c3:df:fd:e6:1f:8a:e1:c7:03:27:43:cb:73:
                    a5:5a:33:bc:0d:51:03:ad:ca:90:d8:71:f8:e4:65:
                    3c:c8:82:70:2a:a5:17:0d:38:80:38:36:d6:fc:65:
                    8e:46:1b:20:7b:14:c3:8d:30:b9:82:56:d8:eb:eb:
                    3c:79:41:ac:93:f7:3e:33:d5:24:a9:40:76:81:8a:
                    de:49:63:2f:c4:da:5e:43:0c:4b:9e:08:d7:a4:84:
                    4b:28:cb:d3:b2:43:fe:92:79:0a:2e:0e:d8:9f:ad:
                    b7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8A:5E:A0:70:FB:DB:1E:0E:74:B0:70:D6:8F:E5:23:2D:0E:21:84
            X509v3 Authority Key Identifier:
                keyid:70:B4:13:FA:78:2A:30:42:83:0D:A2:3A:A3:F3:59:4A:7D:5E:A2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cLQT-ngqMEKDDaI6o_NZSn1eovQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/8cf1f5-2095-48fa-8c3a-a3137bc83d0a/1/cLQT-ngqMEKDDaI6o_NZSn1eovQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/8cf1f5-2095-48fa-8c3a-a3137bc83d0a/1/cLQT-ngqMEKDDaI6o_NZSn1eovQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         18:ed:0f:18:f7:02:ca:94:3b:10:ca:3c:77:de:fd:14:f0:73:
         a9:bd:25:d7:e6:5e:ce:99:11:f3:37:40:09:04:b2:a5:36:6b:
         2e:5f:e1:05:e6:25:22:86:dd:d4:80:d5:51:7e:8f:a6:97:e2:
         62:20:97:9d:33:ca:37:54:5a:06:2d:18:5c:26:fd:0c:74:6f:
         21:71:59:10:03:c0:03:5d:c8:2a:ef:0e:e7:57:dc:94:cf:95:
         12:c0:c7:fd:1a:ed:02:38:ed:6d:4b:53:be:97:8f:bb:3a:06:
         ea:55:e7:47:f1:11:94:b3:d7:56:7b:dc:ae:12:14:ce:4b:7b:
         12:f7:91:9a:25:81:c8:36:74:ef:b1:a1:06:35:38:0f:19:8b:
         fb:9e:c3:5d:57:4d:38:c4:5b:1c:33:5a:b7:c9:62:b4:9e:b5:
         0e:2a:33:18:b5:23:40:cf:ed:3e:02:03:a0:b5:5e:93:80:8f:
         32:7a:61:86:50:52:b8:b3:a1:6c:20:49:34:23:6f:f2:0d:8a:
         02:35:22:7a:17:8e:8b:a3:a7:32:f0:57:ab:1f:5c:55:5d:8d:
         7e:de:79:99:e0:38:1f:62:49:b8:7d:61:9b:35:f7:5c:0e:b8:
         5f:3f:df:c9:bf:91:21:29:e0:e1:29:2e:65:7b:42:a2:e3:3f:
         e2:28:3c:57
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyJcR2+K5pnueEPLxMCEfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYjQxM2ZhNzgyYTMwNDI4MzBkYTIzYWEzZjM1OTRhN2Q1
ZWEyZjQwHhcNMjUxMTExMDkwMTA4WhcNMjUxMTEyMDkwMTA4WjAzMTEwLwYDVQQD
EygzNDhhNWVhMDcwZmJkYjFlMGU3NGIwNzBkNjhmZTUyMzJkMGUyMTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizq/S+vOS5VlC10kchy/hjjnOokc
3ji1lfFKkJhAgsAtiLWRh1rsXF+uXrzbNCoTv/ABUZUiPECEdXlRlwFv6vuvdGRt
e1fIbiE8f7wozHn2XsBtkjEbVMQoCE4EuLnpmAxIBX+EiIwuw5ApmrhjbtXVkkCN
IlKnZFjotFKvEKVURhC1QQkgncxoVUtDmxx3PzaHVevHDcPf/eYfiuHHAydDy3Ol
WjO8DVEDrcqQ2HH45GU8yIJwKqUXDTiAODbW/GWORhsgexTDjTC5glbY6+s8eUGs
k/c+M9UkqUB2gYreSWMvxNpeQwxLngjXpIRLKMvTskP+knkKLg7Yn623kQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDSKXqBw+9seDnSwcNaP5SMtDiGEMB8GA1UdIwQY
MBaAFHC0E/p4KjBCgw2iOqPzWUp9XqL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0xRVC1uZ3FNRUtERGFJNm9fTlpTbjFlb3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi84Y2YxZjUtMjA5NS00OGZhLThjM2Et
YTMxMzdiYzgzZDBhLzEvY0xRVC1uZ3FNRUtERGFJNm9fTlpTbjFlb3ZRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi84Y2YxZjUtMjA5NS00OGZhLThjM2EtYTMxMzdiYzgzZDBh
LzEvY0xRVC1uZ3FNRUtERGFJNm9fTlpTbjFlb3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAGO0PGPcC
ypQ7EMo8d979FPBzqb0l1+ZezpkR8zdACQSypTZrLl/hBeYlIobd1IDVUX6Pppfi
YiCXnTPKN1RaBi0YXCb9DHRvIXFZEAPAA13IKu8O51fclM+VEsDH/RrtAjjtbUtT
vpePuzoG6lXnR/ERlLPXVnvcrhIUzkt7EveRmiWByDZ077GhBjU4DxmL+57DXVdN
OMRbHDNat8litJ61DiozGLUjQM/tPgIDoLVek4CPMnphhlBSuLOhbCBJNCNv8g2K
AjUieheOi6OnMvBXqx9cVV2Nft55meA4H2JJuH1hmzX3XA64Xz/fyb+RISng4Sku
ZXtCouM/4ig8Vw==
-----END CERTIFICATE-----