Manifest

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/8acfa318-2a5c-4241-afbb-387d71e8c596/0/3509F37A88DA7D8DF5D8355261259C1D418E541C.mft
File:                     3509F37A88DA7D8DF5D8355261259C1D418E541C.mft (raw, json)
Hash identifier:          hutkDlXrQcMsTxWTfhlomcRA335LsFiluOEDPH24fTo=
Subject key identifier:   66:33:74:38:52:9D:CA:09:C5:BC:AE:B6:46:CB:B1:9F:6E:F6:57:1D
Authority key identifier: 35:09:F3:7A:88:DA:7D:8D:F5:D8:35:52:61:25:9C:1D:41:8E:54:1C
Certificate issuer:       /CN=3509F37A88DA7D8DF5D8355261259C1D418E541C
Certificate serial:       308903BA39613F109A5104F44629E7EA750DF75E
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/3509F37A88DA7D8DF5D8355261259C1D418E541C.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/8acfa318-2a5c-4241-afbb-387d71e8c596/0/3509F37A88DA7D8DF5D8355261259C1D418E541C.mft
Manifest number:          10
Signing time:             Sat 29 Mar 2025 10:12:17 +0000
Manifest this update:     Sat 29 Mar 2025 10:07:17 +0000
Manifest next update:     Sun 30 Mar 2025 13:20:17 +0000
Files and hashes:         1: 3509F37A88DA7D8DF5D8355261259C1D418E541C.crl (hash: BdKKxVjsBcyJXr5ORl0Ul7PJ3ZwxXtl9gObBqlmEi9M=)
                          2: 326131343a373538313a363030303a3a2f33362d3438203d3e20323034383434.roa (hash: osL3/jDdIUC4nSO/8sgXvP/URENbIO8+dFSvIWvh0hs=)
                          3: 326131343a373538313a366664303a3a2f34342d3434203d3e20323135393334.roa (hash: DW9x/Ypi7+2R2UY9/K8dZ/0qnoPd2+cxPJg/Of/mWSc=)
                          4: 326131343a373538313a366665303a3a2f34342d3434203d3e20323134383431.roa (hash: iOS92ZOzfdaYAwVAG52es9WixwgK6RzegWQ/R4buDFc=)
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:89:03:ba:39:61:3f:10:9a:51:04:f4:46:29:e7:ea:75:0d:f7:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3509F37A88DA7D8DF5D8355261259C1D418E541C
        Validity
            Not Before: Mar 29 10:07:17 2025 GMT
            Not After : Mar 30 13:20:17 2025 GMT
        Subject: CN=66337438529DCA09C5BCAEB646CBB19F6EF6571D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:02:35:25:9e:b4:9b:a0:0d:4d:64:8b:94:c2:
                    66:54:7a:15:32:ae:1c:2d:51:39:79:cf:23:30:8f:
                    64:c3:10:6a:2d:5a:8d:27:ae:40:c9:3d:ee:ae:a0:
                    d2:f3:c3:76:bc:43:6d:fc:c6:0c:94:e4:74:e3:4e:
                    69:1d:9f:67:d2:42:c1:10:34:25:85:68:51:eb:38:
                    38:a4:c5:a1:a3:33:8d:52:ab:d1:26:b0:0a:1a:e4:
                    40:c9:e2:2c:c6:23:3f:b4:b3:6c:2b:96:1e:da:0d:
                    6a:01:35:a9:11:cc:53:7f:7a:18:28:77:f7:42:ed:
                    55:54:54:8d:ea:d6:0b:07:a0:fd:11:0b:c9:8d:1a:
                    d0:f9:f2:c7:df:e7:b4:a7:5c:36:e6:6e:44:5e:cf:
                    1d:29:64:0d:94:fa:fd:9c:56:6d:4e:9f:7b:25:d8:
                    c7:c9:d0:71:74:88:dd:ae:1b:49:ac:e2:68:90:3a:
                    49:6b:e6:59:9e:e2:8b:0e:b2:25:57:cd:c4:6d:42:
                    1c:07:ca:ea:67:a3:99:05:de:02:bb:dd:3a:f0:fa:
                    5b:1d:d7:25:41:9e:b6:8e:74:42:5a:41:f9:ed:8b:
                    17:5a:e1:7e:7e:3b:db:95:cf:45:a6:2d:cf:56:71:
                    39:1e:d5:58:db:b0:bf:f4:11:14:71:03:62:34:eb:
                    14:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:33:74:38:52:9D:CA:09:C5:BC:AE:B6:46:CB:B1:9F:6E:F6:57:1D
            X509v3 Authority Key Identifier:
                keyid:35:09:F3:7A:88:DA:7D:8D:F5:D8:35:52:61:25:9C:1D:41:8E:54:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/8acfa318-2a5c-4241-afbb-387d71e8c596/0/3509F37A88DA7D8DF5D8355261259C1D418E541C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/3509F37A88DA7D8DF5D8355261259C1D418E541C.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/8acfa318-2a5c-4241-afbb-387d71e8c596/0/3509F37A88DA7D8DF5D8355261259C1D418E541C.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         74:e9:d9:24:67:dd:63:1c:df:6f:13:1b:94:3a:fe:79:29:50:
         b5:b2:8b:ed:8a:89:6f:65:06:cc:d5:96:9b:a8:be:0a:f2:f3:
         18:f7:d6:7a:62:ac:bf:7b:b2:95:e6:62:bc:44:85:d6:e1:82:
         d2:3d:e7:37:59:cc:e3:07:c3:43:b0:ae:87:7b:ed:05:86:7f:
         b2:d3:e9:00:d1:32:a7:01:eb:1a:d9:00:64:ea:08:00:20:9b:
         5a:af:2f:fe:30:d6:3a:ff:84:26:80:b0:00:73:a7:71:94:54:
         fc:7b:6b:07:cb:c4:ad:ff:32:ff:6c:a9:98:ae:e9:25:93:af:
         f8:56:47:d8:ef:de:b1:b0:bb:49:a9:b3:ef:45:10:76:9b:66:
         cc:27:4a:3d:8a:8e:f1:90:3f:3e:ab:16:dd:38:c9:47:84:c0:
         89:36:8e:5c:17:63:9c:89:15:b7:b2:ae:97:91:d7:3d:25:bc:
         3f:c3:aa:b3:a0:af:49:72:7d:76:7a:03:35:86:3b:4a:da:b3:
         39:76:c5:8c:6f:88:24:ec:cf:8b:09:ec:d4:d5:62:bd:76:bc:
         46:40:73:6d:00:68:10:57:84:03:a6:e6:59:e3:d1:77:cc:cb:
         d3:5a:fd:01:92:e2:92:24:6f:f8:83:bc:4f:5a:46:1a:d1:fe:
         46:90:f5:73
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgIUMIkDujlhPxCaUQT0Rinn6nUN914wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzUwOUYzN0E4OERBN0Q4REY1RDgzNTUyNjEyNTlDMUQ0
MThFNTQxQzAeFw0yNTAzMjkxMDA3MTdaFw0yNTAzMzAxMzIwMTdaMDMxMTAvBgNV
BAMTKDY2MzM3NDM4NTI5RENBMDlDNUJDQUVCNjQ2Q0JCMTlGNkVGNjU3MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpAjUlnrSboA1NZIuUwmZUehUy
rhwtUTl5zyMwj2TDEGotWo0nrkDJPe6uoNLzw3a8Q238xgyU5HTjTmkdn2fSQsEQ
NCWFaFHrODikxaGjM41Sq9EmsAoa5EDJ4izGIz+0s2wrlh7aDWoBNakRzFN/ehgo
d/dC7VVUVI3q1gsHoP0RC8mNGtD58sff57SnXDbmbkRezx0pZA2U+v2cVm1On3sl
2MfJ0HF0iN2uG0ms4miQOklr5lme4osOsiVXzcRtQhwHyupno5kF3gK73Trw+lsd
1yVBnraOdEJaQfntixda4X5+O9uVz0WmLc9WcTke1VjbsL/0ERRxA2I06xR9AgMB
AAGjggKCMIICfjAdBgNVHQ4EFgQUZjN0OFKdygnFvK62Rsuxn272Vx0wHwYDVR0j
BBgwFoAUNQnzeojafY312DVSYSWcHUGOVBwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOGFjZmEzMTgtMmE1Yy00MjQxLWFmYmItMzg3ZDcxZThj
NTk2LzAvMzUwOUYzN0E4OERBN0Q4REY1RDgzNTUyNjEyNTlDMUQ0MThFNTQxQy5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84OTI3MGY2Yy1hM2ZlLTQy
OTktYjA3OS0zMDllZDk3ZjM4MjQvMC8zNTA5RjM3QTg4REE3RDhERjVEODM1NTI2
MTI1OUMxRDQxOEU1NDFDLmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsGAQUF
BzALhn9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzhhY2ZhMzE4LTJhNWMtNDI0MS1hZmJiLTM4N2Q3MWU4YzU5Ni8wLzM1MDlGMzdB
ODhEQTdEOERGNUQ4MzU1MjYxMjU5QzFENDE4RTU0MUMubWZ0MBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMAYEAgABBQAwBgQCAAIF
ADAVBggrBgEFBQcBCAEB/wQGMASgAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQB06dkk
Z91jHN9vExuUOv55KVC1sovtiolvZQbM1ZabqL4K8vMY99Z6Yqy/e7KV5mK8RIXW
4YLSPec3WczjB8NDsK6He+0Fhn+y0+kA0TKnAesa2QBk6ggAIJtary/+MNY6/4Qm
gLAAc6dxlFT8e2sHy8St/zL/bKmYruklk6/4VkfY796xsLtJqbPvRRB2m2bMJ0o9
io7xkD8+qxbdOMlHhMCJNo5cF2OciRW3sq6Xkdc9Jbw/w6qzoK9Jcn12egM1hjtK
2rM5dsWMb4gk7M+LCezU1WK9drxGQHNtAGgQV4QDpuZZ49F3zMvTWv0BkuKSJG/4
g7xPWkYa0f5GkPVz
-----END CERTIFICATE-----