Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft
File:                     YNJSouMVOM2lhXutCYPIvfVYsXs.mft (raw, json)
Hash identifier:          a69X1fyPbl21y007/Fh8FF6yq5HHCzmOvBgqWoaeN3A=
Subject key identifier:   FE:DD:86:29:85:82:A9:70:3C:1C:9B:77:D1:FF:2F:15:42:A9:87:5F
Authority key identifier: 60:D2:52:A2:E3:15:38:CD:A5:85:7B:AD:09:83:C8:BD:F5:58:B1:7B
Certificate issuer:       /CN=60d252a2e31538cda5857bad0983c8bdf558b17b
Certificate serial:       019A71B81C877B8CAC44AA5584F1A254DA0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YNJSouMVOM2lhXutCYPIvfVYsXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft
Manifest number:          0A60
Signing time:             Tue 11 Nov 2025 07:01:22 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:22 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:22 +0000
Files and hashes:         1: YNJSouMVOM2lhXutCYPIvfVYsXs.crl (hash: MPBSxbALhp4Png7vONY3buv729f8otVsFNz8cXKd5xk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YNJSouMVOM2lhXutCYPIvfVYsXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:1c:87:7b:8c:ac:44:aa:55:84:f1:a2:54:da:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60d252a2e31538cda5857bad0983c8bdf558b17b
        Validity
            Not Before: Nov 11 07:01:22 2025 GMT
            Not After : Nov 12 07:01:22 2025 GMT
        Subject: CN=fedd86298582a9703c1c9b77d1ff2f1542a9875f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:df:4d:91:cf:f2:32:2f:8b:5d:58:c9:3f:cc:
                    37:9f:ce:9c:83:63:69:fb:52:50:10:18:28:7f:4e:
                    4c:5d:2c:8b:30:98:42:24:e6:61:f8:93:26:23:f5:
                    5e:07:59:e2:f0:95:43:8d:86:62:9f:3b:6d:f8:3b:
                    64:a3:44:7c:6a:24:b2:dc:5c:ce:fe:64:1b:e7:e9:
                    10:a4:c1:cd:e1:1f:f1:2b:05:b8:8a:38:3c:f2:44:
                    37:fb:a1:80:ec:2c:f7:d2:36:da:e5:4b:8d:f3:4b:
                    a9:40:d0:b4:aa:08:a0:d1:03:5f:ee:48:e5:d9:ad:
                    4a:1b:59:20:77:87:03:9c:10:56:de:c5:a0:31:d7:
                    54:da:f3:91:12:ae:fe:32:d9:e0:31:bc:04:e9:49:
                    af:f1:20:de:7c:65:f5:59:da:fc:d4:ce:5b:5e:d6:
                    0a:57:d1:61:0e:6f:da:5c:70:b3:29:e0:83:c6:44:
                    49:77:47:50:7a:32:6d:04:e9:5f:28:67:6c:46:fa:
                    26:35:8f:ad:00:a4:93:82:2e:dc:80:b3:d8:65:89:
                    63:89:43:bc:cb:24:40:d1:d9:d1:e9:16:97:a4:a8:
                    29:eb:93:2a:5f:07:07:93:e0:50:e0:00:6f:a1:e7:
                    ee:bc:0c:ef:bc:3e:95:4e:eb:99:5e:32:98:eb:59:
                    e6:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DD:86:29:85:82:A9:70:3C:1C:9B:77:D1:FF:2F:15:42:A9:87:5F
            X509v3 Authority Key Identifier:
                keyid:60:D2:52:A2:E3:15:38:CD:A5:85:7B:AD:09:83:C8:BD:F5:58:B1:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YNJSouMVOM2lhXutCYPIvfVYsXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/a17ddf-9ba6-4395-aae6-566f6cf431c0/1/YNJSouMVOM2lhXutCYPIvfVYsXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         55:35:dd:30:36:9d:a4:0b:15:41:7d:c2:13:d2:f1:20:8f:4d:
         6e:f7:20:c8:e7:51:d3:b0:3b:8c:f9:e6:8f:da:ab:d6:a9:db:
         52:e7:4b:ba:df:de:19:00:4c:55:e3:21:28:52:04:d0:0e:7b:
         29:9b:52:ee:f4:97:f6:ea:5d:0b:45:21:93:68:80:fd:b9:15:
         0a:94:05:74:14:f8:52:27:bd:c8:5c:9f:5d:a7:76:d7:f3:ba:
         e4:c3:91:33:32:cf:2d:ff:80:4d:77:19:27:92:fe:3f:b9:74:
         30:32:53:b4:5d:35:6b:47:0f:07:61:56:9e:58:71:34:49:3b:
         89:c7:4f:19:93:01:75:2f:03:9b:09:4f:ae:a0:bc:01:84:73:
         ae:52:fc:64:fe:4a:7e:56:4f:80:f4:d4:ca:c1:ac:8b:01:11:
         f2:41:c7:95:cc:77:10:f2:89:07:74:fd:bb:6a:43:1b:4b:35:
         2b:ae:e4:88:a4:c6:9e:c4:c3:26:86:3c:68:07:64:6d:2e:30:
         4e:2e:75:69:71:ee:c5:17:f8:9d:17:f5:1e:c2:98:38:04:66:
         d0:a5:dc:97:06:2e:21:b4:40:cf:69:6b:22:f6:cd:22:5c:8f:
         88:63:a9:61:2b:0c:80:bc:df:92:26:84:01:08:34:cb:f9:fa:
         41:eb:3e:ce
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuByHe4ysRKpVhPGiVNoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZDI1MmEyZTMxNTM4Y2RhNTg1N2JhZDA5ODNjOGJkZjU1
OGIxN2IwHhcNMjUxMTExMDcwMTIyWhcNMjUxMTEyMDcwMTIyWjAzMTEwLwYDVQQD
EyhmZWRkODYyOTg1ODJhOTcwM2MxYzliNzdkMWZmMmYxNTQyYTk4NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuN9Nkc/yMi+LXVjJP8w3n86cg2Np
+1JQEBgof05MXSyLMJhCJOZh+JMmI/VeB1ni8JVDjYZinztt+Dtko0R8aiSy3FzO
/mQb5+kQpMHN4R/xKwW4ijg88kQ3+6GA7Cz30jba5UuN80upQNC0qgig0QNf7kjl
2a1KG1kgd4cDnBBW3sWgMddU2vOREq7+MtngMbwE6Umv8SDefGX1Wdr81M5bXtYK
V9FhDm/aXHCzKeCDxkRJd0dQejJtBOlfKGdsRvomNY+tAKSTgi7cgLPYZYljiUO8
yyRA0dnR6RaXpKgp65MqXwcHk+BQ4ABvoefuvAzvvD6VTuuZXjKY61nmAwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFP7dhimFgqlwPBybd9H/LxVCqYdfMB8GA1UdIwQY
MBaAFGDSUqLjFTjNpYV7rQmDyL31WLF7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU5KU291TVZPTTJsaFh1dENZUEl2ZlZZc1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9hMTdkZGYtOWJhNi00Mzk1LWFhZTYt
NTY2ZjZjZjQzMWMwLzEvWU5KU291TVZPTTJsaFh1dENZUEl2ZlZZc1hzLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9hMTdkZGYtOWJhNi00Mzk1LWFhZTYtNTY2ZjZjZjQzMWMw
LzEvWU5KU291TVZPTTJsaFh1dENZUEl2ZlZZc1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAVTXdMDad
pAsVQX3CE9LxII9NbvcgyOdR07A7jPnmj9qr1qnbUudLut/eGQBMVeMhKFIE0A57
KZtS7vSX9updC0Uhk2iA/bkVCpQFdBT4Uie9yFyfXad21/O65MORMzLPLf+ATXcZ
J5L+P7l0MDJTtF01a0cPB2FWnlhxNEk7icdPGZMBdS8DmwlPrqC8AYRzrlL8ZP5K
flZPgPTUysGsiwER8kHHlcx3EPKJB3T9u2pDG0s1K67kiKTGnsTDJoY8aAdkbS4w
Ti51aXHuxRf4nRf1HsKYOARm0KXclwYuIbRAz2lrIvbNIlyPiGOpYSsMgLzfkiaE
AQg0y/n6Qes+zg==
-----END CERTIFICATE-----