Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
File:                     ONY8X84e8J5L8s_JS7JQn9X_UJw.mft (raw, json)
Hash identifier:          0sI7pR4BT1Gvrrr7dQ4wuLKTGZxH4yR9ahx1HLhpCO8=
Subject key identifier:   6C:46:29:B4:04:94:C1:8B:22:FB:DB:D3:35:A6:5D:2F:E6:2B:E0:1A
Authority key identifier: 38:D6:3C:5F:CE:1E:F0:9E:4B:F2:CF:C9:4B:B2:50:9F:D5:FF:50:9C
Certificate issuer:       /CN=38d63c5fce1ef09e4bf2cfc94bb2509fd5ff509c
Certificate serial:       019A70DBE50A7CFE4D3749FBC815C64666D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
Manifest number:          0551
Signing time:             Tue 11 Nov 2025 03:00:50 +0000
Manifest this update:     Tue 11 Nov 2025 03:00:50 +0000
Manifest next update:     Wed 12 Nov 2025 03:00:50 +0000
Files and hashes:         1: ONY8X84e8J5L8s_JS7JQn9X_UJw.crl (hash: gX989gZUXTBWCD/a5326NPfK8OIVKgfj4zqqB15Wyxs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 03:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:70:db:e5:0a:7c:fe:4d:37:49:fb:c8:15:c6:46:66:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38d63c5fce1ef09e4bf2cfc94bb2509fd5ff509c
        Validity
            Not Before: Nov 11 03:00:50 2025 GMT
            Not After : Nov 12 03:00:50 2025 GMT
        Subject: CN=6c4629b40494c18b22fbdbd335a65d2fe62be01a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5b:55:76:a9:25:2c:1d:13:ef:d7:88:bc:40:
                    29:75:33:93:e6:08:d5:32:7f:b6:aa:a6:e2:14:1e:
                    66:dd:87:31:2c:26:56:66:19:90:3d:b1:19:dc:80:
                    f4:70:82:08:6a:ac:2e:c0:3a:6c:03:83:35:17:3b:
                    41:52:b4:66:97:06:86:40:25:00:3e:47:0f:b6:0f:
                    d6:0c:b6:c1:60:3e:50:02:c0:66:c1:be:ea:89:bd:
                    c5:dc:a7:8c:39:e8:b3:bb:32:d9:70:88:71:53:3a:
                    6b:e3:9b:17:10:fc:e2:18:cb:e7:b2:7a:a3:58:00:
                    22:12:1a:2c:86:8c:d7:36:06:9f:9e:0b:e4:f2:5a:
                    83:29:8f:34:b0:3a:b9:6f:27:08:fc:e6:24:b3:bf:
                    03:a4:8c:1a:c6:c0:8d:4e:0b:d7:53:10:07:db:05:
                    52:fb:5d:82:16:87:88:cb:2d:e6:b0:24:8c:ef:f5:
                    66:88:f6:da:cd:ed:5c:30:2d:a9:69:8e:c6:64:da:
                    4f:53:d1:39:5b:6d:92:3e:ef:a5:ac:93:78:64:a8:
                    48:df:cc:a2:d7:39:1c:dd:4f:d5:db:9f:97:f7:71:
                    71:0c:9c:db:7b:94:3d:e7:1a:bd:4d:ac:bb:c7:80:
                    96:5a:cd:1f:d0:02:b0:6e:60:6a:52:fd:90:e6:75:
                    9f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:46:29:B4:04:94:C1:8B:22:FB:DB:D3:35:A6:5D:2F:E6:2B:E0:1A
            X509v3 Authority Key Identifier:
                keyid:38:D6:3C:5F:CE:1E:F0:9E:4B:F2:CF:C9:4B:B2:50:9F:D5:FF:50:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a0:03:de:ac:08:2b:09:74:26:37:94:1c:28:5b:32:1d:cc:0c:
         36:be:30:96:33:17:a0:1b:7c:b5:f4:3e:42:ed:92:40:c3:cc:
         d2:d4:a2:4a:75:8a:e8:cd:d5:30:19:57:98:cd:25:c6:10:be:
         60:d5:fb:b6:f0:2e:59:85:58:72:41:0a:0c:07:bd:8a:54:2b:
         e0:ad:0e:1a:4f:65:ac:56:85:af:77:7d:7e:d2:93:9d:32:97:
         b9:d4:be:52:88:a0:41:42:33:f7:17:b1:ca:be:7b:d4:a3:ae:
         e8:8a:17:04:bd:9c:7b:9a:c1:57:7d:26:ad:4a:1e:19:e9:35:
         aa:48:86:2e:b2:a1:a0:1c:5c:59:3f:4b:fa:1a:e2:1d:5d:90:
         19:05:cb:27:4b:41:c5:93:e3:be:75:a6:49:81:7a:42:9a:a6:
         18:17:0d:48:a7:01:23:fe:4c:2b:56:36:10:6e:0d:fe:06:07:
         ee:b7:f5:26:55:f8:60:ac:5d:43:26:cc:a7:f1:a4:44:b6:c0:
         31:b4:3c:89:90:ee:a7:02:0f:28:a2:6c:f3:a8:d3:5a:85:5b:
         28:7b:49:a5:0f:15:f6:d2:fc:03:87:89:4d:dc:dc:68:b7:a5:
         8e:73:52:ff:a8:46:4a:36:ec:61:9a:59:46:f3:2f:59:3c:9a:
         5b:fd:88:aa
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpw2+UKfP5NN0n7yBXGRmbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZDYzYzVmY2UxZWYwOWU0YmYyY2ZjOTRiYjI1MDlmZDVm
ZjUwOWMwHhcNMjUxMTExMDMwMDUwWhcNMjUxMTEyMDMwMDUwWjAzMTEwLwYDVQQD
Eyg2YzQ2MjliNDA0OTRjMThiMjJmYmRiZDMzNWE2NWQyZmU2MmJlMDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1tVdqklLB0T79eIvEApdTOT5gjV
Mn+2qqbiFB5m3YcxLCZWZhmQPbEZ3ID0cIIIaqwuwDpsA4M1FztBUrRmlwaGQCUA
PkcPtg/WDLbBYD5QAsBmwb7qib3F3KeMOeizuzLZcIhxUzpr45sXEPziGMvnsnqj
WAAiEhoshozXNgafngvk8lqDKY80sDq5bycI/OYks78DpIwaxsCNTgvXUxAH2wVS
+12CFoeIyy3msCSM7/VmiPbaze1cMC2paY7GZNpPU9E5W22SPu+lrJN4ZKhI38yi
1zkc3U/V25+X93FxDJzbe5Q95xq9Tay7x4CWWs0f0AKwbmBqUv2Q5nWf0QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGxGKbQElMGLIvvb0zWmXS/mK+AaMB8GA1UdIwQY
MBaAFDjWPF/OHvCeS/LPyUuyUJ/V/1CcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9lZTNkNzMtOTcyOS00ZGE0LThiYzct
NjdjNDQyZDZhODUwLzEvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9lZTNkNzMtOTcyOS00ZGE0LThiYzctNjdjNDQyZDZhODUw
LzEvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAoAPerAgr
CXQmN5QcKFsyHcwMNr4wljMXoBt8tfQ+Qu2SQMPM0tSiSnWK6M3VMBlXmM0lxhC+
YNX7tvAuWYVYckEKDAe9ilQr4K0OGk9lrFaFr3d9ftKTnTKXudS+UoigQUIz9xex
yr571KOu6IoXBL2ce5rBV30mrUoeGek1qkiGLrKhoBxcWT9L+hriHV2QGQXLJ0tB
xZPjvnWmSYF6QpqmGBcNSKcBI/5MK1Y2EG4N/gYH7rf1JlX4YKxdQybMp/GkRLbA
MbQ8iZDupwIPKKJs86jTWoVbKHtJpQ8V9tL8A4eJTdzcaLeljnNS/6hGSjbsYZpZ
RvMvWTyaW/2Iqg==
-----END CERTIFICATE-----