Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/b39217-25d3-401d-a1d1-02b3de834bf4/1/NfSbXVBQALkJkyxrT0Q-fvgdeA0.mft
File:                     NfSbXVBQALkJkyxrT0Q-fvgdeA0.mft (raw, json)
Hash identifier:          PZ98xoaUPyxKZcmqJ8jrnBhGAECxKbNc/sR/yXY4S88=
Subject key identifier:   A9:A2:CA:9F:30:49:70:5F:F3:5B:19:E5:64:76:4A:B1:05:70:B2:DA
Authority key identifier: 35:F4:9B:5D:50:50:00:B9:09:93:2C:6B:4F:44:3E:7E:F8:1D:78:0D
Certificate issuer:       /CN=35f49b5d505000b909932c6b4f443e7ef81d780d
Certificate serial:       019A722613B0CA33FBF74FBAFEF724A03B8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NfSbXVBQALkJkyxrT0Q-fvgdeA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/b39217-25d3-401d-a1d1-02b3de834bf4/1/NfSbXVBQALkJkyxrT0Q-fvgdeA0.mft
Manifest number:          171A
Signing time:             Tue 11 Nov 2025 09:01:29 +0000
Manifest this update:     Tue 11 Nov 2025 09:01:29 +0000
Manifest next update:     Wed 12 Nov 2025 09:01:29 +0000
Files and hashes:         1: NfSbXVBQALkJkyxrT0Q-fvgdeA0.crl (hash: r+eeaGtynmcumyQWHGsi8JwXJIYcd0sh4aRuqyB+pec=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/b39217-25d3-401d-a1d1-02b3de834bf4/1/NfSbXVBQALkJkyxrT0Q-fvgdeA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/b39217-25d3-401d-a1d1-02b3de834bf4/1/NfSbXVBQALkJkyxrT0Q-fvgdeA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NfSbXVBQALkJkyxrT0Q-fvgdeA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:72:26:13:b0:ca:33:fb:f7:4f:ba:fe:f7:24:a0:3b:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35f49b5d505000b909932c6b4f443e7ef81d780d
        Validity
            Not Before: Nov 11 09:01:29 2025 GMT
            Not After : Nov 12 09:01:29 2025 GMT
        Subject: CN=a9a2ca9f3049705ff35b19e564764ab10570b2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:95:08:f1:6a:a8:d0:36:37:5e:71:83:f4:da:
                    15:99:b3:9d:6a:0a:68:d2:41:57:2e:1d:58:c0:e9:
                    c4:b5:e4:01:63:e8:cf:11:97:a1:f2:e7:f9:df:64:
                    0f:a0:6d:e4:32:e5:32:93:9b:a7:41:84:19:23:48:
                    b6:7e:a1:09:3c:6c:33:54:8e:96:09:0e:8e:36:6e:
                    49:6a:b5:d7:e8:06:b8:1e:cb:b2:d9:e7:c2:b5:7f:
                    e9:81:a9:ea:3f:7d:4d:78:02:ca:c4:60:7e:8a:26:
                    cb:7f:7b:08:e8:88:46:f8:9b:99:96:9b:c2:8c:e0:
                    87:08:55:66:30:ab:db:79:60:7f:82:da:e1:69:7a:
                    41:a4:1c:4a:ff:70:f1:69:ff:ce:fc:ec:c7:9b:ba:
                    cd:3a:a2:ef:f5:45:75:92:0d:e9:d6:88:5c:6a:12:
                    ea:6f:cb:be:0f:a9:b6:f9:cd:5c:b9:a7:ab:ac:80:
                    20:31:b0:2a:52:ea:59:0d:15:7d:cc:00:06:ae:44:
                    f5:fe:e9:3a:71:3c:c3:53:31:fa:3c:b1:64:52:89:
                    6a:83:d6:72:5c:15:87:86:8f:15:6a:51:2e:5e:d5:
                    c2:63:8a:9b:1d:f4:f3:61:8d:88:38:ab:ec:86:9c:
                    50:65:83:28:5a:3f:82:7e:73:4d:96:ea:f7:08:1a:
                    0d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A2:CA:9F:30:49:70:5F:F3:5B:19:E5:64:76:4A:B1:05:70:B2:DA
            X509v3 Authority Key Identifier:
                keyid:35:F4:9B:5D:50:50:00:B9:09:93:2C:6B:4F:44:3E:7E:F8:1D:78:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NfSbXVBQALkJkyxrT0Q-fvgdeA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/b39217-25d3-401d-a1d1-02b3de834bf4/1/NfSbXVBQALkJkyxrT0Q-fvgdeA0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/b39217-25d3-401d-a1d1-02b3de834bf4/1/NfSbXVBQALkJkyxrT0Q-fvgdeA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         79:cd:ec:91:1f:3e:75:c3:00:79:de:58:0a:00:67:57:c2:00:
         74:65:46:0d:0f:fe:9a:27:5f:94:91:dc:c1:27:ef:de:b0:e3:
         76:9f:d7:c6:af:11:9c:ae:f7:8b:f3:15:83:e8:fd:8d:53:8e:
         b0:37:3d:7b:e8:f7:3a:9b:0c:9f:0c:8a:db:c4:57:29:9c:73:
         23:56:c4:8c:8f:57:a9:dc:74:7a:0b:15:d9:d9:93:bb:11:df:
         0f:99:e7:ec:66:d1:1c:bd:5e:d5:27:48:b6:00:c3:40:cd:91:
         38:4f:b7:44:9b:2d:ad:2d:23:eb:fa:53:07:6e:83:eb:6b:f0:
         39:a2:4c:ec:92:04:7f:db:c3:e1:ff:da:d3:45:28:c4:ce:23:
         8e:69:a9:11:2a:45:49:43:12:ac:7c:fa:22:db:07:89:4b:33:
         77:a9:1b:d6:8a:ae:b1:77:d0:62:1f:e2:16:99:75:de:e7:46:
         17:3f:7f:7c:57:de:79:bb:04:e4:46:1a:9a:cc:8d:c0:22:45:
         06:a5:0e:6d:17:2d:73:9a:36:c5:dd:c7:07:ed:2a:9e:aa:a9:
         13:94:cd:d3:22:99:78:ed:90:7e:39:c3:2c:c7:5a:9b:93:2b:
         dc:60:15:b1:7a:a6:f4:24:b1:56:a1:36:3e:9d:0d:b9:a6:35:
         5e:6f:9f:05
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpyJhOwyjP790+6/vckoDuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZjQ5YjVkNTA1MDAwYjkwOTkzMmM2YjRmNDQzZTdlZjgx
ZDc4MGQwHhcNMjUxMTExMDkwMTI5WhcNMjUxMTEyMDkwMTI5WjAzMTEwLwYDVQQD
EyhhOWEyY2E5ZjMwNDk3MDVmZjM1YjE5ZTU2NDc2NGFiMTA1NzBiMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJUI8Wqo0DY3XnGD9NoVmbOdagpo
0kFXLh1YwOnEteQBY+jPEZeh8uf532QPoG3kMuUyk5unQYQZI0i2fqEJPGwzVI6W
CQ6ONm5JarXX6Aa4Hsuy2efCtX/pganqP31NeALKxGB+iibLf3sI6IhG+JuZlpvC
jOCHCFVmMKvbeWB/gtrhaXpBpBxK/3Dxaf/O/OzHm7rNOqLv9UV1kg3p1ohcahLq
b8u+D6m2+c1cuaerrIAgMbAqUupZDRV9zAAGrkT1/uk6cTzDUzH6PLFkUolqg9Zy
XBWHho8ValEuXtXCY4qbHfTzYY2IOKvshpxQZYMoWj+CfnNNlur3CBoN/QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKmiyp8wSXBf81sZ5WR2SrEFcLLaMB8GA1UdIwQY
MBaAFDX0m11QUAC5CZMsa09EPn74HXgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmZTYlhWQlFBTGtKa3l4clQwUS1mdmdkZUEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9iMzkyMTctMjVkMy00MDFkLWExZDEt
MDJiM2RlODM0YmY0LzEvTmZTYlhWQlFBTGtKa3l4clQwUS1mdmdkZUEwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9iMzkyMTctMjVkMy00MDFkLWExZDEtMDJiM2RlODM0YmY0
LzEvTmZTYlhWQlFBTGtKa3l4clQwUS1mdmdkZUEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAec3skR8+
dcMAed5YCgBnV8IAdGVGDQ/+midflJHcwSfv3rDjdp/Xxq8RnK73i/MVg+j9jVOO
sDc9e+j3OpsMnwyK28RXKZxzI1bEjI9Xqdx0egsV2dmTuxHfD5nn7GbRHL1e1SdI
tgDDQM2ROE+3RJstrS0j6/pTB26D62vwOaJM7JIEf9vD4f/a00UoxM4jjmmpESpF
SUMSrHz6ItsHiUszd6kb1oqusXfQYh/iFpl13udGFz9/fFfeebsE5EYamsyNwCJF
BqUObRctc5o2xd3HB+0qnqqpE5TN0yKZeO2QfjnDLMdam5Mr3GAVsXqm9CSxVqE2
Pp0NuaY1Xm+fBQ==
-----END CERTIFICATE-----