Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft
File:                     XtGkql_QUBs-ptafQzwvFkIRYIk.mft (raw, json)
Hash identifier:          KmCj8yHSVO6jqkyn/34ZMAaHLw4Mf0sqtduLZeC+NpY=
Subject key identifier:   FA:DC:00:59:7E:DD:08:4C:A2:A9:64:5D:9A:A2:F8:F6:E2:0E:D4:7B
Authority key identifier: 5E:D1:A4:AA:5F:D0:50:1B:3E:A6:D6:9F:43:3C:2F:16:42:11:60:89
Certificate issuer:       /CN=5ed1a4aa5fd0501b3ea6d69f433c2f1642116089
Certificate serial:       019A72262702C0C0C15531B71292F80C3CEA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XtGkql_QUBs-ptafQzwvFkIRYIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft
Manifest number:          171A
Signing time:             Tue 11 Nov 2025 09:01:34 +0000
Manifest this update:     Tue 11 Nov 2025 09:01:34 +0000
Manifest next update:     Wed 12 Nov 2025 09:01:34 +0000
Files and hashes:         1: XtGkql_QUBs-ptafQzwvFkIRYIk.crl (hash: h4GayqBTYwDeqIV7WRy6uWoN7ztYo/DKw45huOXRxRQ=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XtGkql_QUBs-ptafQzwvFkIRYIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:26:27:02:c0:c0:c1:55:31:b7:12:92:f8:0c:3c:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ed1a4aa5fd0501b3ea6d69f433c2f1642116089
        Validity
            Not Before: Nov 11 09:01:34 2025 GMT
            Not After : Nov 12 09:01:34 2025 GMT
        Subject: CN=fadc00597edd084ca2a9645d9aa2f8f6e20ed47b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:80:c0:b2:2a:32:61:1f:fc:61:88:07:d4:fb:
                    36:50:93:d5:e4:ed:48:87:09:37:24:08:f4:19:ae:
                    65:4d:b9:d0:44:1a:32:5c:58:cc:b7:88:d0:94:69:
                    0e:4d:75:e3:4b:a2:99:20:10:bf:dd:87:84:fc:02:
                    4e:79:99:00:9b:a9:64:82:54:70:a8:a2:8b:66:08:
                    ad:e9:f7:fd:9a:79:9e:fd:90:df:b3:d3:94:4f:c9:
                    44:df:a9:c7:8d:14:90:bc:d3:fa:79:8c:d4:03:35:
                    36:0c:91:5e:38:ed:07:ed:16:bb:b9:15:73:11:3b:
                    4f:fe:64:cb:f8:54:41:61:58:2a:5c:5f:48:f2:e4:
                    10:35:9c:68:b3:72:1c:25:2e:92:78:54:b8:08:d4:
                    9c:eb:23:d0:e9:b0:c6:9c:a5:b6:97:1a:2c:0f:4b:
                    40:6b:e9:b4:e3:74:d4:02:80:bd:dd:60:d0:ed:23:
                    ec:6c:ea:74:e8:e1:3f:a0:f4:1b:7b:62:4d:b5:b6:
                    80:e6:ae:14:5c:75:42:76:1d:a6:d3:d2:38:ac:be:
                    0a:c6:3c:a4:d4:36:62:22:db:05:57:af:f9:11:21:
                    dc:71:39:d4:a0:4b:28:49:d7:90:b8:a7:89:5a:e4:
                    c7:4e:63:1c:d3:22:c8:f0:b3:11:6c:07:67:57:92:
                    b6:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:DC:00:59:7E:DD:08:4C:A2:A9:64:5D:9A:A2:F8:F6:E2:0E:D4:7B
            X509v3 Authority Key Identifier:
                keyid:5E:D1:A4:AA:5F:D0:50:1B:3E:A6:D6:9F:43:3C:2F:16:42:11:60:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XtGkql_QUBs-ptafQzwvFkIRYIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         70:6f:e0:f5:c5:bd:9a:01:99:1b:0f:04:0a:3e:d6:92:b9:7f:
         2a:c5:a0:2c:93:50:3c:5d:8d:c6:35:d1:bb:37:e0:6f:4e:e5:
         df:3d:c7:33:09:55:ef:c4:b7:07:5a:4b:27:cc:4b:6d:30:94:
         0f:e3:02:33:f7:46:bc:47:fa:cd:55:5d:28:d9:07:c0:f8:19:
         a7:70:7a:ab:f9:03:43:96:ca:ee:83:5e:c0:bb:39:5c:d7:d2:
         fe:b1:bc:59:60:25:95:d7:41:91:71:8a:a6:05:d2:9e:0b:c4:
         be:6f:3a:d3:1a:0e:d0:1e:8b:74:eb:dc:ef:53:39:c0:db:d3:
         a0:12:57:03:ad:af:12:32:a6:e4:53:ba:2f:ae:69:e9:7e:d6:
         ea:07:be:a1:f9:a1:08:66:ca:25:4f:60:ad:8a:7e:e2:82:13:
         b3:9f:d8:47:a6:f8:ab:1e:be:3c:fc:4f:9f:ef:3c:f8:6c:f3:
         3f:f3:79:96:45:f9:00:3b:93:88:67:42:f4:40:b3:55:ac:25:
         d5:d0:46:5b:17:79:76:88:98:53:da:ac:25:1e:e5:4b:9e:da:
         9d:58:10:68:ca:79:40:84:fa:ef:ec:af:af:31:7f:51:4f:ea:
         be:1a:b3:38:33:46:17:d1:4d:ef:c2:5a:43:45:37:86:0c:bb:
         d6:d6:e8:f0
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyJicCwMDBVTG3EpL4DDzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZDFhNGFhNWZkMDUwMWIzZWE2ZDY5ZjQzM2MyZjE2NDIx
MTYwODkwHhcNMjUxMTExMDkwMTM0WhcNMjUxMTEyMDkwMTM0WjAzMTEwLwYDVQQD
EyhmYWRjMDA1OTdlZGQwODRjYTJhOTY0NWQ5YWEyZjhmNmUyMGVkNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYDAsioyYR/8YYgH1Ps2UJPV5O1I
hwk3JAj0Ga5lTbnQRBoyXFjMt4jQlGkOTXXjS6KZIBC/3YeE/AJOeZkAm6lkglRw
qKKLZgit6ff9mnme/ZDfs9OUT8lE36nHjRSQvNP6eYzUAzU2DJFeOO0H7Ra7uRVz
ETtP/mTL+FRBYVgqXF9I8uQQNZxos3IcJS6SeFS4CNSc6yPQ6bDGnKW2lxosD0tA
a+m043TUAoC93WDQ7SPsbOp06OE/oPQbe2JNtbaA5q4UXHVCdh2m09I4rL4Kxjyk
1DZiItsFV6/5ESHccTnUoEsoSdeQuKeJWuTHTmMc0yLI8LMRbAdnV5K2rQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPrcAFl+3QhMoqlkXZqi+PbiDtR7MB8GA1UdIwQY
MBaAFF7RpKpf0FAbPqbWn0M8LxZCEWCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHRHa3FsX1FVQnMtcHRhZlF6d3ZGa0lSWUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi85Yzc3MDMtOGQxNC00YmMwLTg4YTkt
YjlhODZhYzNlOGJlLzEvWHRHa3FsX1FVQnMtcHRhZlF6d3ZGa0lSWUlrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi85Yzc3MDMtOGQxNC00YmMwLTg4YTktYjlhODZhYzNlOGJl
LzEvWHRHa3FsX1FVQnMtcHRhZlF6d3ZGa0lSWUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAcG/g9cW9
mgGZGw8ECj7Wkrl/KsWgLJNQPF2NxjXRuzfgb07l3z3HMwlV78S3B1pLJ8xLbTCU
D+MCM/dGvEf6zVVdKNkHwPgZp3B6q/kDQ5bK7oNewLs5XNfS/rG8WWAllddBkXGK
pgXSngvEvm860xoO0B6LdOvc71M5wNvToBJXA62vEjKm5FO6L65p6X7W6ge+ofmh
CGbKJU9grYp+4oITs5/YR6b4qx6+PPxPn+88+GzzP/N5lkX5ADuTiGdC9ECzVawl
1dBGWxd5doiYU9qsJR7lS57anVgQaMp5QIT67+yvrzF/UU/qvhqzODNGF9FN78Ja
Q0U3hgy71tbo8A==
-----END CERTIFICATE-----