Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
File:                     OhsBRND2_wuDzON2eUYxdFt8p6A.mft (raw, json)
Hash identifier:          KArN+BV2hRbkEaR4If2Ba/Yi7cIRdjcgc7c/wAEtATE=
Subject key identifier:   FD:F0:B0:94:3E:FD:48:BF:A7:17:CC:FB:A3:19:18:32:23:DB:3C:86
Authority key identifier: 3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0
Certificate issuer:       /CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
Certificate serial:       019A4F98D69CB17CF87EAAB8327298CD3200
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
Manifest number:          123E
Signing time:             Tue 04 Nov 2025 16:00:07 +0000
Manifest this update:     Tue 04 Nov 2025 16:00:07 +0000
Manifest next update:     Wed 05 Nov 2025 16:00:07 +0000
Files and hashes:         1: OhsBRND2_wuDzON2eUYxdFt8p6A.crl (hash: QtCJt1/kI00CRcEvG937QZoQN3KRHL6+paHqKNH15IU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:98:d6:9c:b1:7c:f8:7e:aa:b8:32:72:98:cd:32:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1b0144d0f6ff0b83cce376794631745b7ca7a0
        Validity
            Not Before: Nov  4 16:00:07 2025 GMT
            Not After : Nov  5 16:00:07 2025 GMT
        Subject: CN=fdf0b0943efd48bfa717ccfba319183223db3c86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:a6:99:50:3e:a6:e9:28:ce:20:c0:5c:3a:c1:
                    0f:1f:b1:53:b5:b1:f1:90:d2:92:09:ed:42:4f:03:
                    87:3f:dd:fe:8c:39:6d:b7:14:52:9a:41:bd:fb:08:
                    f9:e2:57:b4:a3:b6:90:d2:4a:48:fd:ff:7d:a3:30:
                    2b:26:32:b1:7d:77:d8:44:bf:88:5e:bc:c4:1f:65:
                    58:f2:04:1d:90:46:d8:63:da:d9:19:3e:28:5c:a1:
                    b2:25:27:c9:7f:8a:24:57:b5:69:a6:e0:8e:7f:b2:
                    51:3e:48:8e:a6:51:0d:85:cc:a7:11:68:a3:82:e8:
                    c2:b8:33:6e:fe:07:da:93:fd:cc:f8:92:4c:39:11:
                    61:a9:c1:25:b8:fb:d3:3d:da:97:aa:18:91:e9:aa:
                    21:4a:69:0c:f5:0b:00:3e:69:d7:e4:48:c3:7e:cb:
                    f9:df:48:69:f1:33:d4:a6:45:84:48:99:72:c6:d0:
                    27:28:c5:01:dd:c5:39:27:af:3e:93:b4:cf:fb:f3:
                    87:ec:37:ae:98:55:96:6e:0e:8b:80:9c:b2:c4:e4:
                    b7:73:da:7d:a4:e8:c6:0a:23:55:24:da:c1:af:98:
                    ec:4a:58:28:79:b0:a7:92:2b:32:82:79:ee:39:39:
                    8d:71:6a:53:60:89:7a:d2:47:35:30:a6:55:27:df:
                    1d:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:F0:B0:94:3E:FD:48:BF:A7:17:CC:FB:A3:19:18:32:23:DB:3C:86
            X509v3 Authority Key Identifier:
                keyid:3A:1B:01:44:D0:F6:FF:0B:83:CC:E3:76:79:46:31:74:5B:7C:A7:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OhsBRND2_wuDzON2eUYxdFt8p6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/628406-3e2c-4896-82ea-250544277d5c/1/OhsBRND2_wuDzON2eUYxdFt8p6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         13:1d:d1:c9:b3:43:9e:18:f1:c7:cb:4a:9d:fe:fe:e4:cb:aa:
         32:bf:6b:4b:b8:05:38:60:52:fc:75:4d:e9:01:ca:3f:02:67:
         05:d3:c2:00:2e:f5:59:fa:5f:64:63:ec:3d:4f:6f:47:85:4b:
         8b:c2:ad:46:72:ad:6e:b5:75:f3:ab:9e:8a:dc:aa:e1:88:e4:
         cd:ec:51:4f:2a:22:f2:e5:1e:b2:80:3c:3e:ab:75:27:47:e1:
         34:ac:0e:15:e8:08:1c:b0:a5:a2:66:d6:a6:9d:f6:bf:ad:55:
         11:52:3b:64:fd:e1:c8:c2:be:c3:2e:07:a0:a0:6c:89:18:54:
         2f:a3:fe:af:63:f7:b2:09:5e:33:c7:22:2a:8e:82:36:27:a9:
         f2:d0:e6:ee:42:5a:f4:4f:e1:e9:69:c4:34:96:18:84:18:f1:
         7a:94:cf:48:2b:a7:e0:2a:64:22:10:0e:d9:18:06:7e:fc:bc:
         84:f0:8d:8a:86:30:16:e4:a0:46:0e:88:e1:f6:74:d4:78:c7:
         4c:d3:b4:53:1d:b6:7c:4e:86:76:d2:27:c0:0c:78:40:61:a8:
         f6:f3:e9:02:09:3e:11:c3:0b:ea:8c:53:c7:18:7c:06:9e:c6:
         e8:a6:41:92:da:f2:f4:81:e4:36:85:32:26:6e:d4:0b:0b:51:
         15:87:c7:8c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpPmNacsXz4fqq4MnKYzTIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWIwMTQ0ZDBmNmZmMGI4M2NjZTM3Njc5NDYzMTc0NWI3
Y2E3YTAwHhcNMjUxMTA0MTYwMDA3WhcNMjUxMTA1MTYwMDA3WjAzMTEwLwYDVQQD
EyhmZGYwYjA5NDNlZmQ0OGJmYTcxN2NjZmJhMzE5MTgzMjIzZGIzYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8aaZUD6m6SjOIMBcOsEPH7FTtbHx
kNKSCe1CTwOHP93+jDlttxRSmkG9+wj54le0o7aQ0kpI/f99ozArJjKxfXfYRL+I
XrzEH2VY8gQdkEbYY9rZGT4oXKGyJSfJf4okV7VppuCOf7JRPkiOplENhcynEWij
gujCuDNu/gfak/3M+JJMORFhqcEluPvTPdqXqhiR6aohSmkM9QsAPmnX5EjDfsv5
30hp8TPUpkWESJlyxtAnKMUB3cU5J68+k7TP+/OH7DeumFWWbg6LgJyyxOS3c9p9
pOjGCiNVJNrBr5jsSlgoebCnkisygnnuOTmNcWpTYIl60kc1MKZVJ98dKQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFP3wsJQ+/Ui/pxfM+6MZGDIj2zyGMB8GA1UdIwQY
MBaAFDobAUTQ9v8Lg8zjdnlGMXRbfKegMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEt
MjUwNTQ0Mjc3ZDVjLzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82Mjg0MDYtM2UyYy00ODk2LTgyZWEtMjUwNTQ0Mjc3ZDVj
LzEvT2hzQlJORDJfd3VEek9OMmVVWXhkRnQ4cDZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAEx3RybND
nhjxx8tKnf7+5MuqMr9rS7gFOGBS/HVN6QHKPwJnBdPCAC71WfpfZGPsPU9vR4VL
i8KtRnKtbrV186ueityq4YjkzexRTyoi8uUesoA8Pqt1J0fhNKwOFegIHLClombW
pp32v61VEVI7ZP3hyMK+wy4HoKBsiRhUL6P+r2P3sgleM8ciKo6CNiep8tDm7kJa
9E/h6WnENJYYhBjxepTPSCun4CpkIhAO2RgGfvy8hPCNioYwFuSgRg6I4fZ01HjH
TNO0Ux22fE6GdtInwAx4QGGo9vPpAgk+EcML6oxTxxh8Bp7G6KZBktry9IHkNoUy
Jm7UCwtRFYfHjA==
-----END CERTIFICATE-----