Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/05e1ac-e703-4f57-a91a-b0feb4f9319a/1/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.mft
File:                     oKZ-BrWQRjXrTRyRw0Eon1mv6qc.mft (raw, json)
Hash identifier:          GkduOCGj8PBVWCCRK+Pw8kVF4KPe5jTD4fbtdryY/Lg=
Subject key identifier:   72:E1:54:FE:5B:46:7E:DA:85:4F:E6:32:BC:E4:52:10:66:F1:B6:98
Authority key identifier: A0:A6:7E:06:B5:90:46:35:EB:4D:1C:91:C3:41:28:9F:59:AF:EA:A7
Certificate issuer:       /CN=a0a67e06b5904635eb4d1c91c341289f59afeaa7
Certificate serial:       019A71B81D88D8C90951A457C0B7F7FA53E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/05e1ac-e703-4f57-a91a-b0feb4f9319a/1/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.mft
Manifest number:          171C
Signing time:             Tue 11 Nov 2025 07:01:22 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:22 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:22 +0000
Files and hashes:         1: oKZ-BrWQRjXrTRyRw0Eon1mv6qc.crl (hash: NEg9I8avxJVOly2h8SVqYNbeZxWfJtvW0giFHgRnhVA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/05e1ac-e703-4f57-a91a-b0feb4f9319a/1/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/05e1ac-e703-4f57-a91a-b0feb4f9319a/1/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:1d:88:d8:c9:09:51:a4:57:c0:b7:f7:fa:53:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0a67e06b5904635eb4d1c91c341289f59afeaa7
        Validity
            Not Before: Nov 11 07:01:22 2025 GMT
            Not After : Nov 12 07:01:22 2025 GMT
        Subject: CN=72e154fe5b467eda854fe632bce4521066f1b698
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:af:0a:d5:46:73:08:c3:c5:c2:c6:c0:7b:fc:
                    7b:53:a7:c2:28:94:07:39:ec:e3:fa:e2:04:02:71:
                    dd:b3:a2:fb:5a:41:5d:4f:ad:2b:92:d4:d1:55:ab:
                    96:a3:ea:99:c8:86:6d:4c:b1:b2:f2:8d:e2:1c:78:
                    79:00:06:8e:82:91:30:ec:e9:f8:84:7a:c1:d3:28:
                    eb:db:79:a7:34:3a:2c:c6:71:28:34:68:2b:4d:e5:
                    be:84:c0:5c:9e:f2:6c:a0:1f:22:81:f4:76:44:bc:
                    2c:5b:b2:8b:6b:4e:84:0f:38:8d:f0:10:8e:7d:ef:
                    e6:c8:e8:db:c0:64:d9:e6:35:4b:60:b1:22:08:85:
                    66:b9:7c:3f:e6:a8:c2:5d:c3:a2:22:df:94:68:a2:
                    c1:d1:27:7f:ee:b3:47:34:6d:df:02:8a:91:7d:99:
                    46:f8:31:b4:10:54:e4:f3:33:cb:0c:24:74:e2:de:
                    aa:66:ab:0d:af:49:88:b0:e9:d6:c8:15:24:ae:bf:
                    84:23:d9:ef:69:d4:08:8d:cd:14:0a:33:3c:ed:05:
                    6d:dc:a1:38:9d:70:a2:22:07:4e:fb:ca:99:c1:62:
                    60:65:54:fc:3f:59:65:29:6a:ee:6e:3f:67:e2:dd:
                    39:24:bc:b6:d3:d8:f2:c1:ad:81:37:d0:bd:84:46:
                    28:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E1:54:FE:5B:46:7E:DA:85:4F:E6:32:BC:E4:52:10:66:F1:B6:98
            X509v3 Authority Key Identifier:
                keyid:A0:A6:7E:06:B5:90:46:35:EB:4D:1C:91:C3:41:28:9F:59:AF:EA:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/05e1ac-e703-4f57-a91a-b0feb4f9319a/1/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/05e1ac-e703-4f57-a91a-b0feb4f9319a/1/oKZ-BrWQRjXrTRyRw0Eon1mv6qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         38:d9:cd:05:30:bd:17:ea:9c:05:1e:5c:76:4d:88:f0:72:3e:
         00:b2:2c:33:d2:e0:a6:8f:58:99:fe:3c:ed:aa:92:79:0e:18:
         ca:1a:5e:8f:07:5e:e0:00:ed:ea:ec:10:72:a0:48:ec:2c:19:
         97:44:d3:17:c2:e2:cf:95:d4:c4:d7:7c:b3:b8:c5:1e:86:12:
         c4:3b:2a:70:0c:0e:c0:c7:da:17:46:59:70:b9:4b:b7:20:b8:
         18:4b:6f:70:f7:34:cb:cd:34:99:9f:c1:d3:f6:94:08:e3:4b:
         a2:fd:cb:39:98:b0:b3:01:d3:14:b5:8b:61:6c:77:0c:30:f5:
         32:dd:0c:da:a1:ee:88:18:e9:2f:83:cc:03:94:b3:d7:44:61:
         b2:7e:0b:e2:ab:b0:f5:58:ea:d1:2c:bc:83:33:9d:44:d3:cf:
         4f:39:fc:61:e7:eb:53:64:31:3a:17:ee:1a:90:ac:64:7b:43:
         8e:3b:48:57:92:67:d9:72:d0:fe:e1:a1:65:d1:11:51:a0:50:
         2a:46:b4:9d:97:c7:04:a4:85:e7:78:49:4a:a7:d4:86:92:e6:
         40:c1:c0:e3:8b:cb:47:78:45:65:1a:17:f6:80:40:ab:d3:94:
         98:9d:04:44:a6:3a:fb:94:42:d9:7f:d3:fd:01:b9:4e:5a:d9:
         44:1b:43:34
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuB2I2MkJUaRXwLf3+lPhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYTY3ZTA2YjU5MDQ2MzVlYjRkMWM5MWMzNDEyODlmNTlh
ZmVhYTcwHhcNMjUxMTExMDcwMTIyWhcNMjUxMTEyMDcwMTIyWjAzMTEwLwYDVQQD
Eyg3MmUxNTRmZTViNDY3ZWRhODU0ZmU2MzJiY2U0NTIxMDY2ZjFiNjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua8K1UZzCMPFwsbAe/x7U6fCKJQH
Oezj+uIEAnHds6L7WkFdT60rktTRVauWo+qZyIZtTLGy8o3iHHh5AAaOgpEw7On4
hHrB0yjr23mnNDosxnEoNGgrTeW+hMBcnvJsoB8igfR2RLwsW7KLa06EDziN8BCO
fe/myOjbwGTZ5jVLYLEiCIVmuXw/5qjCXcOiIt+UaKLB0Sd/7rNHNG3fAoqRfZlG
+DG0EFTk8zPLDCR04t6qZqsNr0mIsOnWyBUkrr+EI9nvadQIjc0UCjM87QVt3KE4
nXCiIgdO+8qZwWJgZVT8P1llKWrubj9n4t05JLy209jywa2BN9C9hEYo7QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFHLhVP5bRn7ahU/mMrzkUhBm8baYMB8GA1UdIwQY
MBaAFKCmfga1kEY1600ckcNBKJ9Zr+qnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0taLUJyV1FSalhyVFJ5UncwRW9uMW12NnFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8wNWUxYWMtZTcwMy00ZjU3LWE5MWEt
YjBmZWI0ZjkzMTlhLzEvb0taLUJyV1FSalhyVFJ5UncwRW9uMW12NnFjLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8wNWUxYWMtZTcwMy00ZjU3LWE5MWEtYjBmZWI0ZjkzMTlh
LzEvb0taLUJyV1FSalhyVFJ5UncwRW9uMW12NnFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAONnNBTC9
F+qcBR5cdk2I8HI+ALIsM9Lgpo9Ymf487aqSeQ4Yyhpejwde4ADt6uwQcqBI7CwZ
l0TTF8Liz5XUxNd8s7jFHoYSxDsqcAwOwMfaF0ZZcLlLtyC4GEtvcPc0y800mZ/B
0/aUCONLov3LOZiwswHTFLWLYWx3DDD1Mt0M2qHuiBjpL4PMA5Sz10Rhsn4L4quw
9Vjq0Sy8gzOdRNPPTzn8YefrU2QxOhfuGpCsZHtDjjtIV5Jn2XLQ/uGhZdERUaBQ
Kka0nZfHBKSF53hJSqfUhpLmQMHA44vLR3hFZRoX9oBAq9OUmJ0ERKY6+5RC2X/T
/QG5TlrZRBtDNA==
-----END CERTIFICATE-----