Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft
File:                     QpeJWSkM6bssG1thREOEQVta-tY.mft (raw, json)
Hash identifier:          MesmJBxG8to7J7gOLFKfPkY0V7aP+ryhLa7FXDGnwas=
Subject key identifier:   55:40:81:7D:E9:0A:5C:F5:ED:77:15:DE:A9:88:D4:DE:54:08:42:B0
Authority key identifier: 42:97:89:59:29:0C:E9:BB:2C:1B:5B:61:44:43:84:41:5B:5A:FA:D6
Certificate issuer:       /CN=42978959290ce9bb2c1b5b61444384415b5afad6
Certificate serial:       019A4EF572667D01E78109A0F2B3C6A5EEB5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpeJWSkM6bssG1thREOEQVta-tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft
Manifest number:          1709
Signing time:             Tue 04 Nov 2025 13:01:39 +0000
Manifest this update:     Tue 04 Nov 2025 13:01:39 +0000
Manifest next update:     Wed 05 Nov 2025 13:01:39 +0000
Files and hashes:         1: QpeJWSkM6bssG1thREOEQVta-tY.crl (hash: vYTJ2PXWKpZDBcQMPNRhoqpd5jn0HJzAdrRjUxxaP1E=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpeJWSkM6bssG1thREOEQVta-tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 13:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:f5:72:66:7d:01:e7:81:09:a0:f2:b3:c6:a5:ee:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42978959290ce9bb2c1b5b61444384415b5afad6
        Validity
            Not Before: Nov  4 13:01:39 2025 GMT
            Not After : Nov  5 13:01:39 2025 GMT
        Subject: CN=5540817de90a5cf5ed7715dea988d4de540842b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a5:8f:b5:46:32:8c:83:82:a8:61:cd:b1:39:
                    6a:20:97:06:5b:5e:40:42:66:e3:b8:2f:80:b9:97:
                    1c:3b:f4:bc:00:10:e3:e3:e1:58:51:8c:bb:19:90:
                    93:eb:28:47:49:e4:41:09:af:66:73:3f:5f:9d:04:
                    98:96:bc:6f:32:6f:4e:81:79:19:cf:c9:6c:dc:1c:
                    3a:94:fd:8a:e1:62:71:92:bd:06:4e:20:5c:9f:48:
                    2e:ed:0f:a3:45:f7:c3:e1:ae:e0:a3:b5:7c:0c:09:
                    4d:0e:e7:1a:b7:af:32:cb:aa:f3:2c:2c:42:fb:10:
                    ab:b2:fa:95:11:a4:a1:d6:76:a6:ba:37:c7:46:ab:
                    e9:6c:30:bb:fe:69:64:b9:aa:2b:3d:a3:e4:47:f6:
                    68:2f:20:41:c4:eb:c7:5d:8e:e6:7d:87:01:fd:98:
                    83:22:e4:e1:32:64:95:27:71:da:41:e8:cd:d3:b4:
                    bc:0b:56:cd:01:e1:70:1f:d9:00:24:0e:3a:67:c1:
                    c2:f7:a8:2e:9b:08:6b:79:93:fd:20:1f:3e:c2:84:
                    9f:df:8c:5c:ca:6c:1a:1c:39:21:2b:02:a4:8e:46:
                    53:3f:c9:7f:9d:2b:3a:6d:6f:0a:44:10:51:1d:8b:
                    e1:9b:ad:46:61:e5:58:f6:84:db:dc:fe:6e:9f:64:
                    f4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:40:81:7D:E9:0A:5C:F5:ED:77:15:DE:A9:88:D4:DE:54:08:42:B0
            X509v3 Authority Key Identifier:
                keyid:42:97:89:59:29:0C:E9:BB:2C:1B:5B:61:44:43:84:41:5B:5A:FA:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpeJWSkM6bssG1thREOEQVta-tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac0b0a-2e83-469d-b89b-326808eccccc/1/QpeJWSkM6bssG1thREOEQVta-tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4d:0a:34:eb:6b:31:ad:b0:c8:f5:15:dc:06:62:9b:ba:cb:0e:
         c0:96:16:40:ed:be:fc:de:95:f0:90:0f:b1:22:26:74:11:32:
         42:3f:92:81:11:38:bf:da:a9:6e:26:60:a6:e7:51:45:fa:37:
         ad:54:4c:68:ee:a0:4b:04:ca:66:a9:9c:25:21:3a:ae:b5:53:
         a9:24:6f:9f:88:2c:91:07:31:30:28:10:3d:70:ad:14:39:db:
         1c:5f:3d:81:9a:32:84:5c:61:63:cc:1a:58:d9:7a:2d:bd:8a:
         93:d1:eb:b0:1f:9a:e8:14:a1:75:ae:ad:20:b8:cf:90:35:c2:
         f8:50:be:05:80:72:f3:e2:b4:4d:87:fa:7a:14:7e:81:1c:20:
         1c:a8:63:f4:c4:7c:d6:ec:5f:f2:07:c2:3b:03:62:2b:da:e2:
         f7:1d:d7:31:be:a8:6b:1d:6e:5b:6e:fe:f0:fa:32:3f:df:8e:
         dd:c9:33:9d:90:1a:37:a0:c8:10:68:ba:e0:ac:9d:01:d7:4a:
         29:78:77:25:69:a2:39:d6:5d:46:ec:ff:cf:d6:ca:dd:53:fc:
         2f:7b:31:82:47:2e:76:1d:53:5d:f9:8a:e3:4d:f0:1e:8a:88:
         86:a3:8d:2e:f4:d6:dc:33:10:17:df:45:79:da:6c:de:64:dc:
         99:ec:c2:9a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpO9XJmfQHngQmg8rPGpe61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTc4OTU5MjkwY2U5YmIyYzFiNWI2MTQ0NDM4NDQxNWI1
YWZhZDYwHhcNMjUxMTA0MTMwMTM5WhcNMjUxMTA1MTMwMTM5WjAzMTEwLwYDVQQD
Eyg1NTQwODE3ZGU5MGE1Y2Y1ZWQ3NzE1ZGVhOTg4ZDRkZTU0MDg0MmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3KWPtUYyjIOCqGHNsTlqIJcGW15A
QmbjuC+AuZccO/S8ABDj4+FYUYy7GZCT6yhHSeRBCa9mcz9fnQSYlrxvMm9OgXkZ
z8ls3Bw6lP2K4WJxkr0GTiBcn0gu7Q+jRffD4a7go7V8DAlNDucat68yy6rzLCxC
+xCrsvqVEaSh1namujfHRqvpbDC7/mlkuaorPaPkR/ZoLyBBxOvHXY7mfYcB/ZiD
IuThMmSVJ3HaQejN07S8C1bNAeFwH9kAJA46Z8HC96gumwhreZP9IB8+woSf34xc
ymwaHDkhKwKkjkZTP8l/nSs6bW8KRBBRHYvhm61GYeVY9oTb3P5un2T0cwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFVAgX3pClz17XcV3qmI1N5UCEKwMB8GA1UdIwQY
MBaAFEKXiVkpDOm7LBtbYURDhEFbWvrWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBlSldTa002YnNzRzF0aFJFT0VRVnRhLXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9hYzBiMGEtMmU4My00NjlkLWI4OWIt
MzI2ODA4ZWNjY2NjLzEvUXBlSldTa002YnNzRzF0aFJFT0VRVnRhLXRZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9hYzBiMGEtMmU4My00NjlkLWI4OWItMzI2ODA4ZWNjY2Nj
LzEvUXBlSldTa002YnNzRzF0aFJFT0VRVnRhLXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEATQo062sx
rbDI9RXcBmKbussOwJYWQO2+/N6V8JAPsSImdBEyQj+SgRE4v9qpbiZgpudRRfo3
rVRMaO6gSwTKZqmcJSE6rrVTqSRvn4gskQcxMCgQPXCtFDnbHF89gZoyhFxhY8wa
WNl6Lb2Kk9HrsB+a6BShda6tILjPkDXC+FC+BYBy8+K0TYf6ehR+gRwgHKhj9MR8
1uxf8gfCOwNiK9ri9x3XMb6oax1uW27+8PoyP9+O3ckznZAaN6DIEGi64KydAddK
KXh3JWmiOdZdRuz/z9bK3VP8L3sxgkcudh1TXfmK403wHoqIhqONLvTW3DMQF99F
edps3mTcmezCmg==
-----END CERTIFICATE-----