Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/ba7a80-5d54-4e24-99f9-e2994534495a/1/MN-QKoFpKFoeCclwPGOg89St7kg.mft
File:                     MN-QKoFpKFoeCclwPGOg89St7kg.mft (raw, json)
Hash identifier:          q4ngsBLjpYbR3yC4O8RIebxng9xKcMDj8zJZ3D5oRWU=
Subject key identifier:   B8:1F:C9:F2:20:02:95:27:95:0B:16:37:BB:48:45:D3:E4:AB:67:F7
Authority key identifier: 30:DF:90:2A:81:69:28:5A:1E:09:C9:70:3C:63:A0:F3:D4:AD:EE:48
Certificate issuer:       /CN=30df902a8169285a1e09c9703c63a0f3d4adee48
Certificate serial:       019A7225A311385FEF766710EE215CFC8475
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MN-QKoFpKFoeCclwPGOg89St7kg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/ba7a80-5d54-4e24-99f9-e2994534495a/1/MN-QKoFpKFoeCclwPGOg89St7kg.mft
Manifest number:          076B
Signing time:             Tue 11 Nov 2025 09:01:00 +0000
Manifest this update:     Tue 11 Nov 2025 09:01:00 +0000
Manifest next update:     Wed 12 Nov 2025 09:01:00 +0000
Files and hashes:         1: MN-QKoFpKFoeCclwPGOg89St7kg.crl (hash: ZNKcJOCH5XaRAOilpfsRSfVtgybnMboU/II6exWycy4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/ba7a80-5d54-4e24-99f9-e2994534495a/1/MN-QKoFpKFoeCclwPGOg89St7kg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/ba7a80-5d54-4e24-99f9-e2994534495a/1/MN-QKoFpKFoeCclwPGOg89St7kg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MN-QKoFpKFoeCclwPGOg89St7kg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:25:a3:11:38:5f:ef:76:67:10:ee:21:5c:fc:84:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30df902a8169285a1e09c9703c63a0f3d4adee48
        Validity
            Not Before: Nov 11 09:01:00 2025 GMT
            Not After : Nov 12 09:01:00 2025 GMT
        Subject: CN=b81fc9f220029527950b1637bb4845d3e4ab67f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:90:74:95:1e:39:18:88:cd:98:4e:fd:93:a1:
                    44:9c:52:aa:ca:de:98:27:29:0b:19:f8:e5:92:72:
                    c4:47:63:64:7b:e1:ea:0e:03:14:da:b4:8e:b4:0b:
                    61:bc:5b:ca:b2:1f:20:a7:82:4d:d1:80:1a:7f:12:
                    6c:57:6f:ba:4b:db:4b:42:ce:f1:26:3c:0a:59:cd:
                    38:51:ae:ea:d4:3b:29:9c:4f:7c:fa:61:57:8e:59:
                    e1:20:fc:35:3a:68:c8:fe:38:f9:9c:69:83:08:85:
                    0d:40:a5:fc:bb:0d:99:4c:7f:da:66:d8:84:ad:b3:
                    89:58:be:21:d1:1e:6c:4a:6d:63:67:f1:39:fb:d4:
                    e4:27:59:8c:63:33:40:f2:c1:ed:73:02:2f:02:74:
                    d5:37:7c:2d:01:46:d9:76:88:f5:96:b3:bc:d0:06:
                    0c:70:bc:8a:af:61:e4:67:59:1f:f3:1b:43:ed:ca:
                    7b:af:6a:78:fe:d9:e8:7c:c9:4d:40:84:68:1c:9d:
                    c5:92:93:df:3c:e2:3a:ca:e6:d3:d9:a2:af:4b:3b:
                    f8:b1:99:d8:7e:96:36:46:02:99:92:ed:23:be:ca:
                    ff:3a:26:93:87:0d:e2:b3:e5:96:ec:79:5c:6d:b7:
                    e6:2a:73:db:46:34:d0:49:84:07:a2:b2:b1:9f:3d:
                    a1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:1F:C9:F2:20:02:95:27:95:0B:16:37:BB:48:45:D3:E4:AB:67:F7
            X509v3 Authority Key Identifier:
                keyid:30:DF:90:2A:81:69:28:5A:1E:09:C9:70:3C:63:A0:F3:D4:AD:EE:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MN-QKoFpKFoeCclwPGOg89St7kg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ba7a80-5d54-4e24-99f9-e2994534495a/1/MN-QKoFpKFoeCclwPGOg89St7kg.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/ba7a80-5d54-4e24-99f9-e2994534495a/1/MN-QKoFpKFoeCclwPGOg89St7kg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         14:de:60:a4:53:22:b4:56:b5:0b:93:6a:42:ff:51:e9:78:a6:
         5b:6d:de:1a:76:69:3f:ac:f4:d4:96:59:7f:5c:4e:ca:0d:58:
         25:00:15:7f:12:48:7b:70:a2:09:45:df:d3:55:6b:3a:54:25:
         4f:72:68:ae:70:ef:27:b5:22:dd:2a:e6:bf:d4:a0:77:9c:89:
         fa:04:a3:2e:30:07:66:7b:9b:ef:e6:a2:07:43:81:ea:7a:8b:
         04:9d:36:6a:07:f1:86:71:f2:2a:91:6a:88:19:aa:d3:7d:96:
         9d:ca:89:30:fe:ae:7e:18:b0:36:6e:a3:06:d6:ec:1e:5c:8a:
         ed:f3:b1:cd:b2:cf:fc:f4:ae:c0:eb:a8:ed:4f:11:73:db:fc:
         1f:a9:2f:2c:a2:b9:07:df:1a:7c:74:5a:12:6f:49:df:9c:06:
         df:89:59:14:a2:74:ca:d2:ea:3f:5b:fb:9e:f5:e9:bb:4b:5f:
         fc:b7:b8:6d:7e:26:6e:4d:4c:a5:22:12:9b:c8:aa:c4:11:89:
         84:7b:42:16:36:04:4a:74:37:43:5e:d0:ef:c4:fb:63:82:22:
         ad:68:c0:39:79:13:d1:8f:9c:f6:41:cf:3c:86:72:83:79:3e:
         8b:d2:87:f2:b2:c7:c7:d4:40:3c:0f:eb:8b:fd:32:80:3f:1e:
         17:3c:4b:17
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyJaMROF/vdmcQ7iFc/IR1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZGY5MDJhODE2OTI4NWExZTA5Yzk3MDNjNjNhMGYzZDRh
ZGVlNDgwHhcNMjUxMTExMDkwMTAwWhcNMjUxMTEyMDkwMTAwWjAzMTEwLwYDVQQD
EyhiODFmYzlmMjIwMDI5NTI3OTUwYjE2MzdiYjQ4NDVkM2U0YWI2N2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZB0lR45GIjNmE79k6FEnFKqyt6Y
JykLGfjlknLER2Nke+HqDgMU2rSOtAthvFvKsh8gp4JN0YAafxJsV2+6S9tLQs7x
JjwKWc04Ua7q1DspnE98+mFXjlnhIPw1OmjI/jj5nGmDCIUNQKX8uw2ZTH/aZtiE
rbOJWL4h0R5sSm1jZ/E5+9TkJ1mMYzNA8sHtcwIvAnTVN3wtAUbZdoj1lrO80AYM
cLyKr2HkZ1kf8xtD7cp7r2p4/tnofMlNQIRoHJ3FkpPfPOI6yubT2aKvSzv4sZnY
fpY2RgKZku0jvsr/OiaThw3is+WW7HlcbbfmKnPbRjTQSYQHorKxnz2hpQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFLgfyfIgApUnlQsWN7tIRdPkq2f3MB8GA1UdIwQY
MBaAFDDfkCqBaShaHgnJcDxjoPPUre5IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU4tUUtvRnBLRm9lQ2Nsd1BHT2c4OVN0N2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9iYTdhODAtNWQ1NC00ZTI0LTk5Zjkt
ZTI5OTQ1MzQ0OTVhLzEvTU4tUUtvRnBLRm9lQ2Nsd1BHT2c4OVN0N2tnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9iYTdhODAtNWQ1NC00ZTI0LTk5ZjktZTI5OTQ1MzQ0OTVh
LzEvTU4tUUtvRnBLRm9lQ2Nsd1BHT2c4OVN0N2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFN5gpFMi
tFa1C5NqQv9R6XimW23eGnZpP6z01JZZf1xOyg1YJQAVfxJIe3CiCUXf01VrOlQl
T3JornDvJ7Ui3Srmv9Sgd5yJ+gSjLjAHZnub7+aiB0OB6nqLBJ02agfxhnHyKpFq
iBmq032WncqJMP6ufhiwNm6jBtbsHlyK7fOxzbLP/PSuwOuo7U8Rc9v8H6kvLKK5
B98afHRaEm9J35wG34lZFKJ0ytLqP1v7nvXpu0tf/Le4bX4mbk1MpSISm8iqxBGJ
hHtCFjYESnQ3Q17Q78T7Y4IirWjAOXkT0Y+c9kHPPIZyg3k+i9KH8rLHx9RAPA/r
i/0ygD8eFzxLFw==
-----END CERTIFICATE-----