Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/8d5433-6c2d-44f5-b6e0-fd6c470295d4/1/XYxMrtvxY99oiGrDtz8OTLQX4V4.mft
File:                     XYxMrtvxY99oiGrDtz8OTLQX4V4.mft (raw, json)
Hash identifier:          qZyp9fxGUd+iBE/kjnZBxHidmU8486n2D64WlaB8UKI=
Subject key identifier:   F9:FA:12:E0:2C:1E:9F:04:B9:AB:F5:C4:F5:2D:B7:88:98:5D:C0:35
Authority key identifier: 5D:8C:4C:AE:DB:F1:63:DF:68:88:6A:C3:B7:3F:0E:4C:B4:17:E1:5E
Certificate issuer:       /CN=5d8c4caedbf163df68886ac3b73f0e4cb417e15e
Certificate serial:       019A71B8A5DDBBE4173FA92E6BDEB38C1F55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYxMrtvxY99oiGrDtz8OTLQX4V4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/8d5433-6c2d-44f5-b6e0-fd6c470295d4/1/XYxMrtvxY99oiGrDtz8OTLQX4V4.mft
Manifest number:          0D5C
Signing time:             Tue 11 Nov 2025 07:01:57 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:57 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:57 +0000
Files and hashes:         1: XYxMrtvxY99oiGrDtz8OTLQX4V4.crl (hash: mfpkBnKnEiU14Q6+NnZQnGJC5T5OMuoVsr8b9f9uQU8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/8d5433-6c2d-44f5-b6e0-fd6c470295d4/1/XYxMrtvxY99oiGrDtz8OTLQX4V4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/8d5433-6c2d-44f5-b6e0-fd6c470295d4/1/XYxMrtvxY99oiGrDtz8OTLQX4V4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYxMrtvxY99oiGrDtz8OTLQX4V4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:a5:dd:bb:e4:17:3f:a9:2e:6b:de:b3:8c:1f:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d8c4caedbf163df68886ac3b73f0e4cb417e15e
        Validity
            Not Before: Nov 11 07:01:57 2025 GMT
            Not After : Nov 12 07:01:57 2025 GMT
        Subject: CN=f9fa12e02c1e9f04b9abf5c4f52db788985dc035
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:07:7f:b5:74:70:cf:92:37:1b:86:83:d5:a3:
                    a5:2b:dd:f1:ec:a5:b2:63:84:4e:aa:fa:00:3a:06:
                    54:0c:29:b7:ff:38:7a:67:53:3b:74:55:5b:6e:3f:
                    38:7a:9d:87:67:1d:c0:dc:b7:4c:ca:dc:e8:37:fa:
                    56:4d:0f:6d:96:2a:21:9c:ee:f3:55:73:2d:1e:c7:
                    1b:92:31:25:b6:64:e9:6b:56:e1:1f:3f:ca:e4:37:
                    61:47:6f:1b:05:bc:04:f7:e4:8b:bb:74:d1:b2:55:
                    4b:63:15:9c:30:e8:ea:cb:80:11:f6:ef:fb:eb:4d:
                    21:53:9c:2b:e5:da:33:e2:21:5d:62:5d:14:1f:38:
                    bf:b4:42:9b:a5:6b:6a:c6:52:93:09:6c:cc:c5:19:
                    f5:c6:05:ce:77:16:66:4a:b1:dc:5b:3e:75:4b:8c:
                    d6:fd:2c:24:5b:19:19:8f:f4:e7:16:82:f2:e2:69:
                    0f:c7:3c:bc:aa:db:bc:43:cc:76:61:91:0f:14:2a:
                    c3:65:44:35:59:74:9b:8d:2a:fa:c7:47:eb:3c:bd:
                    13:7c:69:04:ed:d2:15:83:48:b3:16:62:17:98:de:
                    e3:c9:d1:f5:da:18:c7:17:ab:1a:68:58:db:4d:17:
                    cf:29:b0:e6:60:43:58:14:93:24:a4:bf:90:ef:5a:
                    da:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FA:12:E0:2C:1E:9F:04:B9:AB:F5:C4:F5:2D:B7:88:98:5D:C0:35
            X509v3 Authority Key Identifier:
                keyid:5D:8C:4C:AE:DB:F1:63:DF:68:88:6A:C3:B7:3F:0E:4C:B4:17:E1:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYxMrtvxY99oiGrDtz8OTLQX4V4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/8d5433-6c2d-44f5-b6e0-fd6c470295d4/1/XYxMrtvxY99oiGrDtz8OTLQX4V4.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/8d5433-6c2d-44f5-b6e0-fd6c470295d4/1/XYxMrtvxY99oiGrDtz8OTLQX4V4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         85:04:86:f7:aa:db:21:6c:da:03:a5:02:a9:7c:dd:f8:32:a4:
         17:c7:d0:ed:c0:8c:6c:2b:30:b4:84:4b:1a:41:2c:c2:ba:c4:
         4c:47:2c:0c:b9:8d:62:39:fc:59:90:b7:7f:84:5e:c1:c4:bc:
         f9:66:e2:25:5d:6d:d2:a8:1a:33:de:e1:a7:6a:6d:03:f0:33:
         d4:82:c9:80:dc:c3:97:9d:6d:ce:94:84:cb:c0:9f:80:61:36:
         62:c7:0c:0a:fb:21:34:82:3d:a3:45:c2:40:26:91:d4:ad:05:
         fa:1b:9e:9e:4f:83:9e:7f:b3:04:2e:55:16:a0:07:d2:a4:3c:
         ba:a6:4a:d4:bf:73:d5:07:fa:81:90:9f:75:5d:5d:5a:af:d5:
         af:2f:6d:36:fa:c1:4d:d5:04:da:dc:a3:24:a5:81:35:81:4e:
         ec:d6:9f:6f:98:5c:cd:a4:03:ff:4b:71:b5:34:42:38:04:3a:
         dc:6d:cf:77:44:66:8c:41:dc:71:71:d0:c4:76:d2:74:64:34:
         87:1c:0f:c9:a4:38:f9:d8:74:d3:f9:8b:75:27:29:a3:aa:72:
         69:e7:4c:3c:c5:fe:b7:0e:fa:9b:b0:7c:ca:59:49:31:b8:24:
         ab:0d:be:a9:89:dd:22:b5:8f:e4:bb:97:34:bf:c9:fb:2a:55:
         59:05:b7:97
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuKXdu+QXP6kua96zjB9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOGM0Y2FlZGJmMTYzZGY2ODg4NmFjM2I3M2YwZTRjYjQx
N2UxNWUwHhcNMjUxMTExMDcwMTU3WhcNMjUxMTEyMDcwMTU3WjAzMTEwLwYDVQQD
EyhmOWZhMTJlMDJjMWU5ZjA0YjlhYmY1YzRmNTJkYjc4ODk4NWRjMDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAd/tXRwz5I3G4aD1aOlK93x7KWy
Y4ROqvoAOgZUDCm3/zh6Z1M7dFVbbj84ep2HZx3A3LdMytzoN/pWTQ9tliohnO7z
VXMtHscbkjEltmTpa1bhHz/K5DdhR28bBbwE9+SLu3TRslVLYxWcMOjqy4AR9u/7
600hU5wr5doz4iFdYl0UHzi/tEKbpWtqxlKTCWzMxRn1xgXOdxZmSrHcWz51S4zW
/SwkWxkZj/TnFoLy4mkPxzy8qtu8Q8x2YZEPFCrDZUQ1WXSbjSr6x0frPL0TfGkE
7dIVg0izFmIXmN7jydH12hjHF6saaFjbTRfPKbDmYENYFJMkpL+Q71raSQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPn6EuAsHp8Euav1xPUtt4iYXcA1MB8GA1UdIwQY
MBaAFF2MTK7b8WPfaIhqw7c/Dky0F+FeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFl4TXJ0dnhZOTlvaUdyRHR6OE9UTFFYNFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi84ZDU0MzMtNmMyZC00NGY1LWI2ZTAt
ZmQ2YzQ3MDI5NWQ0LzEvWFl4TXJ0dnhZOTlvaUdyRHR6OE9UTFFYNFY0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi84ZDU0MzMtNmMyZC00NGY1LWI2ZTAtZmQ2YzQ3MDI5NWQ0
LzEvWFl4TXJ0dnhZOTlvaUdyRHR6OE9UTFFYNFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAhQSG96rb
IWzaA6UCqXzd+DKkF8fQ7cCMbCswtIRLGkEswrrETEcsDLmNYjn8WZC3f4RewcS8
+WbiJV1t0qgaM97hp2ptA/Az1ILJgNzDl51tzpSEy8CfgGE2YscMCvshNII9o0XC
QCaR1K0F+huenk+Dnn+zBC5VFqAH0qQ8uqZK1L9z1Qf6gZCfdV1dWq/Vry9tNvrB
TdUE2tyjJKWBNYFO7Nafb5hczaQD/0txtTRCOAQ63G3Pd0RmjEHccXHQxHbSdGQ0
hxwPyaQ4+dh00/mLdScpo6pyaedMPMX+tw76m7B8yllJMbgkqw2+qYndIrWP5LuX
NL/J+ypVWQW3lw==
-----END CERTIFICATE-----