Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft
File:                     ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft (raw, json)
Hash identifier:          CAcXjkrweuOFnhzsOqM6jFBmbC/qtQTjsY1zL0VBEJM=
Subject key identifier:   C9:B9:69:11:EB:E0:CD:6D:86:D5:D1:07:0E:7C:5F:81:80:4A:43:EB
Authority key identifier: 89:B9:8B:1D:BC:4D:B0:FB:D8:65:6D:2B:2B:8A:53:E2:C3:DC:A6:AB
Certificate issuer:       /CN=89b98b1dbc4db0fbd8656d2b2b8a53e2c3dca6ab
Certificate serial:       01967EA159343FF417553B81990486E7F1DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ibmLHbxNsPvYZW0rK4pT4sPcpqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft
Manifest number:          0E10
Signing time:             Mon 28 Apr 2025 23:00:25 +0000
Manifest this update:     Mon 28 Apr 2025 23:00:25 +0000
Manifest next update:     Tue 29 Apr 2025 23:00:25 +0000
Files and hashes:         1: ibmLHbxNsPvYZW0rK4pT4sPcpqs.crl (hash: d9Ikqmx0doZnUbGDbDb8C1olA7N8sv9LRv/ipPD/3Tg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ibmLHbxNsPvYZW0rK4pT4sPcpqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 23:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7e:a1:59:34:3f:f4:17:55:3b:81:99:04:86:e7:f1:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89b98b1dbc4db0fbd8656d2b2b8a53e2c3dca6ab
        Validity
            Not Before: Apr 28 23:00:25 2025 GMT
            Not After : Apr 29 23:00:25 2025 GMT
        Subject: CN=c9b96911ebe0cd6d86d5d1070e7c5f81804a43eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ff:11:dc:11:d3:66:68:9b:4f:07:8d:33:df:
                    c8:1e:ab:6b:a3:24:60:a8:6e:e5:4b:fb:93:9d:6b:
                    ec:bc:c4:c1:cb:89:5e:4e:bc:31:4f:d5:21:7e:56:
                    ab:c3:0d:6d:0e:18:e9:0f:86:11:03:8d:19:76:17:
                    1c:71:d9:aa:8a:00:c7:8f:85:1b:8f:d1:46:f2:ec:
                    13:f2:d7:e6:72:21:2c:2b:88:82:87:6d:42:b3:4f:
                    86:c8:e6:54:e1:58:ed:41:a6:4c:19:4c:f3:dc:d1:
                    ff:aa:29:9e:b3:91:58:92:bd:8e:b5:3c:54:f5:59:
                    62:08:65:09:7b:21:94:29:83:f1:0f:d1:07:0e:4b:
                    b8:bc:f6:e1:a4:94:a2:09:1d:d6:86:52:24:90:55:
                    c0:c9:28:22:ec:de:aa:a3:8c:d0:8a:47:a2:a6:42:
                    8e:6f:ad:bf:ad:35:26:68:df:74:63:9e:d9:f8:d0:
                    ce:dd:25:c9:b5:60:66:e1:ae:07:2f:17:c7:44:8f:
                    cc:a8:f4:e7:bc:f9:c1:ae:11:ab:9d:87:a6:03:31:
                    bf:34:52:8c:a8:cc:4c:f2:08:a4:8c:39:52:46:0f:
                    1d:34:26:9b:29:8b:e2:d2:17:ed:0d:4c:60:51:3a:
                    6b:de:6e:64:96:ec:ac:a0:6b:e3:c5:9e:a7:bf:e9:
                    71:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:B9:69:11:EB:E0:CD:6D:86:D5:D1:07:0E:7C:5F:81:80:4A:43:EB
            X509v3 Authority Key Identifier:
                keyid:89:B9:8B:1D:BC:4D:B0:FB:D8:65:6D:2B:2B:8A:53:E2:C3:DC:A6:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibmLHbxNsPvYZW0rK4pT4sPcpqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/b4b600-47a7-4707-9a9e-4da54471762e/1/ibmLHbxNsPvYZW0rK4pT4sPcpqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         57:09:65:33:7b:dd:77:35:9a:bd:a6:4a:8c:e6:95:ad:3d:ea:
         ef:96:ff:91:fa:63:82:54:c2:36:03:20:78:54:3a:8a:d2:3b:
         99:f8:51:b0:c9:4e:8b:ae:35:96:c1:58:5e:2a:1b:86:95:86:
         bd:81:3d:39:e3:89:80:5a:0d:f8:35:ec:e3:f3:91:57:27:9b:
         57:fd:ee:2e:73:ce:83:42:a1:70:34:a3:e5:9e:08:01:f5:76:
         16:8e:e4:e7:dd:9e:74:a2:f4:71:5e:d6:59:6e:11:6b:16:cc:
         93:50:60:97:ec:a7:9d:75:75:24:fb:00:53:de:49:46:c9:00:
         d5:2d:12:42:01:20:4c:b1:73:03:39:0a:f6:ab:19:ae:c5:1d:
         d2:c9:b4:4f:f7:46:57:78:c2:34:a4:ab:3f:8e:ff:6d:14:47:
         a2:8b:8d:bb:91:12:e6:85:a5:83:2b:96:aa:f5:b9:90:71:0a:
         6c:ae:d9:0f:1d:72:6b:08:51:60:cb:40:da:b2:21:6a:89:2c:
         4f:1d:c1:2a:1e:51:dd:9d:cd:94:cb:88:3e:e8:87:2c:11:68:
         3a:6c:41:17:2a:9a:02:5e:1f:51:dd:d6:ba:7f:a3:b6:b4:e4:
         22:4f:54:c3:89:e7:d3:1a:fc:1d:53:7d:59:86:15:f1:9b:4d:
         24:13:7c:ef
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZ+oVk0P/QXVTuBmQSG5/HcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5Yjk4YjFkYmM0ZGIwZmJkODY1NmQyYjJiOGE1M2UyYzNk
Y2E2YWIwHhcNMjUwNDI4MjMwMDI1WhcNMjUwNDI5MjMwMDI1WjAzMTEwLwYDVQQD
EyhjOWI5NjkxMWViZTBjZDZkODZkNWQxMDcwZTdjNWY4MTgwNGE0M2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3v8R3BHTZmibTweNM9/IHqtroyRg
qG7lS/uTnWvsvMTBy4leTrwxT9Uhflarww1tDhjpD4YRA40ZdhcccdmqigDHj4Ub
j9FG8uwT8tfmciEsK4iCh21Cs0+GyOZU4VjtQaZMGUzz3NH/qimes5FYkr2OtTxU
9VliCGUJeyGUKYPxD9EHDku4vPbhpJSiCR3WhlIkkFXAySgi7N6qo4zQikeipkKO
b62/rTUmaN90Y57Z+NDO3SXJtWBm4a4HLxfHRI/MqPTnvPnBrhGrnYemAzG/NFKM
qMxM8gikjDlSRg8dNCabKYvi0hftDUxgUTpr3m5kluysoGvjxZ6nv+lxfwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMm5aRHr4M1thtXRBw58X4GASkPrMB8GA1UdIwQY
MBaAFIm5ix28TbD72GVtKyuKU+LD3KarMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWJtTEhieE5zUHZZWlcwcks0cFQ0c1BjcHFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iNGI2MDAtNDdhNy00NzA3LTlhOWUt
NGRhNTQ0NzE3NjJlLzEvaWJtTEhieE5zUHZZWlcwcks0cFQ0c1BjcHFzLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iNGI2MDAtNDdhNy00NzA3LTlhOWUtNGRhNTQ0NzE3NjJl
LzEvaWJtTEhieE5zUHZZWlcwcks0cFQ0c1BjcHFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAVwllM3vd
dzWavaZKjOaVrT3q75b/kfpjglTCNgMgeFQ6itI7mfhRsMlOi641lsFYXiobhpWG
vYE9OeOJgFoN+DXs4/ORVyebV/3uLnPOg0KhcDSj5Z4IAfV2Fo7k592edKL0cV7W
WW4RaxbMk1Bgl+ynnXV1JPsAU95JRskA1S0SQgEgTLFzAzkK9qsZrsUd0sm0T/dG
V3jCNKSrP47/bRRHoouNu5ES5oWlgyuWqvW5kHEKbK7ZDx1yawhRYMtA2rIhaoks
Tx3BKh5R3Z3NlMuIPuiHLBFoOmxBFyqaAl4fUd3Wun+jtrTkIk9Uw4nn0xr8HVN9
WYYV8ZtNJBN87w==
-----END CERTIFICATE-----