Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft
File:                     OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft (raw, json)
Hash identifier:          3U5bu6KntQ+OJ3gcqqwI+ByMLLrx0vXlnAVTBMVzQo0=
Subject key identifier:   33:DC:F7:B4:A4:D5:7A:08:A5:32:E0:49:40:95:CD:29:BC:CA:3D:2B
Authority key identifier: 3A:74:E0:7C:2D:EF:CA:14:BF:2D:6C:7A:15:D5:A9:33:0D:09:37:48
Certificate issuer:       /CN=3a74e07c2defca14bf2d6c7a15d5a9330d093748
Certificate serial:       019A72939E2B733FBAF37D05851A12BBDA0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OnTgfC3vyhS_LWx6FdWpMw0JN0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft
Manifest number:          069B
Signing time:             Tue 11 Nov 2025 11:01:08 +0000
Manifest this update:     Tue 11 Nov 2025 11:01:08 +0000
Manifest next update:     Wed 12 Nov 2025 11:01:08 +0000
Files and hashes:         1: OnTgfC3vyhS_LWx6FdWpMw0JN0g.crl (hash: DpJX2/Jjfo5w1QcmZkM0ImWcxtF8piLmNq9RxFOSKTQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OnTgfC3vyhS_LWx6FdWpMw0JN0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:93:9e:2b:73:3f:ba:f3:7d:05:85:1a:12:bb:da:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a74e07c2defca14bf2d6c7a15d5a9330d093748
        Validity
            Not Before: Nov 11 11:01:08 2025 GMT
            Not After : Nov 12 11:01:08 2025 GMT
        Subject: CN=33dcf7b4a4d57a08a532e0494095cd29bcca3d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:40:cc:b7:bd:d9:66:c3:e1:16:1e:79:38:ce:
                    67:f3:08:95:fd:64:f5:1c:1c:45:20:cf:ff:f7:b4:
                    2a:13:cd:f1:c4:9d:0b:06:7f:87:f9:c5:cf:ec:26:
                    b6:6b:b3:80:7c:72:df:e5:cf:91:4e:53:e5:ba:ae:
                    04:80:ed:17:cd:d6:94:53:48:3f:95:dc:f5:da:bb:
                    c7:a2:a3:2f:ee:ba:99:67:4d:fd:f1:dc:e9:77:98:
                    4a:f6:98:9e:8c:40:66:d5:45:ac:c3:c5:92:15:79:
                    7f:ea:49:d5:b8:e5:18:5f:64:00:5a:15:fd:ed:45:
                    86:cd:18:d5:06:db:64:be:ad:b7:a3:89:52:4a:89:
                    5f:d6:87:f9:72:a8:ab:68:8c:09:0d:4a:5f:bb:ca:
                    8c:ed:ea:34:1e:ed:51:cc:fa:e8:3b:6e:1e:1a:db:
                    90:74:9f:54:8b:95:cf:68:86:fe:8f:ab:d5:2d:2c:
                    a8:5a:71:93:29:7b:5b:63:8b:18:5a:e6:cc:57:30:
                    69:82:4f:85:30:fd:9c:a8:79:f5:2c:45:9c:fa:64:
                    93:d5:1a:5f:30:29:c0:bd:44:38:b0:26:ed:ab:ea:
                    1c:be:ba:30:5b:3a:ed:05:a1:cf:4a:3d:3d:d4:cf:
                    99:76:3b:97:75:15:f2:e1:51:ba:ad:2f:c3:90:11:
                    0a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DC:F7:B4:A4:D5:7A:08:A5:32:E0:49:40:95:CD:29:BC:CA:3D:2B
            X509v3 Authority Key Identifier:
                keyid:3A:74:E0:7C:2D:EF:CA:14:BF:2D:6C:7A:15:D5:A9:33:0D:09:37:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OnTgfC3vyhS_LWx6FdWpMw0JN0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/6587d8-5898-45a4-a5e3-d642e4b081bd/1/OnTgfC3vyhS_LWx6FdWpMw0JN0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a2:6e:45:3d:b8:df:74:9b:63:24:f2:69:86:af:1c:74:c2:b3:
         c5:da:0d:db:d1:83:5a:e8:b2:34:e9:6b:c7:72:34:3f:8d:af:
         ee:c1:a2:40:ba:4f:89:60:68:db:81:16:91:4c:ab:82:71:06:
         11:9e:a5:f4:7c:3e:92:46:4b:2b:8a:e5:db:68:d6:7f:32:a1:
         1c:be:e9:9b:fe:7e:21:61:9d:2d:e0:fb:ef:3c:c3:d6:b5:f6:
         62:e0:47:ac:cb:db:a0:0c:07:af:de:a9:78:99:35:59:71:6b:
         a3:56:a8:55:be:fc:53:23:4d:ae:06:bb:7f:04:6c:dd:3d:9a:
         25:13:a8:92:a4:fb:db:d5:98:2c:f6:6f:df:76:ef:13:4c:03:
         70:16:06:6e:c4:96:bc:85:ea:73:6a:df:bd:26:bf:de:92:64:
         9e:da:da:c9:13:87:c0:f3:52:88:76:3c:6e:82:8b:8c:f6:4a:
         78:c2:cf:33:4b:d8:30:c8:f4:2c:ed:57:19:4d:31:43:ce:b0:
         5e:c4:4c:07:dc:4d:77:39:2d:dc:c8:dc:4f:8b:4c:7f:fc:b5:
         d6:c2:d8:c8:03:e5:10:4e:60:e0:cd:6b:74:0c:31:2a:f7:fd:
         66:a3:e0:1c:85:6c:7a:ae:d4:ea:86:f0:a2:70:72:25:fe:94:
         53:8c:4e:03
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyk54rcz+6830FhRoSu9oKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNzRlMDdjMmRlZmNhMTRiZjJkNmM3YTE1ZDVhOTMzMGQw
OTM3NDgwHhcNMjUxMTExMTEwMTA4WhcNMjUxMTEyMTEwMTA4WjAzMTEwLwYDVQQD
EygzM2RjZjdiNGE0ZDU3YTA4YTUzMmUwNDk0MDk1Y2QyOWJjY2EzZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0DMt73ZZsPhFh55OM5n8wiV/WT1
HBxFIM//97QqE83xxJ0LBn+H+cXP7Ca2a7OAfHLf5c+RTlPluq4EgO0XzdaUU0g/
ldz12rvHoqMv7rqZZ0398dzpd5hK9piejEBm1UWsw8WSFXl/6knVuOUYX2QAWhX9
7UWGzRjVBttkvq23o4lSSolf1of5cqiraIwJDUpfu8qM7eo0Hu1RzProO24eGtuQ
dJ9Ui5XPaIb+j6vVLSyoWnGTKXtbY4sYWubMVzBpgk+FMP2cqHn1LEWc+mST1Rpf
MCnAvUQ4sCbtq+ocvrowWzrtBaHPSj091M+ZdjuXdRXy4VG6rS/DkBEKtQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDPc97Sk1XoIpTLgSUCVzSm8yj0rMB8GA1UdIwQY
MBaAFDp04Hwt78oUvy1sehXVqTMNCTdIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT25UZ2ZDM3Z5aFNfTFd4NkZkV3BNdzBKTjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi82NTg3ZDgtNTg5OC00NWE0LWE1ZTMt
ZDY0MmU0YjA4MWJkLzEvT25UZ2ZDM3Z5aFNfTFd4NkZkV3BNdzBKTjBnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi82NTg3ZDgtNTg5OC00NWE0LWE1ZTMtZDY0MmU0YjA4MWJk
LzEvT25UZ2ZDM3Z5aFNfTFd4NkZkV3BNdzBKTjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAom5FPbjf
dJtjJPJphq8cdMKzxdoN29GDWuiyNOlrx3I0P42v7sGiQLpPiWBo24EWkUyrgnEG
EZ6l9Hw+kkZLK4rl22jWfzKhHL7pm/5+IWGdLeD77zzD1rX2YuBHrMvboAwHr96p
eJk1WXFro1aoVb78UyNNrga7fwRs3T2aJROokqT729WYLPZv33bvE0wDcBYGbsSW
vIXqc2rfvSa/3pJkntrayROHwPNSiHY8boKLjPZKeMLPM0vYMMj0LO1XGU0xQ86w
XsRMB9xNdzkt3MjcT4tMf/y11sLYyAPlEE5g4M1rdAwxKvf9ZqPgHIVseq7U6obw
onByJf6UU4xOAw==
-----END CERTIFICATE-----