Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/e84060-a2d4-48a3-a096-a0b6ad671ee3/1/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.mft
File:                     oTV6fQ8DLpzdSgMdUtO0BHwDlBo.mft (raw, json)
Hash identifier:          wsNs3moXAkhVgYCYMd8HNvH4m/B20jLnyXPL9/lZLzc=
Subject key identifier:   8B:DE:32:F5:72:C3:A8:80:3C:D4:4D:E8:9D:AC:0B:6C:62:B0:4F:A9
Authority key identifier: A1:35:7A:7D:0F:03:2E:9C:DD:4A:03:1D:52:D3:B4:04:7C:03:94:1A
Certificate issuer:       /CN=a1357a7d0f032e9cdd4a031d52d3b4047c03941a
Certificate serial:       019A73014C157BC09054E5952E90E5D05AA2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/e84060-a2d4-48a3-a096-a0b6ad671ee3/1/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.mft
Manifest number:          171D
Signing time:             Tue 11 Nov 2025 13:00:56 +0000
Manifest this update:     Tue 11 Nov 2025 13:00:56 +0000
Manifest next update:     Wed 12 Nov 2025 13:00:56 +0000
Files and hashes:         1: oTV6fQ8DLpzdSgMdUtO0BHwDlBo.crl (hash: 3Ysiua6fi+uf6vN+RNPlZoEh8wL7Ece7rIw1Kk8Xi3A=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/e84060-a2d4-48a3-a096-a0b6ad671ee3/1/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/e84060-a2d4-48a3-a096-a0b6ad671ee3/1/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:73:01:4c:15:7b:c0:90:54:e5:95:2e:90:e5:d0:5a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1357a7d0f032e9cdd4a031d52d3b4047c03941a
        Validity
            Not Before: Nov 11 13:00:56 2025 GMT
            Not After : Nov 12 13:00:56 2025 GMT
        Subject: CN=8bde32f572c3a8803cd44de89dac0b6c62b04fa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a2:a9:0b:20:22:8c:de:d6:47:4d:d9:45:f8:
                    6e:ab:d1:38:c8:fd:d5:30:4f:83:8e:66:9b:5d:78:
                    c7:0e:d7:f0:a1:13:0e:31:fa:f5:20:ed:61:f6:1b:
                    76:f9:21:c5:65:58:89:ef:7b:67:93:cc:cb:9c:d6:
                    65:86:dd:f9:9c:5f:c2:97:ad:bf:4a:78:44:58:d3:
                    70:4b:c3:1d:a3:ab:80:9f:d8:2b:52:97:61:c2:2c:
                    ea:c7:10:9a:55:0c:fb:40:5a:52:88:c3:04:41:94:
                    2e:b1:31:87:5a:f8:ca:63:f1:5d:13:08:c2:d0:eb:
                    8f:c7:aa:97:61:56:0c:71:52:38:23:59:1f:62:43:
                    ac:40:28:f2:57:6f:78:71:15:10:ac:7e:25:93:a1:
                    e9:52:60:d1:d8:2b:ab:76:a8:59:ec:89:18:e2:fb:
                    44:89:e5:c2:d5:d3:2a:01:a3:bc:f3:1f:58:ad:db:
                    e5:b6:2d:f3:8f:8f:ee:af:85:00:e3:56:19:81:32:
                    46:5b:65:ac:61:17:f5:2b:0d:9e:a9:3b:2b:f1:ca:
                    e4:90:a8:16:29:9e:35:ad:49:18:b9:a7:04:49:7f:
                    ac:eb:15:b8:9c:b3:34:75:6e:d4:f7:07:e8:84:63:
                    e8:9f:55:1e:ba:55:70:d9:09:ab:2b:3c:f8:e4:55:
                    f1:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:DE:32:F5:72:C3:A8:80:3C:D4:4D:E8:9D:AC:0B:6C:62:B0:4F:A9
            X509v3 Authority Key Identifier:
                keyid:A1:35:7A:7D:0F:03:2E:9C:DD:4A:03:1D:52:D3:B4:04:7C:03:94:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/e84060-a2d4-48a3-a096-a0b6ad671ee3/1/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/e84060-a2d4-48a3-a096-a0b6ad671ee3/1/oTV6fQ8DLpzdSgMdUtO0BHwDlBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         78:34:aa:4f:2b:15:b0:cc:6b:fa:bd:da:6a:63:39:da:a1:f1:
         08:40:ce:96:df:6b:cb:12:6e:99:8b:97:d6:33:38:3e:c7:6d:
         5f:83:68:62:2d:b2:22:f1:ed:bf:62:2e:3c:d2:d9:de:93:63:
         b3:92:3c:e8:36:c2:08:61:6f:53:11:5a:64:08:9c:fd:b9:1c:
         c1:b3:93:ff:30:00:b7:31:5f:b7:03:b0:45:cf:32:98:59:5c:
         c3:d8:e6:f2:75:e4:35:e0:4d:17:8b:4f:28:78:1c:f5:6b:78:
         c1:ad:74:a8:fd:4a:46:78:12:59:f5:44:7f:41:30:73:e0:15:
         98:a5:56:d8:06:73:25:60:cc:59:59:90:ba:60:42:f4:bb:ee:
         77:6a:b6:8c:bc:53:14:d7:13:00:fa:e0:38:be:ee:26:0c:95:
         a2:c6:93:ce:54:bc:1b:7a:8c:23:c4:89:0d:ef:da:53:a1:51:
         42:8d:42:e5:ec:6e:c2:df:3f:60:cb:cc:12:fc:cc:c1:d4:7a:
         83:21:95:10:cf:b2:19:07:59:ad:23:4f:30:04:b0:65:60:00:
         40:db:77:51:32:dc:86:c9:88:f1:5a:46:c2:08:dc:42:ab:bd:
         f2:3d:86:61:9b:a5:f6:32:94:2c:ab:0f:62:c0:9b:2e:92:59:
         87:f2:52:8c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpzAUwVe8CQVOWVLpDl0FqiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMzU3YTdkMGYwMzJlOWNkZDRhMDMxZDUyZDNiNDA0N2Mw
Mzk0MWEwHhcNMjUxMTExMTMwMDU2WhcNMjUxMTEyMTMwMDU2WjAzMTEwLwYDVQQD
Eyg4YmRlMzJmNTcyYzNhODgwM2NkNDRkZTg5ZGFjMGI2YzYyYjA0ZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqKpCyAijN7WR03ZRfhuq9E4yP3V
ME+DjmabXXjHDtfwoRMOMfr1IO1h9ht2+SHFZViJ73tnk8zLnNZlht35nF/Cl62/
SnhEWNNwS8Mdo6uAn9grUpdhwizqxxCaVQz7QFpSiMMEQZQusTGHWvjKY/FdEwjC
0OuPx6qXYVYMcVI4I1kfYkOsQCjyV294cRUQrH4lk6HpUmDR2CurdqhZ7IkY4vtE
ieXC1dMqAaO88x9Yrdvlti3zj4/ur4UA41YZgTJGW2WsYRf1Kw2eqTsr8crkkKgW
KZ41rUkYuacESX+s6xW4nLM0dW7U9wfohGPon1UeulVw2QmrKzz45FXxQQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIveMvVyw6iAPNRN6J2sC2xisE+pMB8GA1UdIwQY
MBaAFKE1en0PAy6c3UoDHVLTtAR8A5QaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1RWNmZROERMcHpkU2dNZFV0TzBCSHdEbEJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9lODQwNjAtYTJkNC00OGEzLWEwOTYt
YTBiNmFkNjcxZWUzLzEvb1RWNmZROERMcHpkU2dNZFV0TzBCSHdEbEJvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9lODQwNjAtYTJkNC00OGEzLWEwOTYtYTBiNmFkNjcxZWUz
LzEvb1RWNmZROERMcHpkU2dNZFV0TzBCSHdEbEJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAeDSqTysV
sMxr+r3aamM52qHxCEDOlt9ryxJumYuX1jM4PsdtX4NoYi2yIvHtv2IuPNLZ3pNj
s5I86DbCCGFvUxFaZAic/bkcwbOT/zAAtzFftwOwRc8ymFlcw9jm8nXkNeBNF4tP
KHgc9Wt4wa10qP1KRngSWfVEf0Ewc+AVmKVW2AZzJWDMWVmQumBC9Lvud2q2jLxT
FNcTAPrgOL7uJgyVosaTzlS8G3qMI8SJDe/aU6FRQo1C5exuwt8/YMvMEvzMwdR6
gyGVEM+yGQdZrSNPMASwZWAAQNt3UTLchsmI8VpGwgjcQqu98j2GYZul9jKULKsP
YsCbLpJZh/JSjA==
-----END CERTIFICATE-----