Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          wznSlnZCxauzLa1VrtdRSCWcvLoDhtYRc2/d8IciCec=
Subject key identifier:   0A:12:1C:76:94:19:61:7E:40:A8:8F:92:0C:6D:DC:39:BF:25:29:6F
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       0197846B1D8DDDFAB30128E169CFB0210DA6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          1597
Signing time:             Wed 18 Jun 2025 19:01:41 +0000
Manifest this update:     Wed 18 Jun 2025 19:01:41 +0000
Manifest next update:     Thu 19 Jun 2025 19:01:41 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: y4hnhD5Bi/csANqvJjUyeoxzXWCJsdkkbswYeN0Un2U=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:84:6b:1d:8d:dd:fa:b3:01:28:e1:69:cf:b0:21:0d:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Jun 18 19:01:41 2025 GMT
            Not After : Jun 19 19:01:41 2025 GMT
        Subject: CN=0a121c769419617e40a88f920c6ddc39bf25296f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:6b:9a:0f:55:27:42:6e:0b:97:67:94:a9:62:
                    7e:23:45:e9:e9:b3:48:5d:8a:49:1b:ce:c7:5b:e6:
                    21:22:c9:a1:6f:50:66:5f:9f:07:8e:b6:02:a6:71:
                    52:dc:0d:16:e3:b3:00:17:c4:11:04:2c:d6:54:eb:
                    2f:6d:1a:74:7b:04:cb:e9:f8:8f:fc:45:9d:ca:e7:
                    98:ff:d1:b4:9f:62:85:80:e1:a4:1c:d0:b5:75:42:
                    2a:c3:12:3b:57:10:b2:1f:5c:47:b1:85:67:44:ce:
                    75:f1:8d:e5:88:f7:e2:44:52:b6:f5:7e:a8:67:b6:
                    1f:69:b9:96:1d:50:dd:e2:d9:50:d1:ab:e6:a5:0e:
                    a1:9b:3f:14:14:f7:92:92:14:bc:94:c2:6f:33:a0:
                    05:43:30:dc:4b:db:e0:dd:5f:28:11:31:73:39:26:
                    52:70:65:dc:bb:1a:49:41:0a:5a:3f:34:99:63:99:
                    51:a5:dc:1f:58:03:89:24:6a:97:6f:a7:c9:7f:72:
                    bb:5b:eb:b2:14:1d:28:88:56:2f:1d:e8:cc:ce:ed:
                    68:6a:89:ff:f7:86:ee:9b:e5:16:61:55:50:ab:a1:
                    03:94:f3:dc:05:dd:84:ca:38:53:bd:4e:c5:a0:dc:
                    55:5e:1a:dc:02:62:83:af:94:a9:dc:f6:93:fd:f9:
                    be:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:12:1C:76:94:19:61:7E:40:A8:8F:92:0C:6D:DC:39:BF:25:29:6F
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         72:a3:b7:cb:75:13:28:3c:84:37:e9:a1:4a:0e:b9:cd:1e:e1:
         6a:f2:9c:95:a1:e6:56:02:e9:02:3d:79:be:21:cf:ec:a8:ad:
         b4:41:49:e6:90:a7:07:9d:65:a2:cf:a3:d6:99:e9:8d:22:57:
         09:59:ed:52:f4:d1:be:4e:ac:03:fb:67:16:98:3d:87:97:04:
         d6:e1:10:54:9d:ca:a0:08:2f:8d:7a:ee:ca:5f:e3:33:1b:2a:
         2d:69:90:86:5f:d4:42:45:93:1c:0b:b9:87:8b:c3:5f:3b:d3:
         ce:5c:15:40:e5:61:b1:45:34:7c:32:db:f5:6e:9a:14:86:e0:
         a9:37:1e:4d:02:b9:11:b1:05:29:54:26:31:52:51:e3:fd:6a:
         7a:76:35:4e:fb:d4:1e:6c:bb:5d:c0:f2:85:6d:7d:4c:6e:8c:
         71:ef:c1:cf:1f:48:21:16:8c:86:dd:78:20:f9:c7:27:8e:72:
         af:7d:33:29:25:6a:21:e4:ba:dc:58:1d:fe:4a:fd:b4:45:29:
         5c:e6:88:6f:ca:1f:d8:de:5e:66:79:d4:26:d8:b7:27:05:f1:
         9c:fd:7b:6d:eb:3c:bb:d8:c0:6e:33:9b:a6:2f:ec:84:cd:e0:
         b6:d2:06:98:9c:f9:b2:28:a2:f9:0c:e3:26:3d:b1:46:cd:e3:
         19:82:93:bc
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZeEax2N3fqzASjhac+wIQ2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjUwNjE4MTkwMTQxWhcNMjUwNjE5MTkwMTQxWjAzMTEwLwYDVQQD
EygwYTEyMWM3Njk0MTk2MTdlNDBhODhmOTIwYzZkZGMzOWJmMjUyOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WuaD1UnQm4Ll2eUqWJ+I0Xp6bNI
XYpJG87HW+YhIsmhb1BmX58HjrYCpnFS3A0W47MAF8QRBCzWVOsvbRp0ewTL6fiP
/EWdyueY/9G0n2KFgOGkHNC1dUIqwxI7VxCyH1xHsYVnRM518Y3liPfiRFK29X6o
Z7YfabmWHVDd4tlQ0avmpQ6hmz8UFPeSkhS8lMJvM6AFQzDcS9vg3V8oETFzOSZS
cGXcuxpJQQpaPzSZY5lRpdwfWAOJJGqXb6fJf3K7W+uyFB0oiFYvHejMzu1oaon/
94bum+UWYVVQq6EDlPPcBd2EyjhTvU7FoNxVXhrcAmKDr5Sp3PaT/fm+NwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAoSHHaUGWF+QKiPkgxt3Dm/JSlvMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAcqO3y3UT
KDyEN+mhSg65zR7havKclaHmVgLpAj15viHP7KittEFJ5pCnB51los+j1pnpjSJX
CVntUvTRvk6sA/tnFpg9h5cE1uEQVJ3KoAgvjXruyl/jMxsqLWmQhl/UQkWTHAu5
h4vDXzvTzlwVQOVhsUU0fDLb9W6aFIbgqTceTQK5EbEFKVQmMVJR4/1qenY1TvvU
Hmy7XcDyhW19TG6Mce/Bzx9IIRaMht14IPnHJ45yr30zKSVqIeS63Fgd/kr9tEUp
XOaIb8of2N5eZnnUJti3JwXxnP17bes8u9jAbjObpi/shM3gttIGmJz5siii+Qzj
Jj2xRs3jGYKTvA==
-----END CERTIFICATE-----