Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft
File:                     9Lf2q209ljfV1-rM4943lLnPPg8.mft (raw, json)
Hash identifier:          cV7gNR+VOk2GG7zzEESkZKtoL8DydPi391WcRCjGR4U=
Subject key identifier:   8F:4E:55:FD:E9:B9:FD:56:7F:09:D0:54:0A:A2:9A:D4:21:21:48:CA
Authority key identifier: F4:B7:F6:AB:6D:3D:96:37:D5:D7:EA:CC:E3:DE:37:94:B9:CF:3E:0F
Certificate issuer:       /CN=f4b7f6ab6d3d9637d5d7eacce3de3794b9cf3e0f
Certificate serial:       019687DB9390BB66B02D2716D1A971107173
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Lf2q209ljfV1-rM4943lLnPPg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft
Manifest number:          C2
Signing time:             Wed 30 Apr 2025 18:00:36 +0000
Manifest this update:     Wed 30 Apr 2025 18:00:36 +0000
Manifest next update:     Thu 01 May 2025 18:00:36 +0000
Files and hashes:         1: 9Lf2q209ljfV1-rM4943lLnPPg8.crl (hash: mIVtaRC/KfoAzjbdDn14U0wCKLi+jYxHvEjEjtOmb8c=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Lf2q209ljfV1-rM4943lLnPPg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:db:93:90:bb:66:b0:2d:27:16:d1:a9:71:10:71:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b7f6ab6d3d9637d5d7eacce3de3794b9cf3e0f
        Validity
            Not Before: Apr 30 18:00:36 2025 GMT
            Not After : May  1 18:00:36 2025 GMT
        Subject: CN=8f4e55fde9b9fd567f09d0540aa29ad4212148ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:3b:93:75:11:40:0a:8f:76:1a:b8:22:05:30:
                    cb:09:e7:4b:be:83:b3:48:ec:3b:c8:4b:5e:cd:49:
                    ea:66:84:4d:52:2d:d1:dd:c6:b2:5e:0d:68:cb:13:
                    e8:67:0e:c3:82:73:fe:10:e8:eb:9d:73:68:52:33:
                    f1:53:10:c8:cd:ef:cd:ce:6b:91:b4:b4:52:1d:3b:
                    51:27:46:85:51:13:9f:ba:39:8e:c9:89:35:e0:22:
                    00:ed:47:35:56:94:b9:0d:41:ed:f1:fa:81:3e:98:
                    7b:dd:80:16:7a:6d:ac:ef:22:dc:b7:dd:c4:ef:06:
                    30:54:10:69:0a:c9:d3:91:db:5d:4f:d8:a8:f8:74:
                    40:18:1b:f2:c3:b8:5a:ab:81:a2:b7:52:f2:55:be:
                    5e:cd:03:e4:6b:18:ee:1e:b4:94:6d:b2:a6:99:2f:
                    87:11:43:7c:3a:e2:e6:85:59:e2:24:d7:f4:90:76:
                    d4:77:68:ff:e3:85:d6:9d:93:11:73:33:c0:6f:ad:
                    a7:c8:0b:65:23:c5:83:1c:7e:bd:5f:f2:2b:6f:08:
                    b7:7b:2d:44:f5:25:d4:97:06:b8:44:8b:a2:ac:54:
                    ed:ea:d6:6c:53:ab:bd:db:97:ab:d8:62:bc:c3:b3:
                    66:e9:04:5a:aa:fc:84:b6:1b:9b:e0:dc:63:96:ae:
                    61:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:4E:55:FD:E9:B9:FD:56:7F:09:D0:54:0A:A2:9A:D4:21:21:48:CA
            X509v3 Authority Key Identifier:
                keyid:F4:B7:F6:AB:6D:3D:96:37:D5:D7:EA:CC:E3:DE:37:94:B9:CF:3E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Lf2q209ljfV1-rM4943lLnPPg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/2aa9f9-bdb4-4ab9-8f9b-6b8aa0a2c960/1/9Lf2q209ljfV1-rM4943lLnPPg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         2e:c6:59:4f:24:be:f6:cf:93:17:17:39:02:36:3f:f8:6e:d3:
         48:a5:9f:0b:09:13:d4:73:82:01:61:1d:5f:76:7c:56:93:d8:
         b5:4f:db:40:2a:df:03:38:cb:19:9e:5f:f7:3f:ba:f7:39:dd:
         59:da:fc:44:9a:9f:78:fe:de:d2:86:70:8a:c9:55:b0:ab:98:
         0d:9a:f0:12:85:f8:7a:13:ee:7f:48:a6:c1:14:44:e9:99:7b:
         88:c2:2e:42:c7:7a:e3:20:f2:30:f7:1c:f0:a1:01:f5:4c:81:
         0f:07:48:f2:50:2b:b4:77:b3:d6:40:e3:d1:cd:f0:4b:be:51:
         5c:c5:ad:ab:a5:13:ae:ba:ce:e5:f6:6a:97:2c:d1:ea:74:5e:
         97:fe:87:65:46:4f:b7:c5:4e:1a:49:ea:30:e9:91:d7:28:a2:
         96:69:85:f2:37:ad:bc:f8:ac:89:07:eb:5a:85:9b:db:cd:14:
         17:6b:d0:8f:13:fa:bf:fc:4b:bc:60:6c:3b:e7:af:28:a2:21:
         aa:47:b3:71:a8:ff:4a:ba:9b:1f:8b:f3:d2:81:b8:30:a3:f2:
         c4:39:54:00:5a:07:49:07:33:28:51:30:05:57:7a:1a:48:f2:
         a0:d2:f4:5d:6f:3a:86:00:69:c9:ca:3a:75:4d:7e:6c:53:65:
         73:ca:06:a4
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZaH25OQu2awLScW0alxEHFzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YjdmNmFiNmQzZDk2MzdkNWQ3ZWFjY2UzZGUzNzk0Yjlj
ZjNlMGYwHhcNMjUwNDMwMTgwMDM2WhcNMjUwNTAxMTgwMDM2WjAzMTEwLwYDVQQD
Eyg4ZjRlNTVmZGU5YjlmZDU2N2YwOWQwNTQwYWEyOWFkNDIxMjE0OGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizuTdRFACo92GrgiBTDLCedLvoOz
SOw7yEtezUnqZoRNUi3R3cayXg1oyxPoZw7DgnP+EOjrnXNoUjPxUxDIze/NzmuR
tLRSHTtRJ0aFUROfujmOyYk14CIA7Uc1VpS5DUHt8fqBPph73YAWem2s7yLct93E
7wYwVBBpCsnTkdtdT9io+HRAGBvyw7haq4Git1LyVb5ezQPkaxjuHrSUbbKmmS+H
EUN8OuLmhVniJNf0kHbUd2j/44XWnZMRczPAb62nyAtlI8WDHH69X/Irbwi3ey1E
9SXUlwa4RIuirFTt6tZsU6u925er2GK8w7Nm6QRaqvyEthub4Nxjlq5hoQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFI9OVf3puf1WfwnQVAqimtQhIUjKMB8GA1UdIwQY
MBaAFPS39qttPZY31dfqzOPeN5S5zz4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxmMnEyMDlsamZWMS1yTTQ5NDNsTG5QUGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yYWE5ZjktYmRiNC00YWI5LThmOWIt
NmI4YWEwYTJjOTYwLzEvOUxmMnEyMDlsamZWMS1yTTQ5NDNsTG5QUGc4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yYWE5ZjktYmRiNC00YWI5LThmOWItNmI4YWEwYTJjOTYw
LzEvOUxmMnEyMDlsamZWMS1yTTQ5NDNsTG5QUGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEALsZZTyS+
9s+TFxc5AjY/+G7TSKWfCwkT1HOCAWEdX3Z8VpPYtU/bQCrfAzjLGZ5f9z+69znd
Wdr8RJqfeP7e0oZwislVsKuYDZrwEoX4ehPuf0imwRRE6Zl7iMIuQsd64yDyMPcc
8KEB9UyBDwdI8lArtHez1kDj0c3wS75RXMWtq6UTrrrO5fZqlyzR6nRel/6HZUZP
t8VOGknqMOmR1yiilmmF8jetvPisiQfrWoWb280UF2vQjxP6v/xLvGBsO+evKKIh
qkezcaj/SrqbH4vz0oG4MKPyxDlUAFoHSQczKFEwBVd6GkjyoNL0XW86hgBpyco6
dU1+bFNlc8oGpA==
-----END CERTIFICATE-----