Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/a5bc8a-049d-4314-9b1a-29755a7c94fd/1/z4duDnrrYE0WMdSaAl4XitJ0qBI.mft
File:                     z4duDnrrYE0WMdSaAl4XitJ0qBI.mft (raw, json)
Hash identifier:          9t48/zZTMKudmwMUpT3FhSqDX9TqPjUYKZCFClekCqM=
Subject key identifier:   3B:FE:84:2D:A7:60:21:2C:65:C5:89:20:7C:CA:2E:EC:28:A2:F3:2A
Authority key identifier: CF:87:6E:0E:7A:EB:60:4D:16:31:D4:9A:02:5E:17:8A:D2:74:A8:12
Certificate issuer:       /CN=cf876e0e7aeb604d1631d49a025e178ad274a812
Certificate serial:       019A4DE1BBFFEF5411A58ADE1C7ABE655DBC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z4duDnrrYE0WMdSaAl4XitJ0qBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/a5bc8a-049d-4314-9b1a-29755a7c94fd/1/z4duDnrrYE0WMdSaAl4XitJ0qBI.mft
Manifest number:          1709
Signing time:             Tue 04 Nov 2025 08:00:30 +0000
Manifest this update:     Tue 04 Nov 2025 08:00:30 +0000
Manifest next update:     Wed 05 Nov 2025 08:00:30 +0000
Files and hashes:         1: z4duDnrrYE0WMdSaAl4XitJ0qBI.crl (hash: p0G+OBvMY+m5575yKFwcD0OdRXKik1F4OuPy35Pb+o0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/a5bc8a-049d-4314-9b1a-29755a7c94fd/1/z4duDnrrYE0WMdSaAl4XitJ0qBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/a5bc8a-049d-4314-9b1a-29755a7c94fd/1/z4duDnrrYE0WMdSaAl4XitJ0qBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z4duDnrrYE0WMdSaAl4XitJ0qBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 08:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:e1:bb:ff:ef:54:11:a5:8a:de:1c:7a:be:65:5d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf876e0e7aeb604d1631d49a025e178ad274a812
        Validity
            Not Before: Nov  4 08:00:30 2025 GMT
            Not After : Nov  5 08:00:30 2025 GMT
        Subject: CN=3bfe842da760212c65c589207cca2eec28a2f32a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ac:56:a2:ab:49:fb:29:30:04:bb:43:9c:aa:
                    e0:f0:7f:3e:a7:23:11:e3:d6:dd:51:39:b1:26:43:
                    5a:19:9e:57:a4:85:14:21:d4:b0:b2:ce:43:b2:93:
                    c6:77:11:0c:51:8a:06:f2:9a:a6:64:1f:eb:94:2b:
                    d3:ee:07:72:60:4b:9c:b8:a9:39:1d:da:91:07:ee:
                    34:1d:aa:ba:7c:97:61:cc:38:67:31:72:48:12:a1:
                    59:7d:e1:e4:67:cd:ce:21:03:e2:33:bf:4d:e2:77:
                    d9:4f:c0:8a:38:f8:70:a9:8c:8f:a8:6e:8b:90:d6:
                    01:e3:62:bd:91:d0:aa:a8:7a:58:51:29:62:7f:e4:
                    bb:06:ee:c3:55:3b:89:7a:3b:a0:be:ae:23:73:5e:
                    2a:91:f4:95:27:32:3c:93:83:62:3c:83:51:18:22:
                    53:f7:0d:be:af:bf:e4:7f:2b:bb:95:ec:e6:e2:6f:
                    23:c4:2e:27:aa:81:fa:50:3c:5c:ec:fa:30:51:9b:
                    1b:04:b5:1c:5a:99:f5:46:15:43:c2:c3:aa:ce:44:
                    d8:6a:1a:fd:a4:dc:8d:df:56:ac:0b:6a:a6:c8:77:
                    d6:46:95:fc:d2:2a:36:f1:96:d3:70:ab:79:5e:5f:
                    54:d8:6d:9f:e3:42:a0:e1:6f:01:05:9a:ed:80:1d:
                    a1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FE:84:2D:A7:60:21:2C:65:C5:89:20:7C:CA:2E:EC:28:A2:F3:2A
            X509v3 Authority Key Identifier:
                keyid:CF:87:6E:0E:7A:EB:60:4D:16:31:D4:9A:02:5E:17:8A:D2:74:A8:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z4duDnrrYE0WMdSaAl4XitJ0qBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a5bc8a-049d-4314-9b1a-29755a7c94fd/1/z4duDnrrYE0WMdSaAl4XitJ0qBI.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a5bc8a-049d-4314-9b1a-29755a7c94fd/1/z4duDnrrYE0WMdSaAl4XitJ0qBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         32:f5:ce:2e:d5:7b:c4:94:c1:3c:e2:96:75:13:63:9d:d3:d7:
         d8:a1:3f:3c:86:27:31:6d:43:04:b3:20:f4:af:21:7c:94:18:
         61:dc:f3:00:f6:58:89:c9:62:61:b9:a7:98:0c:ee:7f:6f:dd:
         26:7e:e8:3e:eb:47:b4:85:c4:b7:28:4b:0c:2e:43:ee:db:59:
         8f:9d:73:ee:ee:e6:d5:b4:46:de:0b:30:d3:67:1e:00:39:05:
         7d:a9:68:ad:77:05:50:64:2a:84:5a:5c:d5:d0:82:2e:56:04:
         0c:17:87:c1:96:60:df:3d:ba:79:fb:6c:da:b2:c2:74:9c:fd:
         e3:5f:91:72:c9:69:05:f7:76:d1:24:5e:8a:7a:33:aa:a4:13:
         90:34:bb:fe:33:10:4d:f9:83:9d:98:35:19:c7:d5:e0:4f:31:
         65:3e:66:4e:42:93:2b:5c:2d:86:7d:fa:ba:be:3b:e7:f0:95:
         ad:bf:88:62:40:d6:74:69:a9:0d:cd:a7:73:64:99:6d:7f:95:
         5a:f3:b5:ff:63:ef:f5:54:be:2c:3d:02:9c:03:0c:20:47:83:
         2c:8b:90:9d:c2:8c:6a:f3:66:bb:d7:67:04:42:e0:22:8b:e6:
         ad:d2:25:db:da:ce:1c:f4:90:33:39:ae:21:b3:59:d1:4e:c9:
         31:8c:ac:7c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpN4bv/71QRpYreHHq+ZV28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmODc2ZTBlN2FlYjYwNGQxNjMxZDQ5YTAyNWUxNzhhZDI3
NGE4MTIwHhcNMjUxMTA0MDgwMDMwWhcNMjUxMTA1MDgwMDMwWjAzMTEwLwYDVQQD
EygzYmZlODQyZGE3NjAyMTJjNjVjNTg5MjA3Y2NhMmVlYzI4YTJmMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaxWoqtJ+ykwBLtDnKrg8H8+pyMR
49bdUTmxJkNaGZ5XpIUUIdSwss5DspPGdxEMUYoG8pqmZB/rlCvT7gdyYEucuKk5
HdqRB+40Haq6fJdhzDhnMXJIEqFZfeHkZ83OIQPiM79N4nfZT8CKOPhwqYyPqG6L
kNYB42K9kdCqqHpYUSlif+S7Bu7DVTuJejugvq4jc14qkfSVJzI8k4NiPINRGCJT
9w2+r7/kfyu7lezm4m8jxC4nqoH6UDxc7PowUZsbBLUcWpn1RhVDwsOqzkTYahr9
pNyN31asC2qmyHfWRpX80io28ZbTcKt5Xl9U2G2f40Kg4W8BBZrtgB2hFQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDv+hC2nYCEsZcWJIHzKLuwoovMqMB8GA1UdIwQY
MBaAFM+Hbg5662BNFjHUmgJeF4rSdKgSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejRkdURucnJZRTBXTWRTYUFsNFhpdEowcUJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9hNWJjOGEtMDQ5ZC00MzE0LTliMWEt
Mjk3NTVhN2M5NGZkLzEvejRkdURucnJZRTBXTWRTYUFsNFhpdEowcUJJLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9hNWJjOGEtMDQ5ZC00MzE0LTliMWEtMjk3NTVhN2M5NGZk
LzEvejRkdURucnJZRTBXTWRTYUFsNFhpdEowcUJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAMvXOLtV7
xJTBPOKWdRNjndPX2KE/PIYnMW1DBLMg9K8hfJQYYdzzAPZYicliYbmnmAzuf2/d
Jn7oPutHtIXEtyhLDC5D7ttZj51z7u7m1bRG3gsw02ceADkFfalorXcFUGQqhFpc
1dCCLlYEDBeHwZZg3z26efts2rLCdJz941+RcslpBfd20SReinozqqQTkDS7/jMQ
TfmDnZg1GcfV4E8xZT5mTkKTK1wthn36ur475/CVrb+IYkDWdGmpDc2nc2SZbX+V
WvO1/2Pv9VS+LD0CnAMMIEeDLIuQncKMavNmu9dnBELgIovmrdIl29rOHPSQMzmu
IbNZ0U7JMYysfA==
-----END CERTIFICATE-----