Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft
File:                     AFA0jPYGQvVOyQck3niqoD3NOOE.mft (raw, json)
Hash identifier:          W40PnQKrEeLnXNalY8UPNaG/8eLDdTHZNPFJ3x2TfOw=
Subject key identifier:   F5:11:9B:25:34:4B:5A:F2:BB:6F:90:F3:E4:5A:7F:E0:51:F1:1B:2B
Authority key identifier: 00:50:34:8C:F6:06:42:F5:4E:C9:07:24:DE:78:AA:A0:3D:CD:38:E1
Certificate issuer:       /CN=0050348cf60642f54ec90724de78aaa03dcd38e1
Certificate serial:       019655381E482B701C5B4D21E6B8405E590B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AFA0jPYGQvVOyQck3niqoD3NOOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft
Manifest number:          0CA9
Signing time:             Sun 20 Apr 2025 22:01:03 +0000
Manifest this update:     Sun 20 Apr 2025 22:01:03 +0000
Manifest next update:     Mon 21 Apr 2025 22:01:03 +0000
Files and hashes:         1: AFA0jPYGQvVOyQck3niqoD3NOOE.crl (hash: zYhW7ZmAzMefppJ6hc3SIHGHqgkV0qAiCKEId1+F04Q=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AFA0jPYGQvVOyQck3niqoD3NOOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:55:38:1e:48:2b:70:1c:5b:4d:21:e6:b8:40:5e:59:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0050348cf60642f54ec90724de78aaa03dcd38e1
        Validity
            Not Before: Apr 20 22:01:03 2025 GMT
            Not After : Apr 21 22:01:03 2025 GMT
        Subject: CN=f5119b25344b5af2bb6f90f3e45a7fe051f11b2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:27:9c:87:de:65:e4:09:4b:7e:44:61:46:0e:
                    1d:22:d8:e1:81:15:45:33:ed:a3:85:fb:de:73:1b:
                    b5:2e:95:f6:d1:af:05:1a:e5:c2:06:7f:0b:7e:37:
                    c5:01:5d:46:32:65:a9:9d:14:0b:c8:6d:b6:f2:ea:
                    72:9b:38:1a:18:62:dd:e1:e3:a6:7f:2c:0a:29:a4:
                    ed:54:5e:8c:bf:1c:dd:73:5e:f4:89:ac:1e:68:a5:
                    92:d5:06:0e:21:51:38:64:ab:ca:25:1a:8b:f1:de:
                    94:3c:22:77:ff:20:c3:cd:c0:89:b1:b4:fc:67:73:
                    68:a8:94:0e:40:ae:fa:33:12:f1:0d:05:c5:fe:2d:
                    f4:11:88:21:8e:c8:e8:ee:5b:6e:7a:d0:98:1e:51:
                    d3:04:1b:8c:89:b3:88:48:10:fa:58:bf:07:40:d5:
                    93:88:f6:ab:b0:65:35:2b:27:36:4b:e5:d2:8d:61:
                    b3:b8:ef:31:01:cb:0c:53:98:b8:fb:4a:fd:27:69:
                    ca:2a:25:81:4b:8f:bb:f7:42:38:8b:e8:28:77:65:
                    ed:db:3e:3d:76:7a:64:c2:1d:96:db:d5:d0:ba:a2:
                    81:22:ae:8f:05:f6:66:10:74:5e:47:5d:28:29:33:
                    ff:09:79:3e:cb:eb:4f:6e:45:f7:35:2b:db:06:f4:
                    74:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:11:9B:25:34:4B:5A:F2:BB:6F:90:F3:E4:5A:7F:E0:51:F1:1B:2B
            X509v3 Authority Key Identifier:
                keyid:00:50:34:8C:F6:06:42:F5:4E:C9:07:24:DE:78:AA:A0:3D:CD:38:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AFA0jPYGQvVOyQck3niqoD3NOOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/f124b2-474e-45a0-b73a-e54b06a93526/1/AFA0jPYGQvVOyQck3niqoD3NOOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a3:ac:62:bd:a6:80:89:ae:d6:fd:d2:81:7b:da:ee:76:83:59:
         e0:65:d9:ee:20:ca:9b:fe:39:39:99:aa:96:54:0e:a1:63:67:
         aa:22:84:76:83:11:87:94:68:50:6e:99:7b:0d:7f:50:89:46:
         08:ab:b0:e0:03:8a:c8:f6:d2:e2:d2:c7:7b:11:a1:82:6b:97:
         e4:53:16:a7:66:e2:3e:ac:05:b8:e0:80:2a:35:61:12:d3:b7:
         5e:23:f0:1e:58:6f:2a:88:01:f0:4c:86:4b:3f:d4:cc:03:f8:
         a6:0c:be:38:37:87:82:e7:0a:3b:63:cf:de:74:4f:8f:13:a1:
         14:e9:e2:86:e0:4f:44:b0:8a:71:90:cd:94:bc:20:31:b0:a8:
         06:29:6f:84:ba:39:01:dc:f9:60:f4:92:e4:95:43:99:79:96:
         8f:97:f8:9d:1c:4b:d1:57:0f:2e:2e:e0:be:05:1b:94:f2:0b:
         66:f0:66:35:df:93:da:33:bb:f8:ad:fd:26:07:9d:ca:e7:7a:
         53:b2:6f:04:f5:1b:b0:2b:94:53:ae:bb:00:2c:07:56:f5:b7:
         1e:38:4d:75:32:66:66:0d:18:48:7f:b2:4a:31:c5:d1:b3:d8:
         97:5d:bc:81:a4:b2:f2:b0:29:fa:f0:bc:ea:83:17:76:88:9d:
         2d:c5:64:e4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZVOB5IK3AcW00h5rhAXlkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNTAzNDhjZjYwNjQyZjU0ZWM5MDcyNGRlNzhhYWEwM2Rj
ZDM4ZTEwHhcNMjUwNDIwMjIwMTAzWhcNMjUwNDIxMjIwMTAzWjAzMTEwLwYDVQQD
EyhmNTExOWIyNTM0NGI1YWYyYmI2ZjkwZjNlNDVhN2ZlMDUxZjExYjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCech95l5AlLfkRhRg4dItjhgRVF
M+2jhfvecxu1LpX20a8FGuXCBn8LfjfFAV1GMmWpnRQLyG228upymzgaGGLd4eOm
fywKKaTtVF6Mvxzdc170iaweaKWS1QYOIVE4ZKvKJRqL8d6UPCJ3/yDDzcCJsbT8
Z3NoqJQOQK76MxLxDQXF/i30EYghjsjo7ltuetCYHlHTBBuMibOISBD6WL8HQNWT
iParsGU1Kyc2S+XSjWGzuO8xAcsMU5i4+0r9J2nKKiWBS4+790I4i+god2Xt2z49
dnpkwh2W29XQuqKBIq6PBfZmEHReR10oKTP/CXk+y+tPbkX3NSvbBvR0dQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPURmyU0S1ryu2+Q8+Raf+BR8RsrMB8GA1UdIwQY
MBaAFABQNIz2BkL1TskHJN54qqA9zTjhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZBMGpQWUdRdlZPeVFjazNuaXFvRDNOT09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9mMTI0YjItNDc0ZS00NWEwLWI3M2Et
ZTU0YjA2YTkzNTI2LzEvQUZBMGpQWUdRdlZPeVFjazNuaXFvRDNOT09FLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9mMTI0YjItNDc0ZS00NWEwLWI3M2EtZTU0YjA2YTkzNTI2
LzEvQUZBMGpQWUdRdlZPeVFjazNuaXFvRDNOT09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAo6xivaaA
ia7W/dKBe9rudoNZ4GXZ7iDKm/45OZmqllQOoWNnqiKEdoMRh5RoUG6Zew1/UIlG
CKuw4AOKyPbS4tLHexGhgmuX5FMWp2biPqwFuOCAKjVhEtO3XiPwHlhvKogB8EyG
Sz/UzAP4pgy+ODeHgucKO2PP3nRPjxOhFOnihuBPRLCKcZDNlLwgMbCoBilvhLo5
Adz5YPSS5JVDmXmWj5f4nRxL0VcPLi7gvgUblPILZvBmNd+T2jO7+K39Jgedyud6
U7JvBPUbsCuUU667ACwHVvW3HjhNdTJmZg0YSH+ySjHF0bPYl128gaSy8rAp+vC8
6oMXdoidLcVk5A==
-----END CERTIFICATE-----