Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/4b48f3-8808-473d-a7e6-186b286854be/1/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.mft
File:                     pNOAQa5OcxV3JKqfPuBDBeXxKDQ.mft (raw, json)
Hash identifier:          g2shHNbo31zxPWTtMZvwnIp14BkveOg/vBcNkRWTA0Q=
Subject key identifier:   3B:FA:A3:4D:1F:BE:32:85:E3:EE:CF:B5:47:9D:DD:E6:E6:C9:73:7C
Authority key identifier: A4:D3:80:41:AE:4E:73:15:77:24:AA:9F:3E:E0:43:05:E5:F1:28:34
Certificate issuer:       /CN=a4d38041ae4e73157724aa9f3ee04305e5f12834
Certificate serial:       019A4EF4444CAD394434497053E05FA8C48F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/4b48f3-8808-473d-a7e6-186b286854be/1/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.mft
Manifest number:          16DD
Signing time:             Tue 04 Nov 2025 13:00:22 +0000
Manifest this update:     Tue 04 Nov 2025 13:00:22 +0000
Manifest next update:     Wed 05 Nov 2025 13:00:22 +0000
Files and hashes:         1: pNOAQa5OcxV3JKqfPuBDBeXxKDQ.crl (hash: ychPeBcMos9LvyRgsSuwIxglyWjwJXBegKbquzVtzmk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/4b48f3-8808-473d-a7e6-186b286854be/1/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/4b48f3-8808-473d-a7e6-186b286854be/1/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:f4:44:4c:ad:39:44:34:49:70:53:e0:5f:a8:c4:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4d38041ae4e73157724aa9f3ee04305e5f12834
        Validity
            Not Before: Nov  4 13:00:22 2025 GMT
            Not After : Nov  5 13:00:22 2025 GMT
        Subject: CN=3bfaa34d1fbe3285e3eecfb5479ddde6e6c9737c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d4:6e:e3:92:d2:0a:bd:22:d6:dd:14:35:15:
                    21:15:42:ff:94:2c:30:f3:e3:e9:e3:d2:25:50:51:
                    86:ad:c4:28:33:0f:68:a5:c4:dd:f1:09:04:56:9f:
                    2b:f6:b4:ef:bb:02:79:54:fc:39:fb:c1:65:44:b6:
                    05:9e:26:9a:ba:db:5d:87:5c:2f:0f:03:0b:22:cb:
                    a2:f0:ee:91:35:27:24:2d:df:41:da:50:a1:8f:02:
                    e9:82:94:a3:61:5a:f2:b9:e4:e5:5d:06:72:ba:21:
                    63:61:25:fc:a0:3d:bc:a6:da:d3:10:73:b3:c2:89:
                    11:f8:c9:33:e2:11:27:1a:54:b4:f7:bd:c6:c5:b9:
                    00:54:61:f1:60:17:79:bb:48:4d:c9:49:b6:b5:0e:
                    bf:14:68:7a:9e:7e:e0:3b:a6:ac:be:72:43:08:b6:
                    66:1c:ac:f4:d7:37:e2:f0:8c:de:71:eb:cd:37:74:
                    73:d3:b8:14:64:22:d4:27:b4:7e:91:26:d2:2d:c9:
                    77:41:a6:42:12:a7:b2:55:63:65:8c:58:fc:d1:4e:
                    51:c2:4f:ce:46:99:f6:fb:07:06:30:79:84:db:0f:
                    eb:f6:52:08:ca:27:4c:03:db:57:0c:2f:ef:ad:dd:
                    4d:5d:d5:73:83:dc:73:ca:44:3d:49:5b:fa:88:f9:
                    e0:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:FA:A3:4D:1F:BE:32:85:E3:EE:CF:B5:47:9D:DD:E6:E6:C9:73:7C
            X509v3 Authority Key Identifier:
                keyid:A4:D3:80:41:AE:4E:73:15:77:24:AA:9F:3E:E0:43:05:E5:F1:28:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4b48f3-8808-473d-a7e6-186b286854be/1/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4b48f3-8808-473d-a7e6-186b286854be/1/pNOAQa5OcxV3JKqfPuBDBeXxKDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         02:c0:e4:f6:bd:63:94:a0:85:91:3e:11:1e:55:1b:47:0b:59:
         5f:eb:df:9f:00:ea:30:59:9d:47:ca:b9:78:b1:f3:87:22:e6:
         37:9f:86:24:b9:cb:70:54:f7:82:be:2a:b6:d8:36:62:39:c1:
         95:4a:93:e8:fc:f4:67:a8:63:2a:0f:95:e1:85:81:74:f2:41:
         73:f3:c9:66:c9:94:bb:03:01:38:a6:57:6f:af:41:f1:08:fb:
         5e:10:8d:2a:05:f5:c8:f5:09:82:3e:8e:c6:8b:ed:26:04:3b:
         75:19:aa:21:c4:46:82:aa:25:eb:f5:db:db:1b:de:ff:65:47:
         77:25:01:1e:40:c3:91:09:de:f6:cd:6b:a9:58:db:2c:48:cc:
         9e:a4:32:54:fd:b4:08:55:10:67:28:82:66:de:fc:31:ca:4e:
         f9:09:39:62:7b:2c:f3:82:bf:5b:38:5b:e2:c5:62:68:32:f6:
         35:08:b5:32:e7:92:c1:8d:d1:0c:ac:8b:15:78:72:46:9c:a8:
         90:5e:58:05:04:ce:3d:84:14:21:17:0c:46:39:d9:6e:0f:9e:
         d7:85:4d:51:e6:15:81:fd:01:72:b5:38:7d:99:c8:e5:a2:5e:
         dc:e2:3d:56:72:31:0b:0a:5c:6b:a5:83:ba:5e:a1:14:b1:27:
         c9:56:97:47
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpO9ERMrTlENElwU+BfqMSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZDM4MDQxYWU0ZTczMTU3NzI0YWE5ZjNlZTA0MzA1ZTVm
MTI4MzQwHhcNMjUxMTA0MTMwMDIyWhcNMjUxMTA1MTMwMDIyWjAzMTEwLwYDVQQD
EygzYmZhYTM0ZDFmYmUzMjg1ZTNlZWNmYjU0NzlkZGRlNmU2Yzk3MzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29Ru45LSCr0i1t0UNRUhFUL/lCww
8+Pp49IlUFGGrcQoMw9opcTd8QkEVp8r9rTvuwJ5VPw5+8FlRLYFniaauttdh1wv
DwMLIsui8O6RNSckLd9B2lChjwLpgpSjYVryueTlXQZyuiFjYSX8oD28ptrTEHOz
wokR+Mkz4hEnGlS0973GxbkAVGHxYBd5u0hNyUm2tQ6/FGh6nn7gO6asvnJDCLZm
HKz01zfi8IzecevNN3Rz07gUZCLUJ7R+kSbSLcl3QaZCEqeyVWNljFj80U5Rwk/O
Rpn2+wcGMHmE2w/r9lIIyidMA9tXDC/vrd1NXdVzg9xzykQ9SVv6iPng+wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDv6o00fvjKF4+7PtUed3ebmyXN8MB8GA1UdIwQY
MBaAFKTTgEGuTnMVdySqnz7gQwXl8Sg0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE5PQVFhNU9jeFYzSktxZlB1QkRCZVh4S0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80YjQ4ZjMtODgwOC00NzNkLWE3ZTYt
MTg2YjI4Njg1NGJlLzEvcE5PQVFhNU9jeFYzSktxZlB1QkRCZVh4S0RRLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80YjQ4ZjMtODgwOC00NzNkLWE3ZTYtMTg2YjI4Njg1NGJl
LzEvcE5PQVFhNU9jeFYzSktxZlB1QkRCZVh4S0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAAsDk9r1j
lKCFkT4RHlUbRwtZX+vfnwDqMFmdR8q5eLHzhyLmN5+GJLnLcFT3gr4qttg2YjnB
lUqT6Pz0Z6hjKg+V4YWBdPJBc/PJZsmUuwMBOKZXb69B8Qj7XhCNKgX1yPUJgj6O
xovtJgQ7dRmqIcRGgqol6/Xb2xve/2VHdyUBHkDDkQne9s1rqVjbLEjMnqQyVP20
CFUQZyiCZt78McpO+Qk5Ynss84K/Wzhb4sViaDL2NQi1MueSwY3RDKyLFXhyRpyo
kF5YBQTOPYQUIRcMRjnZbg+e14VNUeYVgf0BcrU4fZnI5aJe3OI9VnIxCwpca6WD
ul6hFLEnyVaXRw==
-----END CERTIFICATE-----