Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.mft
File:                     ufHVsG9XAVVf9YiBVN0UG0iJYRc.mft (raw, json)
Hash identifier:          B1oowZbW5efhHaWUqAi+ziyLsifNUb0kpvcuJVYYNkg=
Subject key identifier:   42:DC:8A:C0:69:AF:E8:CF:8C:1E:E0:63:7E:89:7C:3B:FA:74:72:7B
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Certificate issuer:       /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial:       019921B176149912183EC814BC9FC7DFFFCD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.mft
Manifest number:          1688
Signing time:             Sun 07 Sep 2025 01:01:42 +0000
Manifest this update:     Sun 07 Sep 2025 01:01:42 +0000
Manifest next update:     Mon 08 Sep 2025 01:01:42 +0000
Files and hashes:         1: ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl (hash: ci8iXtbE+WUCs1x6NeGc3zMerE1rCepYAb1rhqQvIRo=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 01:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:21:b1:76:14:99:12:18:3e:c8:14:bc:9f:c7:df:ff:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
        Validity
            Not Before: Sep  7 01:01:42 2025 GMT
            Not After : Sep  8 01:01:42 2025 GMT
        Subject: CN=42dc8ac069afe8cf8c1ee0637e897c3bfa74727b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:85:c8:09:a1:38:bd:f6:77:45:ac:f5:9e:b4:
                    50:dd:35:fa:f2:17:83:e0:1f:97:37:1c:d1:09:7a:
                    2e:f1:b5:9e:ec:c4:a9:41:f5:0f:83:b2:fd:32:ae:
                    c9:8c:b8:6e:38:c4:2d:2c:71:64:1d:a1:cc:74:1d:
                    51:e2:6b:38:f3:57:da:da:e9:d9:1a:bb:9e:b7:3b:
                    6a:09:16:3e:de:4a:48:ae:83:fe:3c:94:d0:1c:ad:
                    7f:85:02:c5:5b:cf:bf:aa:32:77:2d:2e:e6:b9:0b:
                    a0:a3:c3:ea:ff:e3:a1:45:c9:e2:40:c7:fb:10:49:
                    f0:61:4d:6b:dd:dc:3e:69:2c:77:ac:ea:05:6e:c4:
                    26:88:91:fa:82:b3:19:da:19:79:36:43:1a:68:47:
                    c5:10:ca:8f:c0:59:7e:f7:3b:1d:01:95:83:9a:db:
                    cf:74:24:cd:09:0c:c3:67:e9:66:f3:75:1a:e4:a9:
                    3a:36:b4:b8:99:85:98:e3:a4:49:25:cb:8b:a9:fd:
                    ea:28:3a:ec:9c:70:79:86:93:da:7e:ed:5f:07:c6:
                    13:56:3b:84:89:1f:8b:da:ba:da:56:4e:28:15:5e:
                    96:6b:3b:58:7f:f7:10:06:fb:7b:f8:da:fd:4a:26:
                    23:b6:b8:eb:b9:76:f9:1e:ac:31:98:74:04:f3:53:
                    72:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:DC:8A:C0:69:AF:E8:CF:8C:1E:E0:63:7E:89:7C:3B:FA:74:72:7B
            X509v3 Authority Key Identifier:
                keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5a:4a:0e:79:2d:3d:52:54:0f:b3:c0:33:89:60:63:96:c3:45:
         5a:61:cb:4a:49:88:38:2d:1b:21:4d:d6:32:7b:e2:68:8c:2e:
         a1:0e:f6:f3:47:bb:4d:5a:56:ea:5f:fb:70:82:f1:6c:2c:fe:
         f2:4b:56:18:b2:5a:32:33:eb:93:56:59:17:91:08:5b:e8:82:
         ee:01:cb:86:9c:2f:af:0d:7f:c7:12:25:43:dc:5f:8d:0c:ba:
         3b:62:02:bb:d1:c6:1f:70:f4:55:6e:07:10:ed:3c:56:f0:94:
         4a:e3:51:73:b1:9b:3e:a4:2a:5e:2b:b3:71:e6:21:a0:56:63:
         b8:1e:ec:b3:f3:cd:1a:df:d4:9a:80:09:27:2f:6c:dd:d7:68:
         40:32:22:cb:8a:6c:30:d0:bf:03:af:f9:c1:a5:e6:43:28:c1:
         86:47:0a:ae:c9:72:d0:80:55:91:4a:be:21:27:c3:1c:96:01:
         d3:61:6a:ab:f1:58:3b:8f:50:4b:3b:53:89:49:e3:70:be:ce:
         95:44:cc:04:e1:8f:09:ca:93:92:ad:ae:f7:7c:9a:3f:5d:39:
         d6:99:ae:8c:ce:e5:e8:81:5c:29:80:8a:db:04:ef:29:2f:5e:
         cd:20:25:35:42:73:ad:cf:e9:a7:92:65:0a:a5:f0:f7:ec:9d:
         8a:96:0b:3c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZkhsXYUmRIYPsgUvJ/H3//NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjUwOTA3MDEwMTQyWhcNMjUwOTA4MDEwMTQyWjAzMTEwLwYDVQQD
Eyg0MmRjOGFjMDY5YWZlOGNmOGMxZWUwNjM3ZTg5N2MzYmZhNzQ3MjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YXICaE4vfZ3Raz1nrRQ3TX68heD
4B+XNxzRCXou8bWe7MSpQfUPg7L9Mq7JjLhuOMQtLHFkHaHMdB1R4ms481fa2unZ
GruetztqCRY+3kpIroP+PJTQHK1/hQLFW8+/qjJ3LS7muQugo8Pq/+OhRcniQMf7
EEnwYU1r3dw+aSx3rOoFbsQmiJH6grMZ2hl5NkMaaEfFEMqPwFl+9zsdAZWDmtvP
dCTNCQzDZ+lm83Ua5Kk6NrS4mYWY46RJJcuLqf3qKDrsnHB5hpPafu1fB8YTVjuE
iR+L2rraVk4oFV6WaztYf/cQBvt7+Nr9SiYjtrjruXb5HqwxmHQE81NydQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFELcisBpr+jPjB7gY36JfDv6dHJ7MB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAWkoOeS09
UlQPs8AziWBjlsNFWmHLSkmIOC0bIU3WMnviaIwuoQ7280e7TVpW6l/7cILxbCz+
8ktWGLJaMjPrk1ZZF5EIW+iC7gHLhpwvrw1/xxIlQ9xfjQy6O2ICu9HGH3D0VW4H
EO08VvCUSuNRc7GbPqQqXiuzceYhoFZjuB7ss/PNGt/UmoAJJy9s3ddoQDIiy4ps
MNC/A6/5waXmQyjBhkcKrsly0IBVkUq+ISfDHJYB02Fqq/FYO49QSztTiUnjcL7O
lUTMBOGPCcqTkq2u93yaP1051pmujM7l6IFcKYCK2wTvKS9ezSAlNUJzrc/pp5Jl
CqXw9+ydipYLPA==
-----END CERTIFICATE-----