Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/b1a34f-93a3-41b0-b096-1977ac24d211/1/3DU3KrVODfO_UU1fCMpS5De9kaQ.mft
File:                     3DU3KrVODfO_UU1fCMpS5De9kaQ.mft (raw, json)
Hash identifier:          TQHOA8W4gawxms6ui+90UL0mgTwXCEif+32AEKlGKUc=
Subject key identifier:   BB:20:CA:5F:CF:63:B5:27:38:98:9A:6F:C7:B5:B4:15:2E:F7:F3:FC
Authority key identifier: DC:35:37:2A:B5:4E:0D:F3:BF:51:4D:5F:08:CA:52:E4:37:BD:91:A4
Certificate issuer:       /CN=dc35372ab54e0df3bf514d5f08ca52e437bd91a4
Certificate serial:       018F88C8D0A3B08DEF221CAC739C503FD9EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DU3KrVODfO_UU1fCMpS5De9kaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/b1a34f-93a3-41b0-b096-1977ac24d211/1/3DU3KrVODfO_UU1fCMpS5De9kaQ.mft
Manifest number:          CA
Signing time:             Fri 17 May 2024 23:00:12 +0000
Manifest this update:     Fri 17 May 2024 23:00:12 +0000
Manifest next update:     Sat 18 May 2024 23:00:12 +0000
Files and hashes:         1: 3DU3KrVODfO_UU1fCMpS5De9kaQ.crl (hash: H/jbP0dLv8vEK3+BGCggWC8R18Kenik+mPCiSybqD8w=)

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/b1a34f-93a3-41b0-b096-1977ac24d211/1/3DU3KrVODfO_UU1fCMpS5De9kaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/b1a34f-93a3-41b0-b096-1977ac24d211/1/3DU3KrVODfO_UU1fCMpS5De9kaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DU3KrVODfO_UU1fCMpS5De9kaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:88:c8:d0:a3:b0:8d:ef:22:1c:ac:73:9c:50:3f:d9:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc35372ab54e0df3bf514d5f08ca52e437bd91a4
        Validity
            Not Before: May 17 23:00:12 2024 GMT
            Not After : May 18 23:00:12 2024 GMT
        Subject: CN=bb20ca5fcf63b52738989a6fc7b5b4152ef7f3fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ab:10:8c:b3:68:0f:1d:06:92:1b:da:22:6c:
                    0b:b4:14:80:95:9b:52:8c:7b:5a:e8:15:58:2c:a2:
                    ec:aa:37:24:59:86:77:2c:80:2f:35:6a:8d:09:c8:
                    fc:4e:38:9a:00:a8:05:22:ad:3b:fa:c4:23:a5:bb:
                    03:91:17:59:d7:f9:ff:9c:9e:8c:61:a9:48:44:f3:
                    1a:b3:96:be:c3:86:2a:3b:7b:be:26:a1:37:a4:91:
                    41:37:3c:2c:a8:79:04:8b:40:80:bc:1d:cd:fc:b9:
                    ee:79:b9:46:dd:50:d5:b6:08:29:ab:df:40:38:19:
                    33:07:c9:2a:68:cd:18:89:cb:f9:fe:2d:7e:f1:88:
                    c3:43:32:07:a4:ab:fe:2b:3b:5a:13:c1:91:98:d3:
                    d7:5b:2c:bd:45:90:0a:66:66:46:91:9c:86:5c:98:
                    d0:e8:a6:d5:70:4f:e9:15:64:7b:5d:71:76:f1:b6:
                    65:cc:a5:29:41:52:bc:05:83:d7:ee:35:d8:ec:b8:
                    e3:cc:2a:56:1e:0e:65:c1:e3:aa:c3:b2:8e:be:2a:
                    42:26:ca:6e:2d:68:fe:fb:42:94:bc:b2:90:2e:76:
                    7e:40:00:9b:7e:d7:86:b6:ee:58:3f:d2:1b:4c:71:
                    93:e9:2c:98:c9:84:40:cd:9f:01:51:e9:b8:35:96:
                    24:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:20:CA:5F:CF:63:B5:27:38:98:9A:6F:C7:B5:B4:15:2E:F7:F3:FC
            X509v3 Authority Key Identifier:
                keyid:DC:35:37:2A:B5:4E:0D:F3:BF:51:4D:5F:08:CA:52:E4:37:BD:91:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DU3KrVODfO_UU1fCMpS5De9kaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b1a34f-93a3-41b0-b096-1977ac24d211/1/3DU3KrVODfO_UU1fCMpS5De9kaQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/b1a34f-93a3-41b0-b096-1977ac24d211/1/3DU3KrVODfO_UU1fCMpS5De9kaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6c:ed:5f:75:bf:19:6a:cd:75:49:74:14:26:75:78:bd:d1:e5:
         39:d6:67:92:22:60:35:ce:a5:43:27:e1:20:ca:c2:c3:0c:1f:
         b1:44:14:44:c5:e0:3b:38:dc:0c:38:20:3f:f1:d9:88:c8:cd:
         38:94:72:0d:77:7f:0c:cf:ee:c9:e9:44:03:9b:bf:5d:9d:fa:
         6a:6b:63:df:ff:b1:1d:73:bb:db:0e:20:48:5d:7a:90:65:bf:
         7b:21:fb:cf:fb:2c:70:f1:6f:ec:d1:f2:f2:39:34:a2:ff:f7:
         09:71:56:d4:51:20:4a:36:29:90:3f:3f:df:79:a5:c2:00:cc:
         98:b7:ed:e7:40:99:53:73:3e:c6:01:fe:6b:4b:c1:99:86:52:
         96:89:e0:b3:2d:92:0f:81:9d:31:69:5b:d8:e7:08:1b:11:3e:
         aa:40:41:81:43:14:3d:f3:1c:3c:4b:a6:50:ef:88:48:de:85:
         39:6a:00:74:fc:c7:c9:4d:a7:3a:d6:03:99:50:7c:98:9c:2e:
         db:96:cc:99:3f:56:3c:21:27:ee:cb:51:90:65:fb:df:06:22:
         33:3d:15:69:4b:de:7b:99:e9:4f:51:1b:9a:1c:e6:9e:71:9a:
         13:c8:0e:f8:ce:d0:ef:cb:2a:17:b2:ea:75:b1:b0:a7:12:df:
         1c:69:0b:53
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAY+IyNCjsI3vIhysc5xQP9nrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzUzNzJhYjU0ZTBkZjNiZjUxNGQ1ZjA4Y2E1MmU0Mzdi
ZDkxYTQwHhcNMjQwNTE3MjMwMDEyWhcNMjQwNTE4MjMwMDEyWjAzMTEwLwYDVQQD
EyhiYjIwY2E1ZmNmNjNiNTI3Mzg5ODlhNmZjN2I1YjQxNTJlZjdmM2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6sQjLNoDx0GkhvaImwLtBSAlZtS
jHta6BVYLKLsqjckWYZ3LIAvNWqNCcj8TjiaAKgFIq07+sQjpbsDkRdZ1/n/nJ6M
YalIRPMas5a+w4YqO3u+JqE3pJFBNzwsqHkEi0CAvB3N/LnueblG3VDVtggpq99A
OBkzB8kqaM0Yicv5/i1+8YjDQzIHpKv+KztaE8GRmNPXWyy9RZAKZmZGkZyGXJjQ
6KbVcE/pFWR7XXF28bZlzKUpQVK8BYPX7jXY7LjjzCpWHg5lweOqw7KOvipCJspu
LWj++0KUvLKQLnZ+QACbfteGtu5YP9IbTHGT6SyYyYRAzZ8BUem4NZYk0QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFLsgyl/PY7UnOJiab8e1tBUu9/P8MB8GA1UdIwQY
MBaAFNw1Nyq1Tg3zv1FNXwjKUuQ3vZGkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RVM0tyVk9EZk9fVVUxZkNNcFM1RGU5a2FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9iMWEzNGYtOTNhMy00MWIwLWIwOTYt
MTk3N2FjMjRkMjExLzEvM0RVM0tyVk9EZk9fVVUxZkNNcFM1RGU5a2FRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9iMWEzNGYtOTNhMy00MWIwLWIwOTYtMTk3N2FjMjRkMjEx
LzEvM0RVM0tyVk9EZk9fVVUxZkNNcFM1RGU5a2FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAbO1fdb8Z
as11SXQUJnV4vdHlOdZnkiJgNc6lQyfhIMrCwwwfsUQURMXgOzjcDDggP/HZiMjN
OJRyDXd/DM/uyelEA5u/XZ36amtj3/+xHXO72w4gSF16kGW/eyH7z/sscPFv7NHy
8jk0ov/3CXFW1FEgSjYpkD8/33mlwgDMmLft50CZU3M+xgH+a0vBmYZSlongsy2S
D4GdMWlb2OcIGxE+qkBBgUMUPfMcPEumUO+ISN6FOWoAdPzHyU2nOtYDmVB8mJwu
25bMmT9WPCEn7stRkGX73wYiMz0VaUvee5npT1EbmhzmnnGaE8gO+M7Q78sqF7Lq
dbGwpxLfHGkLUw==
-----END CERTIFICATE-----