Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
File:                     hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft (raw, json)
Hash identifier:          K+K8W7SU7bNo4IwSOec9FxyTYGhKZTStljPvfws5B5k=
Subject key identifier:   23:A5:4B:C4:D2:94:10:C8:56:11:CA:25:9F:DC:D6:01:D5:8F:26:9A
Authority key identifier: 85:FB:BE:85:49:4A:0A:F0:CC:1E:82:12:FB:84:10:E4:F6:70:B2:66
Certificate issuer:       /CN=85fbbe85494a0af0cc1e8212fb8410e4f670b266
Certificate serial:       01991809EE3D6A002C844FC095D1FF7FB02A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
Manifest number:          1066
Signing time:             Fri 05 Sep 2025 04:02:07 +0000
Manifest this update:     Fri 05 Sep 2025 04:02:07 +0000
Manifest next update:     Sat 06 Sep 2025 04:02:07 +0000
Files and hashes:         1: hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl (hash: q+QGh05v455bZVXZJxaPLNeAHLCML4hxHznKEPTXK70=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:18:09:ee:3d:6a:00:2c:84:4f:c0:95:d1:ff:7f:b0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85fbbe85494a0af0cc1e8212fb8410e4f670b266
        Validity
            Not Before: Sep  5 04:02:07 2025 GMT
            Not After : Sep  6 04:02:07 2025 GMT
        Subject: CN=23a54bc4d29410c85611ca259fdcd601d58f269a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:27:28:29:3b:aa:3c:0c:34:e1:a3:f6:f8:26:
                    1c:c9:31:81:21:70:f2:30:4c:8f:df:f5:9d:d4:05:
                    3c:ba:04:c7:d3:ad:71:2a:44:9f:00:69:58:6c:e7:
                    aa:0f:e9:be:28:32:d5:af:4e:ec:a7:ba:95:53:9e:
                    37:1a:27:d1:12:eb:ac:f6:ff:65:41:ff:72:15:57:
                    6c:ed:60:d5:8c:2a:ff:a0:34:f2:59:a0:40:e5:7b:
                    3a:97:2c:c1:c4:a0:be:2f:cc:64:4b:c4:8b:14:a1:
                    10:8b:e4:58:9f:60:43:32:c5:59:3e:75:3d:4a:1b:
                    9d:3a:46:c3:1b:13:b1:99:83:4c:76:77:41:20:b1:
                    e1:f7:78:4b:86:19:1b:b5:f1:ac:25:12:94:90:92:
                    ff:b3:e7:d1:4e:1d:7e:69:12:c6:d9:37:bc:f9:ce:
                    a2:c5:51:44:bd:e5:09:87:ad:c2:69:fc:46:40:07:
                    e2:16:4b:75:fd:e4:dc:74:5d:de:cb:f4:aa:6d:1b:
                    d5:bd:ab:76:ca:96:65:4d:4c:02:f5:aa:6e:b7:a5:
                    19:34:ea:a8:6d:89:c7:d1:af:47:97:2a:52:38:b2:
                    5d:55:10:8d:6b:e0:2f:81:0d:30:86:c4:5d:fb:c0:
                    6b:e8:a8:d8:61:96:d8:a3:7b:3a:02:65:ef:7c:58:
                    64:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A5:4B:C4:D2:94:10:C8:56:11:CA:25:9F:DC:D6:01:D5:8F:26:9A
            X509v3 Authority Key Identifier:
                keyid:85:FB:BE:85:49:4A:0A:F0:CC:1E:82:12:FB:84:10:E4:F6:70:B2:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         3b:f6:d9:45:26:42:aa:51:f2:1e:18:b6:79:ee:1e:28:d0:cb:
         87:32:1f:7a:44:7c:0b:ee:29:65:9f:a0:d5:23:b5:0a:ff:0f:
         40:94:2e:40:97:d1:c1:99:bb:91:59:6b:95:9e:9e:7a:d5:e1:
         a5:46:25:fa:a2:98:3c:11:84:a7:25:17:72:5d:1d:8c:7e:2a:
         89:39:fd:31:fb:fc:c1:8c:77:19:30:b8:46:42:78:e6:4d:22:
         2a:5a:bb:64:00:80:7f:20:12:7a:05:26:25:3c:5c:18:fe:92:
         e7:25:25:80:89:10:b2:6d:1f:dc:94:28:4d:67:66:98:07:92:
         74:0a:72:45:a9:6a:52:62:72:6c:df:a9:70:90:b4:9d:32:4c:
         b3:d4:52:c7:05:35:d7:47:dd:d2:c3:20:19:97:cc:80:94:48:
         f3:bf:da:b1:a9:c2:d0:a5:5f:47:55:d5:2d:ef:28:37:18:b9:
         98:b9:09:99:5a:c0:31:04:e1:03:56:81:c6:1e:6e:5a:dc:85:
         30:47:38:1e:e8:64:8a:0f:36:4b:a7:f0:69:d2:ef:6c:a2:49:
         9f:56:61:ba:c0:3a:76:eb:2a:00:d0:d0:8e:25:56:7d:4c:46:
         ab:57:d2:e6:88:c6:ab:40:f1:17:51:60:7f:42:27:6d:1c:3b:
         ee:98:9b:72
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZkYCe49agAshE/AldH/f7AqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZmJiZTg1NDk0YTBhZjBjYzFlODIxMmZiODQxMGU0ZjY3
MGIyNjYwHhcNMjUwOTA1MDQwMjA3WhcNMjUwOTA2MDQwMjA3WjAzMTEwLwYDVQQD
EygyM2E1NGJjNGQyOTQxMGM4NTYxMWNhMjU5ZmRjZDYwMWQ1OGYyNjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCcoKTuqPAw04aP2+CYcyTGBIXDy
MEyP3/Wd1AU8ugTH061xKkSfAGlYbOeqD+m+KDLVr07sp7qVU543GifREuus9v9l
Qf9yFVds7WDVjCr/oDTyWaBA5Xs6lyzBxKC+L8xkS8SLFKEQi+RYn2BDMsVZPnU9
ShudOkbDGxOxmYNMdndBILHh93hLhhkbtfGsJRKUkJL/s+fRTh1+aRLG2Te8+c6i
xVFEveUJh63CafxGQAfiFkt1/eTcdF3ey/SqbRvVvat2ypZlTUwC9aput6UZNOqo
bYnH0a9HlypSOLJdVRCNa+AvgQ0whsRd+8Br6KjYYZbYo3s6AmXvfFhkXQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCOlS8TSlBDIVhHKJZ/c1gHVjyaaMB8GA1UdIwQY
MBaAFIX7voVJSgrwzB6CEvuEEOT2cLJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iMTJhMzUtMDVjMS00MGI5LWI2NTEt
MjM2ODgzYjJjZjk3LzEvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iMTJhMzUtMDVjMS00MGI5LWI2NTEtMjM2ODgzYjJjZjk3
LzEvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAO/bZRSZC
qlHyHhi2ee4eKNDLhzIfekR8C+4pZZ+g1SO1Cv8PQJQuQJfRwZm7kVlrlZ6eetXh
pUYl+qKYPBGEpyUXcl0djH4qiTn9Mfv8wYx3GTC4RkJ45k0iKlq7ZACAfyASegUm
JTxcGP6S5yUlgIkQsm0f3JQoTWdmmAeSdApyRalqUmJybN+pcJC0nTJMs9RSxwU1
10fd0sMgGZfMgJRI87/asanC0KVfR1XVLe8oNxi5mLkJmVrAMQThA1aBxh5uWtyF
MEc4Huhkig82S6fwadLvbKJJn1ZhusA6dusqANDQjiVWfUxGq1fS5ojGq0DxF1Fg
f0InbRw77pibcg==
-----END CERTIFICATE-----