Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/0aef2b-1e45-4ad5-a80c-86dee207f81e/1/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.mft
File:                     pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.mft (raw, json)
Hash identifier:          Q9wsKKpZwhEGFNXL8gFYYM6eNBMZ7zYlLNbUtTAScHg=
Subject key identifier:   7D:B6:86:25:A9:0F:28:A9:88:85:86:57:08:A4:5C:55:5D:3E:4C:C5
Authority key identifier: A4:06:8C:66:55:C3:33:FC:71:28:32:C1:13:F6:7F:1F:D6:88:AE:C4
Certificate issuer:       /CN=a4068c6655c333fc712832c113f67f1fd688aec4
Certificate serial:       019A50E2C860BD5600C4AF12ECDA21667E42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/0aef2b-1e45-4ad5-a80c-86dee207f81e/1/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.mft
Manifest number:          140B
Signing time:             Tue 04 Nov 2025 22:00:30 +0000
Manifest this update:     Tue 04 Nov 2025 22:00:30 +0000
Manifest next update:     Wed 05 Nov 2025 22:00:30 +0000
Files and hashes:         1: pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.crl (hash: 2ex004vxouHRuMG/WmiGktAeq7Rby+cv8/UYxgyDhQg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/0aef2b-1e45-4ad5-a80c-86dee207f81e/1/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/0aef2b-1e45-4ad5-a80c-86dee207f81e/1/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:e2:c8:60:bd:56:00:c4:af:12:ec:da:21:66:7e:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4068c6655c333fc712832c113f67f1fd688aec4
        Validity
            Not Before: Nov  4 22:00:30 2025 GMT
            Not After : Nov  5 22:00:30 2025 GMT
        Subject: CN=7db68625a90f28a98885865708a45c555d3e4cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e1:d3:3c:16:97:7e:ca:c4:0b:5f:af:ce:3a:
                    fd:ed:46:6d:16:7c:3d:6a:29:e6:cc:9f:12:cf:2a:
                    bf:d6:af:57:65:e3:6a:e4:ce:5d:ff:1b:c0:a4:6e:
                    ef:5f:c2:c3:84:64:c4:1c:46:07:65:90:ae:d0:4a:
                    1f:94:4c:56:21:81:fc:5b:f5:5d:f5:fd:5d:31:c3:
                    9b:61:50:c8:00:e2:96:6d:c7:e4:6c:6e:da:e5:b2:
                    51:71:94:e7:3b:9e:ba:b8:02:67:92:e2:49:f1:c0:
                    63:40:76:aa:53:92:f2:84:42:d6:11:05:26:be:6e:
                    1d:a5:5c:93:b2:9f:96:a5:2f:e6:e6:e9:5c:93:38:
                    ff:30:4e:29:c8:3c:f9:ec:f6:81:80:6a:41:78:98:
                    91:07:5e:20:53:f9:d0:25:81:2f:3b:89:51:fa:35:
                    d7:87:96:f5:6e:4e:f2:99:cc:c4:de:17:92:55:e4:
                    d2:b1:45:7b:7c:b3:f7:c6:71:0c:5f:7b:00:69:cb:
                    bb:f7:4d:c3:7f:fa:56:e6:3f:39:0a:be:80:2f:3a:
                    58:11:87:b4:b4:42:cc:35:f6:5c:99:ac:20:6f:52:
                    5d:21:30:51:4e:18:c8:92:ed:bb:d5:58:13:68:88:
                    0a:66:fb:38:5f:5c:b8:b8:fa:c6:49:08:44:f7:2b:
                    dc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:B6:86:25:A9:0F:28:A9:88:85:86:57:08:A4:5C:55:5D:3E:4C:C5
            X509v3 Authority Key Identifier:
                keyid:A4:06:8C:66:55:C3:33:FC:71:28:32:C1:13:F6:7F:1F:D6:88:AE:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0aef2b-1e45-4ad5-a80c-86dee207f81e/1/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/0aef2b-1e45-4ad5-a80c-86dee207f81e/1/pAaMZlXDM_xxKDLBE_Z_H9aIrsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         14:2c:73:fb:e7:f8:47:54:e5:87:70:35:6d:40:1e:c0:f0:be:
         9f:83:15:bf:56:c5:91:59:d6:a1:ac:56:b0:1b:b3:ee:70:6c:
         f4:85:4f:32:88:bc:83:18:46:51:b2:02:f8:d5:92:c0:31:29:
         23:2b:42:64:f7:20:d1:50:3b:a3:3c:bf:d3:39:42:79:fd:fc:
         13:02:f3:f1:8a:0f:34:ac:fe:54:f5:ec:99:d9:21:ab:17:2b:
         00:9c:cd:68:ed:e9:cd:da:98:53:91:0c:f7:41:de:07:15:73:
         2d:37:07:2d:8f:b2:de:b4:d0:a3:1b:5c:35:da:be:f5:21:b0:
         bc:84:b6:a9:90:e4:b7:2b:c4:ce:c3:29:42:6d:4b:a8:08:c6:
         c9:ea:4a:3a:42:27:1e:7c:21:75:11:26:5e:68:94:58:fa:d0:
         ae:b1:8f:9e:94:3a:ee:c2:a2:07:30:1d:8f:f5:72:a6:0c:79:
         d5:1e:57:2b:13:da:8c:0b:04:e4:62:94:60:db:af:2e:fb:a6:
         fc:60:4b:14:84:d2:0a:c9:42:cb:2d:8e:d1:55:7d:59:b1:84:
         69:9b:70:af:66:e2:1a:01:4a:cd:a9:f8:c8:60:9d:59:ab:44:
         52:f8:17:46:75:9a:f2:74:01:dd:1f:6f:7d:3f:ac:8d:a5:a9:
         af:4d:47:43
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpQ4shgvVYAxK8S7NohZn5CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MDY4YzY2NTVjMzMzZmM3MTI4MzJjMTEzZjY3ZjFmZDY4
OGFlYzQwHhcNMjUxMTA0MjIwMDMwWhcNMjUxMTA1MjIwMDMwWjAzMTEwLwYDVQQD
Eyg3ZGI2ODYyNWE5MGYyOGE5ODg4NTg2NTcwOGE0NWM1NTVkM2U0Y2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOHTPBaXfsrEC1+vzjr97UZtFnw9
ainmzJ8Szyq/1q9XZeNq5M5d/xvApG7vX8LDhGTEHEYHZZCu0EoflExWIYH8W/Vd
9f1dMcObYVDIAOKWbcfkbG7a5bJRcZTnO566uAJnkuJJ8cBjQHaqU5LyhELWEQUm
vm4dpVyTsp+WpS/m5ulckzj/ME4pyDz57PaBgGpBeJiRB14gU/nQJYEvO4lR+jXX
h5b1bk7ymczE3heSVeTSsUV7fLP3xnEMX3sAacu7903Df/pW5j85Cr6ALzpYEYe0
tELMNfZcmawgb1JdITBRThjIku271VgTaIgKZvs4X1y4uPrGSQhE9yvcTwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFH22hiWpDyipiIWGVwikXFVdPkzFMB8GA1UdIwQY
MBaAFKQGjGZVwzP8cSgywRP2fx/WiK7EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEFhTVpsWERNX3h4S0RMQkVfWl9IOWFJcnNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8wYWVmMmItMWU0NS00YWQ1LWE4MGMt
ODZkZWUyMDdmODFlLzEvcEFhTVpsWERNX3h4S0RMQkVfWl9IOWFJcnNRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8wYWVmMmItMWU0NS00YWQ1LWE4MGMtODZkZWUyMDdmODFl
LzEvcEFhTVpsWERNX3h4S0RMQkVfWl9IOWFJcnNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFCxz++f4
R1Tlh3A1bUAewPC+n4MVv1bFkVnWoaxWsBuz7nBs9IVPMoi8gxhGUbIC+NWSwDEp
IytCZPcg0VA7ozy/0zlCef38EwLz8YoPNKz+VPXsmdkhqxcrAJzNaO3pzdqYU5EM
90HeBxVzLTcHLY+y3rTQoxtcNdq+9SGwvIS2qZDktyvEzsMpQm1LqAjGyepKOkIn
HnwhdREmXmiUWPrQrrGPnpQ67sKiBzAdj/Vypgx51R5XKxPajAsE5GKUYNuvLvum
/GBLFITSCslCyy2O0VV9WbGEaZtwr2biGgFKzan4yGCdWatEUvgXRnWa8nQB3R9v
fT+sjaWpr01HQw==
-----END CERTIFICATE-----