Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft
File:                     X765nwZBwgALrAWjJrQYpMApS3o.mft (raw, json)
Hash identifier:          BL8/W3ORu1CgWOwe/LVgkBbYwsrQoadJwvsIWzzIGSo=
Subject key identifier:   2A:3A:12:09:2F:DA:87:A0:C3:46:C1:1E:3E:39:2A:BC:14:22:36:E9
Authority key identifier: 5F:BE:B9:9F:06:41:C2:00:0B:AC:05:A3:26:B4:18:A4:C0:29:4B:7A
Certificate issuer:       /CN=5fbeb99f0641c2000bac05a326b418a4c0294b7a
Certificate serial:       01968390C32D77B3C8BD8F4DDE40BB307953
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X765nwZBwgALrAWjJrQYpMApS3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft
Manifest number:          08
Signing time:             Tue 29 Apr 2025 22:00:24 +0000
Manifest this update:     Tue 29 Apr 2025 22:00:24 +0000
Manifest next update:     Wed 30 Apr 2025 22:00:24 +0000
Files and hashes:         1: X765nwZBwgALrAWjJrQYpMApS3o.crl (hash: E7jGUzqwTlzylKA/UVTTYBmH0cK7EXviyaQ+XBLvERE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X765nwZBwgALrAWjJrQYpMApS3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:83:90:c3:2d:77:b3:c8:bd:8f:4d:de:40:bb:30:79:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fbeb99f0641c2000bac05a326b418a4c0294b7a
        Validity
            Not Before: Apr 29 22:00:24 2025 GMT
            Not After : Apr 30 22:00:24 2025 GMT
        Subject: CN=2a3a12092fda87a0c346c11e3e392abc142236e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:b4:c6:3c:50:9b:c2:d0:51:6c:ba:ed:77:4f:
                    b9:37:d3:13:c0:6a:df:e0:b1:88:8e:80:61:40:08:
                    be:40:f4:a4:11:70:e1:66:44:5f:eb:52:0b:e4:ae:
                    eb:68:c3:02:ae:ef:5f:d5:4d:c8:53:b2:fe:c0:e2:
                    60:59:91:8b:0a:d9:b6:ae:49:cd:a9:dc:b3:80:71:
                    7e:1c:44:90:88:0c:23:6d:1f:fa:8f:18:51:f8:e6:
                    eb:37:e6:b2:b4:6d:5d:00:f8:2b:16:40:c1:65:22:
                    05:dd:ad:5c:37:26:51:96:4d:e5:2c:6a:91:47:d4:
                    71:bb:cc:74:62:59:2b:76:24:92:71:7e:ac:81:b3:
                    fb:21:33:8d:7c:2a:f2:55:04:8d:90:7d:65:cd:b7:
                    20:f4:74:36:8b:0b:37:3c:76:6b:14:ba:25:a5:c2:
                    c0:5c:b0:3a:60:87:2c:83:c2:87:ce:3b:53:bd:fa:
                    a9:68:be:fa:b0:29:71:a2:d6:18:ad:94:aa:f5:f3:
                    3d:0f:77:47:09:ea:ed:68:12:a7:00:86:a9:e7:96:
                    09:40:f9:af:ce:c5:0f:11:25:b7:69:e4:06:e9:0a:
                    55:bf:15:cf:9c:b7:11:c2:df:dc:d7:3e:d6:6b:52:
                    10:6b:61:bf:69:fd:16:36:4d:6f:03:a3:b8:82:c9:
                    93:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3A:12:09:2F:DA:87:A0:C3:46:C1:1E:3E:39:2A:BC:14:22:36:E9
            X509v3 Authority Key Identifier:
                keyid:5F:BE:B9:9F:06:41:C2:00:0B:AC:05:A3:26:B4:18:A4:C0:29:4B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X765nwZBwgALrAWjJrQYpMApS3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/653dac-a69c-48e5-b7c8-575a2080896a/1/X765nwZBwgALrAWjJrQYpMApS3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         7e:f9:e6:03:3e:7e:69:71:8c:7e:6f:c5:c3:93:db:1e:ad:77:
         1e:54:f8:bf:4c:0c:bb:06:12:0b:83:8b:d2:fe:1e:01:52:d2:
         64:a3:45:ef:ff:55:1c:4d:c8:f4:97:f5:85:90:3a:f5:cb:b7:
         cb:32:8a:6c:7b:0a:f8:a8:43:e4:13:fb:d6:42:eb:7d:d1:aa:
         ab:fc:d5:26:f8:c1:ce:4f:f8:24:40:a1:a8:c5:3e:12:ea:93:
         77:de:ab:8c:0b:69:29:dd:e3:68:d8:01:32:5c:77:9d:a7:d8:
         d6:39:43:c2:15:21:90:fe:5c:55:b1:73:84:bd:60:70:54:4b:
         b5:b3:e8:2e:8c:90:8d:cf:aa:ff:b6:59:64:f4:eb:00:71:7f:
         4c:05:66:3d:cd:6b:5e:7f:ad:f8:ea:8c:ba:0e:b0:5f:1f:40:
         77:8c:75:6f:29:c5:19:db:36:58:07:4d:a5:01:0d:d9:9d:d3:
         48:58:a0:a6:7b:80:49:95:f1:da:1b:61:74:60:c0:cd:5b:f8:
         64:ea:e5:40:b6:4d:ad:f2:a0:49:0a:d8:ae:79:3d:b6:02:7b:
         ef:f8:63:a5:bc:ed:a8:b1:36:bd:f9:f1:6e:fd:e6:c0:e5:56:
         f9:6b:c1:03:d4:df:5b:b9:29:25:75:06:12:9e:08:a0:59:cb:
         f3:ac:5e:87
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZaDkMMtd7PIvY9N3kC7MHlTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmViOTlmMDY0MWMyMDAwYmFjMDVhMzI2YjQxOGE0YzAy
OTRiN2EwHhcNMjUwNDI5MjIwMDI0WhcNMjUwNDMwMjIwMDI0WjAzMTEwLwYDVQQD
EygyYTNhMTIwOTJmZGE4N2EwYzM0NmMxMWUzZTM5MmFiYzE0MjIzNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA37TGPFCbwtBRbLrtd0+5N9MTwGrf
4LGIjoBhQAi+QPSkEXDhZkRf61IL5K7raMMCru9f1U3IU7L+wOJgWZGLCtm2rknN
qdyzgHF+HESQiAwjbR/6jxhR+ObrN+aytG1dAPgrFkDBZSIF3a1cNyZRlk3lLGqR
R9Rxu8x0YlkrdiSScX6sgbP7ITONfCryVQSNkH1lzbcg9HQ2iws3PHZrFLolpcLA
XLA6YIcsg8KHzjtTvfqpaL76sClxotYYrZSq9fM9D3dHCertaBKnAIap55YJQPmv
zsUPESW3aeQG6QpVvxXPnLcRwt/c1z7Wa1IQa2G/af0WNk1vA6O4gsmT2wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCo6Egkv2oegw0bBHj45KrwUIjbpMB8GA1UdIwQY
MBaAFF++uZ8GQcIAC6wFoya0GKTAKUt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc2NW53WkJ3Z0FMckFXakpyUVlwTUFwUzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS82NTNkYWMtYTY5Yy00OGU1LWI3Yzgt
NTc1YTIwODA4OTZhLzEvWDc2NW53WkJ3Z0FMckFXakpyUVlwTUFwUzNvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS82NTNkYWMtYTY5Yy00OGU1LWI3YzgtNTc1YTIwODA4OTZh
LzEvWDc2NW53WkJ3Z0FMckFXakpyUVlwTUFwUzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAfvnmAz5+
aXGMfm/Fw5PbHq13HlT4v0wMuwYSC4OL0v4eAVLSZKNF7/9VHE3I9Jf1hZA69cu3
yzKKbHsK+KhD5BP71kLrfdGqq/zVJvjBzk/4JEChqMU+EuqTd96rjAtpKd3jaNgB
Mlx3nafY1jlDwhUhkP5cVbFzhL1gcFRLtbPoLoyQjc+q/7ZZZPTrAHF/TAVmPc1r
Xn+t+OqMug6wXx9Ad4x1bynFGds2WAdNpQEN2Z3TSFigpnuASZXx2hthdGDAzVv4
ZOrlQLZNrfKgSQrYrnk9tgJ77/hjpbztqLE2vfnxbv3mwOVW+WvBA9TfW7kpJXUG
Ep4IoFnL86xehw==
-----END CERTIFICATE-----