Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/5fd023-92ea-4a63-b7d0-e5cba2137308/1/o6jK9iF86xDdjBRvlrnXc-3YiGQ.mft
File:                     o6jK9iF86xDdjBRvlrnXc-3YiGQ.mft (raw, json)
Hash identifier:          914qkjucZqQrhM31AXHJU7V6AeJfAVcykqvBrsFjoNE=
Subject key identifier:   2A:95:17:48:CC:D4:A7:FE:6F:AF:0A:71:E9:E7:AA:5C:16:E9:46:CF
Authority key identifier: A3:A8:CA:F6:21:7C:EB:10:DD:8C:14:6F:96:B9:D7:73:ED:D8:88:64
Certificate issuer:       /CN=a3a8caf6217ceb10dd8c146f96b9d773edd88864
Certificate serial:       019A71B899E8D41FADAB57B6B2B82B4215DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6jK9iF86xDdjBRvlrnXc-3YiGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/5fd023-92ea-4a63-b7d0-e5cba2137308/1/o6jK9iF86xDdjBRvlrnXc-3YiGQ.mft
Manifest number:          171C
Signing time:             Tue 11 Nov 2025 07:01:54 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:54 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:54 +0000
Files and hashes:         1: o6jK9iF86xDdjBRvlrnXc-3YiGQ.crl (hash: 0bMC3PHB5u0FKhAD0f/hjl+s5EDeW1aK0VYK6KRaz5E=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/5fd023-92ea-4a63-b7d0-e5cba2137308/1/o6jK9iF86xDdjBRvlrnXc-3YiGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/5fd023-92ea-4a63-b7d0-e5cba2137308/1/o6jK9iF86xDdjBRvlrnXc-3YiGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6jK9iF86xDdjBRvlrnXc-3YiGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:99:e8:d4:1f:ad:ab:57:b6:b2:b8:2b:42:15:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3a8caf6217ceb10dd8c146f96b9d773edd88864
        Validity
            Not Before: Nov 11 07:01:54 2025 GMT
            Not After : Nov 12 07:01:54 2025 GMT
        Subject: CN=2a951748ccd4a7fe6faf0a71e9e7aa5c16e946cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:fa:f5:07:4c:4b:21:24:f1:9a:f1:e8:48:f8:
                    0c:2b:55:a0:be:58:68:5c:88:49:9e:b2:7b:fc:b3:
                    63:cb:6f:ad:bd:d8:9b:5d:42:96:d0:90:da:e4:53:
                    9d:cd:50:48:c9:07:37:ca:79:81:3e:02:77:79:e1:
                    8b:f2:a3:21:18:0e:a2:6d:53:b4:c3:b2:72:03:5e:
                    63:16:e0:f2:c4:62:a6:15:6b:5c:64:9c:6a:71:4d:
                    de:07:f2:8a:ef:27:70:d3:03:e2:44:e7:5a:94:30:
                    cd:57:40:2f:ac:38:7d:dd:f1:38:3e:ad:58:b4:ec:
                    1d:97:e6:4f:ff:a3:0d:10:5a:a6:77:70:4f:91:03:
                    4d:39:da:5a:11:a7:09:d3:a5:fe:87:a7:30:bd:52:
                    83:57:3f:93:90:6b:7d:a3:96:16:2f:0d:76:43:c5:
                    f5:24:3f:9b:fd:e4:65:2e:87:4e:15:bf:51:34:75:
                    0b:b3:ad:f8:ea:b9:72:2c:4c:f6:ca:23:a2:c7:49:
                    6c:f4:37:86:a2:80:63:6c:3c:68:67:6a:9a:e7:5c:
                    ef:ee:2b:02:4e:b7:3b:23:a6:f4:8c:16:2c:66:a8:
                    31:4d:c7:3b:2c:81:3c:ee:d5:a3:24:7f:87:b9:c9:
                    ee:af:ae:86:22:f2:0b:cc:f4:64:e5:a3:81:0f:a8:
                    6b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:95:17:48:CC:D4:A7:FE:6F:AF:0A:71:E9:E7:AA:5C:16:E9:46:CF
            X509v3 Authority Key Identifier:
                keyid:A3:A8:CA:F6:21:7C:EB:10:DD:8C:14:6F:96:B9:D7:73:ED:D8:88:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6jK9iF86xDdjBRvlrnXc-3YiGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5fd023-92ea-4a63-b7d0-e5cba2137308/1/o6jK9iF86xDdjBRvlrnXc-3YiGQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5fd023-92ea-4a63-b7d0-e5cba2137308/1/o6jK9iF86xDdjBRvlrnXc-3YiGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         78:d0:00:96:e6:b3:05:24:8b:5b:6d:02:de:c5:2f:63:a0:a4:
         ef:fb:02:09:ca:f6:f9:b9:0f:05:ef:9e:85:5a:95:a3:70:e3:
         ca:78:89:19:f2:f2:e3:0c:5f:1d:9f:94:65:3d:80:95:ee:2b:
         0f:87:63:6b:71:e3:53:07:f8:ff:e8:b8:6a:12:9a:eb:e9:fe:
         d8:1f:d0:57:2e:49:c9:d6:0b:69:16:5a:35:28:c8:ff:62:12:
         20:06:e3:35:67:a3:1b:34:09:47:3e:d6:e0:8e:86:ec:34:4b:
         4e:e6:37:7f:b5:b5:3d:7f:f4:30:f2:54:35:4d:9a:a0:ca:f0:
         2b:ea:3d:46:b6:c0:a0:8b:77:ab:58:a3:8e:22:b1:f5:7b:f4:
         67:c0:69:61:b3:43:97:e1:0e:ed:5d:84:4f:71:27:82:01:ee:
         70:f1:01:00:97:62:57:1d:96:7c:65:56:3d:ef:0a:16:93:e5:
         f5:1b:0e:2e:3b:33:4d:20:ef:ab:72:a2:fd:96:5f:88:3b:ee:
         13:1f:04:16:a8:b5:97:5d:0a:bd:67:a8:fb:36:5f:5c:b1:b8:
         d3:c5:5e:af:0f:de:bc:d9:4f:af:e2:9a:44:85:47:45:7f:fe:
         1a:ca:2f:14:7b:0f:a5:e9:77:49:b0:3f:d3:92:f4:26:2f:28:
         04:7e:7a:54
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuJno1B+tq1e2srgrQhXdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYThjYWY2MjE3Y2ViMTBkZDhjMTQ2Zjk2YjlkNzczZWRk
ODg4NjQwHhcNMjUxMTExMDcwMTU0WhcNMjUxMTEyMDcwMTU0WjAzMTEwLwYDVQQD
EygyYTk1MTc0OGNjZDRhN2ZlNmZhZjBhNzFlOWU3YWE1YzE2ZTk0NmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vr1B0xLISTxmvHoSPgMK1Wgvlho
XIhJnrJ7/LNjy2+tvdibXUKW0JDa5FOdzVBIyQc3ynmBPgJ3eeGL8qMhGA6ibVO0
w7JyA15jFuDyxGKmFWtcZJxqcU3eB/KK7ydw0wPiROdalDDNV0AvrDh93fE4Pq1Y
tOwdl+ZP/6MNEFqmd3BPkQNNOdpaEacJ06X+h6cwvVKDVz+TkGt9o5YWLw12Q8X1
JD+b/eRlLodOFb9RNHULs6346rlyLEz2yiOix0ls9DeGooBjbDxoZ2qa51zv7isC
Trc7I6b0jBYsZqgxTcc7LIE87tWjJH+Hucnur66GIvILzPRk5aOBD6hrBQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCqVF0jM1Kf+b68KcennqlwW6UbPMB8GA1UdIwQY
MBaAFKOoyvYhfOsQ3YwUb5a513Pt2IhkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZqSzlpRjg2eERkakJSdmxyblhjLTNZaUdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi81ZmQwMjMtOTJlYS00YTYzLWI3ZDAt
ZTVjYmEyMTM3MzA4LzEvbzZqSzlpRjg2eERkakJSdmxyblhjLTNZaUdRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi81ZmQwMjMtOTJlYS00YTYzLWI3ZDAtZTVjYmEyMTM3MzA4
LzEvbzZqSzlpRjg2eERkakJSdmxyblhjLTNZaUdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAeNAAluaz
BSSLW20C3sUvY6Ck7/sCCcr2+bkPBe+ehVqVo3DjyniJGfLy4wxfHZ+UZT2Ale4r
D4dja3HjUwf4/+i4ahKa6+n+2B/QVy5JydYLaRZaNSjI/2ISIAbjNWejGzQJRz7W
4I6G7DRLTuY3f7W1PX/0MPJUNU2aoMrwK+o9RrbAoIt3q1ijjiKx9Xv0Z8BpYbND
l+EO7V2ET3EnggHucPEBAJdiVx2WfGVWPe8KFpPl9RsOLjszTSDvq3Ki/ZZfiDvu
Ex8EFqi1l10KvWeo+zZfXLG408Verw/evNlPr+KaRIVHRX/+GsovFHsPpel3SbA/
05L0Ji8oBH56VA==
-----END CERTIFICATE-----