Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/3ba160-e945-4d56-b129-52c19758fa15/1/USd7w4wS4ELt31bX519QVjxL0ic.mft
File:                     USd7w4wS4ELt31bX519QVjxL0ic.mft (raw, json)
Hash identifier:          2tJTmzfI2fsnXBHLoRxwJGj2PYZAa0q1x4AXo0ZY5Jw=
Subject key identifier:   36:9C:50:2A:AA:C1:29:EA:73:6F:EB:D5:CA:E2:DE:70:8D:50:34:8F
Authority key identifier: 51:27:7B:C3:8C:12:E0:42:ED:DF:56:D7:E7:5F:50:56:3C:4B:D2:27
Certificate issuer:       /CN=51277bc38c12e042eddf56d7e75f50563c4bd227
Certificate serial:       019A71B85B44DE2F8306C909003C6355E22F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/USd7w4wS4ELt31bX519QVjxL0ic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/3ba160-e945-4d56-b129-52c19758fa15/1/USd7w4wS4ELt31bX519QVjxL0ic.mft
Manifest number:          171B
Signing time:             Tue 11 Nov 2025 07:01:38 +0000
Manifest this update:     Tue 11 Nov 2025 07:01:38 +0000
Manifest next update:     Wed 12 Nov 2025 07:01:38 +0000
Files and hashes:         1: USd7w4wS4ELt31bX519QVjxL0ic.crl (hash: SxyGD4wiODZtABUy6AVfaTF+70ALrOkUBRt2YFVLsC4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/3ba160-e945-4d56-b129-52c19758fa15/1/USd7w4wS4ELt31bX519QVjxL0ic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/3ba160-e945-4d56-b129-52c19758fa15/1/USd7w4wS4ELt31bX519QVjxL0ic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/USd7w4wS4ELt31bX519QVjxL0ic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:b8:5b:44:de:2f:83:06:c9:09:00:3c:63:55:e2:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51277bc38c12e042eddf56d7e75f50563c4bd227
        Validity
            Not Before: Nov 11 07:01:38 2025 GMT
            Not After : Nov 12 07:01:38 2025 GMT
        Subject: CN=369c502aaac129ea736febd5cae2de708d50348f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e5:1e:4b:da:d0:0a:a7:b7:cb:4c:0c:4d:bf:
                    74:c1:a4:05:2a:24:12:93:ad:02:34:51:8b:07:52:
                    aa:ae:91:2c:11:e6:fa:46:b1:e6:c9:6f:c8:61:99:
                    dd:1b:e7:20:28:ba:d1:30:aa:c0:b6:0d:9c:d9:73:
                    36:c9:26:89:6c:98:d6:58:eb:00:26:5b:d5:45:06:
                    ba:b3:09:74:03:f2:07:3a:34:4a:e9:e5:8d:9d:3f:
                    fd:56:bc:90:1c:bb:f2:98:1b:44:6f:75:e9:c9:f6:
                    c0:29:5b:0a:48:5c:0b:1f:87:06:4f:3b:c6:f7:b2:
                    25:a7:74:d6:05:4c:1a:4d:94:f0:18:e5:1c:a8:31:
                    44:4d:7f:8c:b4:76:75:51:06:5d:00:b3:0c:66:7a:
                    76:ce:bd:57:4d:23:14:f5:dd:07:ce:c7:0f:cc:65:
                    be:16:ed:2a:4d:d9:8b:8c:58:5d:59:fa:cb:cd:e4:
                    af:57:14:2c:fc:7b:17:0a:70:86:2e:aa:dc:b0:2b:
                    6d:09:d8:21:87:60:95:b5:54:c9:e8:83:e8:f3:df:
                    aa:33:9d:72:da:20:3c:f8:1b:7b:06:5f:d9:c5:28:
                    fb:db:8d:a3:a0:6b:70:39:8a:2f:9c:6f:9f:00:c7:
                    b3:ad:07:4e:ed:1d:84:54:78:df:8b:ba:19:9d:f9:
                    a0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:9C:50:2A:AA:C1:29:EA:73:6F:EB:D5:CA:E2:DE:70:8D:50:34:8F
            X509v3 Authority Key Identifier:
                keyid:51:27:7B:C3:8C:12:E0:42:ED:DF:56:D7:E7:5F:50:56:3C:4B:D2:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/USd7w4wS4ELt31bX519QVjxL0ic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/3ba160-e945-4d56-b129-52c19758fa15/1/USd7w4wS4ELt31bX519QVjxL0ic.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/3ba160-e945-4d56-b129-52c19758fa15/1/USd7w4wS4ELt31bX519QVjxL0ic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         41:9a:07:ec:11:95:7e:b4:e0:94:85:c7:91:96:7f:bc:cc:73:
         c7:9d:3b:c5:a8:30:15:c9:36:eb:d2:31:2d:d6:50:e0:8c:b1:
         9e:49:48:53:b6:b1:75:57:71:5a:80:ce:0a:f1:ab:e3:cf:20:
         31:88:6e:d1:0f:41:cd:00:0e:4f:9c:2b:b7:ca:e8:3e:bb:b3:
         75:f6:89:98:a1:50:c0:82:c4:04:74:7d:0b:34:6f:34:98:bd:
         e5:25:a8:6d:92:c1:6e:d3:f7:51:05:d7:7a:69:1e:ef:dc:89:
         13:b7:29:5b:1e:4c:25:43:9f:3a:dd:7b:74:e8:80:02:7b:56:
         1f:9c:05:3e:4c:4d:47:cb:d2:31:36:17:25:3b:f6:7a:9d:ff:
         0a:10:3b:02:75:26:a9:e6:25:1b:28:41:50:98:8c:b0:62:ca:
         7f:ff:e8:cf:55:6b:7f:d8:76:3b:66:4c:6e:5b:b5:65:8b:20:
         d3:dd:08:01:1e:7c:f7:a0:52:2e:db:60:11:8e:8a:c9:47:49:
         f4:79:7c:30:51:39:69:a0:ce:b6:c0:4e:da:ef:22:44:c3:c8:
         31:8c:f1:3e:08:61:30:15:d9:8a:f7:5d:84:a7:6c:8a:3b:de:
         70:d0:3e:5f:63:8f:52:ef:f3:a5:f0:55:9a:db:5c:34:ba:79:
         4b:92:8e:a1
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxuFtE3i+DBskJADxjVeIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMjc3YmMzOGMxMmUwNDJlZGRmNTZkN2U3NWY1MDU2M2M0
YmQyMjcwHhcNMjUxMTExMDcwMTM4WhcNMjUxMTEyMDcwMTM4WjAzMTEwLwYDVQQD
EygzNjljNTAyYWFhYzEyOWVhNzM2ZmViZDVjYWUyZGU3MDhkNTAzNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOUeS9rQCqe3y0wMTb90waQFKiQS
k60CNFGLB1KqrpEsEeb6RrHmyW/IYZndG+cgKLrRMKrAtg2c2XM2ySaJbJjWWOsA
JlvVRQa6swl0A/IHOjRK6eWNnT/9VryQHLvymBtEb3XpyfbAKVsKSFwLH4cGTzvG
97Ilp3TWBUwaTZTwGOUcqDFETX+MtHZ1UQZdALMMZnp2zr1XTSMU9d0HzscPzGW+
Fu0qTdmLjFhdWfrLzeSvVxQs/HsXCnCGLqrcsCttCdghh2CVtVTJ6IPo89+qM51y
2iA8+Bt7Bl/ZxSj7242joGtwOYovnG+fAMezrQdO7R2EVHjfi7oZnfmgbwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDacUCqqwSnqc2/r1cri3nCNUDSPMB8GA1UdIwQY
MBaAFFEne8OMEuBC7d9W1+dfUFY8S9InMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVNkN3c0d1M0RUx0MzFiWDUxOVFWanhMMGljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8zYmExNjAtZTk0NS00ZDU2LWIxMjkt
NTJjMTk3NThmYTE1LzEvVVNkN3c0d1M0RUx0MzFiWDUxOVFWanhMMGljLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8zYmExNjAtZTk0NS00ZDU2LWIxMjktNTJjMTk3NThmYTE1
LzEvVVNkN3c0d1M0RUx0MzFiWDUxOVFWanhMMGljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAQZoH7BGV
frTglIXHkZZ/vMxzx507xagwFck269IxLdZQ4IyxnklIU7axdVdxWoDOCvGr488g
MYhu0Q9BzQAOT5wrt8roPruzdfaJmKFQwILEBHR9CzRvNJi95SWobZLBbtP3UQXX
emke79yJE7cpWx5MJUOfOt17dOiAAntWH5wFPkxNR8vSMTYXJTv2ep3/ChA7AnUm
qeYlGyhBUJiMsGLKf//oz1Vrf9h2O2ZMblu1ZYsg090IAR5896BSLttgEY6KyUdJ
9Hl8MFE5aaDOtsBO2u8iRMPIMYzxPghhMBXZivddhKdsijvecNA+X2OPUu/zpfBV
mttcNLp5S5KOoQ==
-----END CERTIFICATE-----