Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/8af1cd-5021-463b-99a3-04e4a84a74ac/1/OPJMluat5giBDDDZoTB8xpr5_00.mft
File:                     OPJMluat5giBDDDZoTB8xpr5_00.mft (raw, json)
Hash identifier:          WEY8J4RdX+l5pwN9yMr7RgMYTHFjlZMLQJhfPB0xHq0=
Subject key identifier:   09:DF:64:7E:56:D9:02:5C:62:77:E4:DE:7D:BB:36:CC:D3:B1:D3:CF
Authority key identifier: 38:F2:4C:96:E6:AD:E6:08:81:0C:30:D9:A1:30:7C:C6:9A:F9:FF:4D
Certificate issuer:       /CN=38f24c96e6ade608810c30d9a1307cc69af9ff4d
Certificate serial:       019A7112EE3F1A9194F7E28352416728D205
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OPJMluat5giBDDDZoTB8xpr5_00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/8af1cd-5021-463b-99a3-04e4a84a74ac/1/OPJMluat5giBDDDZoTB8xpr5_00.mft
Manifest number:          0DD4
Signing time:             Tue 11 Nov 2025 04:00:57 +0000
Manifest this update:     Tue 11 Nov 2025 04:00:57 +0000
Manifest next update:     Wed 12 Nov 2025 04:00:57 +0000
Files and hashes:         1: OPJMluat5giBDDDZoTB8xpr5_00.crl (hash: oJbkiktJ15y0cAEWG5b0PRu3J2jYEOugVYlu3GHepA8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/8af1cd-5021-463b-99a3-04e4a84a74ac/1/OPJMluat5giBDDDZoTB8xpr5_00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/8af1cd-5021-463b-99a3-04e4a84a74ac/1/OPJMluat5giBDDDZoTB8xpr5_00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OPJMluat5giBDDDZoTB8xpr5_00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 04:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:71:12:ee:3f:1a:91:94:f7:e2:83:52:41:67:28:d2:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38f24c96e6ade608810c30d9a1307cc69af9ff4d
        Validity
            Not Before: Nov 11 04:00:57 2025 GMT
            Not After : Nov 12 04:00:57 2025 GMT
        Subject: CN=09df647e56d9025c6277e4de7dbb36ccd3b1d3cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:77:73:39:d3:73:07:65:95:67:f2:5d:3f:fe:
                    37:57:ff:17:47:e3:1e:ab:1b:be:5f:f5:b2:f3:29:
                    05:01:14:f4:2c:b9:17:36:bd:f9:1c:e0:c0:0c:43:
                    ac:a7:53:80:0e:0f:93:7b:a5:92:45:39:42:ca:19:
                    0a:63:4d:9d:b7:04:73:03:aa:d3:b8:a7:c9:a3:e2:
                    ea:8d:f6:1e:20:01:01:aa:1a:18:d2:6d:21:f6:8c:
                    41:91:a8:ee:15:ac:f8:be:f3:60:0c:1a:eb:bf:3a:
                    82:55:fd:c6:c1:ce:c2:8a:10:56:df:33:ec:6e:76:
                    18:1e:26:3a:dc:a8:a1:c8:25:b0:ea:e1:25:c2:c7:
                    ad:73:b3:55:4a:68:96:fa:36:07:7d:71:2c:44:ca:
                    a7:87:eb:c0:79:4e:b3:3d:8e:6e:dc:cb:c4:86:8c:
                    d1:b4:c9:38:32:5f:64:6b:bf:cf:b1:c2:aa:33:8f:
                    17:4f:df:b4:20:1c:54:61:91:bd:40:f9:11:50:5e:
                    80:e4:12:c3:f8:fb:5a:2e:b3:f5:d5:69:69:ba:fa:
                    b9:57:2d:99:0c:f6:61:f5:69:17:d9:cc:c3:d8:77:
                    01:39:be:cc:3d:4b:96:46:1a:0d:10:ea:c7:53:3e:
                    91:a4:7f:bc:5f:1c:05:ac:8f:f5:f9:66:7d:db:ee:
                    9d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:DF:64:7E:56:D9:02:5C:62:77:E4:DE:7D:BB:36:CC:D3:B1:D3:CF
            X509v3 Authority Key Identifier:
                keyid:38:F2:4C:96:E6:AD:E6:08:81:0C:30:D9:A1:30:7C:C6:9A:F9:FF:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OPJMluat5giBDDDZoTB8xpr5_00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8af1cd-5021-463b-99a3-04e4a84a74ac/1/OPJMluat5giBDDDZoTB8xpr5_00.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/8af1cd-5021-463b-99a3-04e4a84a74ac/1/OPJMluat5giBDDDZoTB8xpr5_00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         c3:45:32:e9:53:14:95:a1:f0:76:d3:7e:8f:f1:6f:53:b6:06:
         67:86:bc:13:0d:9f:0a:2d:83:47:dd:05:70:5b:c9:9d:67:d7:
         80:d5:75:5f:8f:57:e0:6b:4d:fe:f3:af:d6:d8:70:16:db:c5:
         0e:61:2c:61:de:9f:d6:5d:a3:93:45:76:ca:81:37:fc:ef:84:
         d8:60:6c:1b:ba:43:8c:c1:49:ee:a7:fd:19:ac:e0:0c:a3:95:
         86:57:c9:9e:d3:56:42:a2:85:c5:30:7f:71:07:91:2d:dd:22:
         9b:2a:24:72:ba:3f:54:8c:b1:1c:14:ee:bf:df:f8:92:97:6c:
         a0:b7:80:dc:07:c4:1c:b8:1f:6e:00:00:1a:c6:b0:c9:6f:5e:
         18:07:66:da:3e:c0:66:16:ce:2f:bd:d6:23:7d:b4:47:cb:48:
         7a:06:1b:dd:17:89:98:df:64:51:5f:d9:49:1d:b9:19:4b:71:
         3f:2d:74:09:ed:ac:4b:73:0e:14:16:e6:07:3f:67:17:b8:c9:
         c1:8e:50:75:24:5c:a5:fb:fe:a1:6a:4e:ed:fb:50:e3:77:b0:
         33:a1:82:6a:c9:db:3e:85:6b:91:f0:ec:2f:b0:e6:2d:23:2f:
         5c:76:e8:21:04:db:62:a7:3e:48:7f:c6:39:7e:64:33:84:e5:
         13:c8:06:a0
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpxEu4/GpGU9+KDUkFnKNIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZjI0Yzk2ZTZhZGU2MDg4MTBjMzBkOWExMzA3Y2M2OWFm
OWZmNGQwHhcNMjUxMTExMDQwMDU3WhcNMjUxMTEyMDQwMDU3WjAzMTEwLwYDVQQD
EygwOWRmNjQ3ZTU2ZDkwMjVjNjI3N2U0ZGU3ZGJiMzZjY2QzYjFkM2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XdzOdNzB2WVZ/JdP/43V/8XR+Me
qxu+X/Wy8ykFART0LLkXNr35HODADEOsp1OADg+Te6WSRTlCyhkKY02dtwRzA6rT
uKfJo+LqjfYeIAEBqhoY0m0h9oxBkajuFaz4vvNgDBrrvzqCVf3Gwc7CihBW3zPs
bnYYHiY63KihyCWw6uElwsetc7NVSmiW+jYHfXEsRMqnh+vAeU6zPY5u3MvEhozR
tMk4Ml9ka7/PscKqM48XT9+0IBxUYZG9QPkRUF6A5BLD+PtaLrP11Wlpuvq5Vy2Z
DPZh9WkX2czD2HcBOb7MPUuWRhoNEOrHUz6RpH+8XxwFrI/1+WZ92+6d2QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAnfZH5W2QJcYnfk3n27NszTsdPPMB8GA1UdIwQY
MBaAFDjyTJbmreYIgQww2aEwfMaa+f9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1BKTWx1YXQ1Z2lCREREWm9UQjh4cHI1XzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS84YWYxY2QtNTAyMS00NjNiLTk5YTMt
MDRlNGE4NGE3NGFjLzEvT1BKTWx1YXQ1Z2lCREREWm9UQjh4cHI1XzAwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS84YWYxY2QtNTAyMS00NjNiLTk5YTMtMDRlNGE4NGE3NGFj
LzEvT1BKTWx1YXQ1Z2lCREREWm9UQjh4cHI1XzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAw0Uy6VMU
laHwdtN+j/FvU7YGZ4a8Ew2fCi2DR90FcFvJnWfXgNV1X49X4GtN/vOv1thwFtvF
DmEsYd6f1l2jk0V2yoE3/O+E2GBsG7pDjMFJ7qf9GazgDKOVhlfJntNWQqKFxTB/
cQeRLd0imyokcro/VIyxHBTuv9/4kpdsoLeA3AfEHLgfbgAAGsawyW9eGAdm2j7A
ZhbOL73WI320R8tIegYb3ReJmN9kUV/ZSR25GUtxPy10Ce2sS3MOFBbmBz9nF7jJ
wY5QdSRcpfv+oWpO7ftQ43ewM6GCasnbPoVrkfDsL7DmLSMvXHboIQTbYqc+SH/G
OX5kM4TlE8gGoA==
-----END CERTIFICATE-----