Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/814dd0-09e1-4273-873a-7463815a3f4e/1/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.mft
File:                     y8Lr2jqwhRDr6aEOYL4jFgIoqUI.mft (raw, json)
Hash identifier:          UdcQ/hmvwudasIR0h09odsRHHDwUUVyBQTb4m8mHc5U=
Subject key identifier:   68:9D:09:E3:9B:00:BF:21:44:3F:D2:85:3F:41:25:FD:BC:BF:BB:B5
Authority key identifier: CB:C2:EB:DA:3A:B0:85:10:EB:E9:A1:0E:60:BE:23:16:02:28:A9:42
Certificate issuer:       /CN=cbc2ebda3ab08510ebe9a10e60be23160228a942
Certificate serial:       019A4EF5CC533D3C950BCB7D86D41AA00993
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/814dd0-09e1-4273-873a-7463815a3f4e/1/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.mft
Manifest number:          1709
Signing time:             Tue 04 Nov 2025 13:02:02 +0000
Manifest this update:     Tue 04 Nov 2025 13:02:02 +0000
Manifest next update:     Wed 05 Nov 2025 13:02:02 +0000
Files and hashes:         1: y8Lr2jqwhRDr6aEOYL4jFgIoqUI.crl (hash: I/WT+iIdRMf/h4oRWZCY0vT9Pc5OQSasam1V12GZmMg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/814dd0-09e1-4273-873a-7463815a3f4e/1/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/814dd0-09e1-4273-873a-7463815a3f4e/1/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:f5:cc:53:3d:3c:95:0b:cb:7d:86:d4:1a:a0:09:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbc2ebda3ab08510ebe9a10e60be23160228a942
        Validity
            Not Before: Nov  4 13:02:02 2025 GMT
            Not After : Nov  5 13:02:02 2025 GMT
        Subject: CN=689d09e39b00bf21443fd2853f4125fdbcbfbbb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:25:4b:ad:45:c4:4a:7e:1c:7b:75:e2:1f:df:
                    a4:00:e8:21:5a:ce:2e:0d:a9:7c:6f:be:ec:21:a1:
                    c3:d0:b4:e8:43:5e:c5:b1:84:88:76:3f:4c:fd:c0:
                    b3:d7:dc:72:85:51:f5:54:b1:b3:62:8b:54:70:a9:
                    f7:2c:be:fe:0e:ff:43:15:44:9a:f3:b6:39:d4:38:
                    19:be:14:35:05:a3:90:87:b9:12:42:ac:42:8d:a6:
                    c0:9f:08:db:13:b0:15:d8:36:e6:56:55:d3:04:69:
                    71:7d:67:29:4a:e4:c8:bd:74:0e:21:74:1e:a0:64:
                    72:6b:49:b1:ce:81:68:5d:81:d8:05:b8:f5:63:07:
                    73:92:d8:97:60:d3:2d:a2:9d:3f:53:d0:6f:54:f6:
                    34:73:91:f4:51:ff:7d:41:72:2c:0d:0a:d9:d6:6f:
                    f6:29:87:3e:14:32:1d:b3:c9:af:35:12:80:18:c9:
                    ea:78:35:0a:9e:0b:86:b3:76:58:3f:20:15:d7:67:
                    03:6b:a5:ac:ce:20:4a:b7:f8:fb:eb:51:fc:53:0d:
                    64:e7:22:5f:4f:c4:53:97:a4:e3:9e:4c:45:f7:bc:
                    42:61:e9:28:21:f5:21:56:cd:7a:8b:85:2a:89:f5:
                    d5:e5:7f:0d:ec:4e:2a:ea:dd:f1:64:dd:8e:9a:94:
                    97:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:9D:09:E3:9B:00:BF:21:44:3F:D2:85:3F:41:25:FD:BC:BF:BB:B5
            X509v3 Authority Key Identifier:
                keyid:CB:C2:EB:DA:3A:B0:85:10:EB:E9:A1:0E:60:BE:23:16:02:28:A9:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/814dd0-09e1-4273-873a-7463815a3f4e/1/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/814dd0-09e1-4273-873a-7463815a3f4e/1/y8Lr2jqwhRDr6aEOYL4jFgIoqUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         72:84:2f:4a:6a:3a:e6:d0:2e:11:ae:e5:5b:3d:7f:42:03:69:
         0b:9d:08:3f:96:6b:ed:26:84:94:91:36:57:86:bf:82:6c:05:
         3e:fc:b8:a8:8c:7a:bc:62:6b:67:8f:6c:ba:7f:8e:68:2c:62:
         e9:cf:ca:33:18:ed:e8:fd:55:71:02:26:97:e1:7b:a2:be:9f:
         e0:ff:bd:da:af:25:38:0c:22:67:e8:c0:b7:f1:0c:2e:f4:69:
         5a:74:f6:82:f6:36:2f:c0:a2:ea:8d:56:81:05:01:c9:34:15:
         f7:e6:0a:db:10:e0:59:78:a6:89:80:6b:2b:8e:1b:ae:d7:e7:
         41:74:90:f0:2e:6a:c9:8b:7b:27:f1:0b:94:c9:17:54:29:4c:
         c0:2d:0c:a4:12:c8:1d:64:66:f4:b7:a4:b2:48:c0:74:2b:fe:
         20:48:ee:d0:12:2e:35:97:10:e2:dd:7e:12:f0:4e:72:cc:f4:
         10:df:12:2a:3e:97:26:be:e2:88:b2:39:26:43:95:46:b9:37:
         21:45:a7:fb:39:6c:b9:a2:94:96:2a:92:ae:43:76:9e:cc:1e:
         dd:2e:8c:e7:05:6b:71:c6:b2:41:1a:b6:3a:25:e1:b6:1e:a2:
         d3:21:ba:5f:7e:9e:c8:4e:cb:73:8a:89:49:d4:ef:16:82:27:
         a3:22:42:86
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpO9cxTPTyVC8t9htQaoAmTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYzJlYmRhM2FiMDg1MTBlYmU5YTEwZTYwYmUyMzE2MDIy
OGE5NDIwHhcNMjUxMTA0MTMwMjAyWhcNMjUxMTA1MTMwMjAyWjAzMTEwLwYDVQQD
Eyg2ODlkMDllMzliMDBiZjIxNDQzZmQyODUzZjQxMjVmZGJjYmZiYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5iVLrUXESn4ce3XiH9+kAOghWs4u
Dal8b77sIaHD0LToQ17FsYSIdj9M/cCz19xyhVH1VLGzYotUcKn3LL7+Dv9DFUSa
87Y51DgZvhQ1BaOQh7kSQqxCjabAnwjbE7AV2DbmVlXTBGlxfWcpSuTIvXQOIXQe
oGRya0mxzoFoXYHYBbj1YwdzktiXYNMtop0/U9BvVPY0c5H0Uf99QXIsDQrZ1m/2
KYc+FDIds8mvNRKAGMnqeDUKnguGs3ZYPyAV12cDa6WsziBKt/j761H8Uw1k5yJf
T8RTl6TjnkxF97xCYekoIfUhVs16i4UqifXV5X8N7E4q6t3xZN2OmpSXdwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGidCeObAL8hRD/ShT9BJf28v7u1MB8GA1UdIwQY
MBaAFMvC69o6sIUQ6+mhDmC+IxYCKKlCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveThMcjJqcXdoUkRyNmFFT1lMNGpGZ0lvcVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84MTRkZDAtMDllMS00MjczLTg3M2Et
NzQ2MzgxNWEzZjRlLzEveThMcjJqcXdoUkRyNmFFT1lMNGpGZ0lvcVVJLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84MTRkZDAtMDllMS00MjczLTg3M2EtNzQ2MzgxNWEzZjRl
LzEveThMcjJqcXdoUkRyNmFFT1lMNGpGZ0lvcVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAcoQvSmo6
5tAuEa7lWz1/QgNpC50IP5Zr7SaElJE2V4a/gmwFPvy4qIx6vGJrZ49sun+OaCxi
6c/KMxjt6P1VcQIml+F7or6f4P+92q8lOAwiZ+jAt/EMLvRpWnT2gvY2L8Ci6o1W
gQUByTQV9+YK2xDgWXimiYBrK44brtfnQXSQ8C5qyYt7J/ELlMkXVClMwC0MpBLI
HWRm9LekskjAdCv+IEju0BIuNZcQ4t1+EvBOcsz0EN8SKj6XJr7iiLI5JkOVRrk3
IUWn+zlsuaKUliqSrkN2nswe3S6M5wVrccayQRq2OiXhth6i0yG6X36eyE7Lc4qJ
SdTvFoInoyJChg==
-----END CERTIFICATE-----