Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/8d8372-e079-4831-afd2-437934c58453/1/001KO3R_ynAQOxfz29xQRcrOMt8.mft
File:                     001KO3R_ynAQOxfz29xQRcrOMt8.mft (raw, json)
Hash identifier:          RxoOI0Lv+m3T0tUngO4vhEAauFQ9yjjwoEGoCX5IeuE=
Subject key identifier:   66:34:2D:DF:83:F4:BB:F9:39:DD:00:49:0E:BD:F8:68:C1:CF:C1:DE
Authority key identifier: D3:4D:4A:3B:74:7F:CA:70:10:3B:17:F3:DB:DC:50:45:CA:CE:32:DF
Certificate issuer:       /CN=d34d4a3b747fca70103b17f3dbdc5045cace32df
Certificate serial:       019A4C98039960413D4807A0248A7020E067
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/001KO3R_ynAQOxfz29xQRcrOMt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/8d8372-e079-4831-afd2-437934c58453/1/001KO3R_ynAQOxfz29xQRcrOMt8.mft
Manifest number:          170D
Signing time:             Tue 04 Nov 2025 02:00:21 +0000
Manifest this update:     Tue 04 Nov 2025 02:00:21 +0000
Manifest next update:     Wed 05 Nov 2025 02:00:21 +0000
Files and hashes:         1: 001KO3R_ynAQOxfz29xQRcrOMt8.crl (hash: kpWCzhYCefGOstnFcJx9l2udyFzGHpOud4qr7ss82is=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/8d8372-e079-4831-afd2-437934c58453/1/001KO3R_ynAQOxfz29xQRcrOMt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/8d8372-e079-4831-afd2-437934c58453/1/001KO3R_ynAQOxfz29xQRcrOMt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/001KO3R_ynAQOxfz29xQRcrOMt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 02:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4c:98:03:99:60:41:3d:48:07:a0:24:8a:70:20:e0:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d34d4a3b747fca70103b17f3dbdc5045cace32df
        Validity
            Not Before: Nov  4 02:00:21 2025 GMT
            Not After : Nov  5 02:00:21 2025 GMT
        Subject: CN=66342ddf83f4bbf939dd00490ebdf868c1cfc1de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:65:b7:14:af:54:b1:14:bd:ed:d7:5c:13:d4:
                    5a:20:30:ee:a9:99:78:8d:0a:46:76:bc:8e:da:6a:
                    b3:53:a1:0d:d3:85:7a:39:2a:b4:f9:89:e3:70:0c:
                    c4:d2:5d:59:87:f6:bb:d2:f7:db:c7:c2:8c:01:c7:
                    73:56:4c:47:ed:7b:cc:4a:48:99:7b:9a:f9:6a:90:
                    90:12:ef:1f:35:cc:e3:b6:17:05:f2:25:f1:b0:72:
                    a3:ac:be:4c:19:a4:84:2c:bb:b6:ee:1f:30:10:30:
                    8a:60:30:e3:e9:b7:f8:7a:88:30:aa:5d:01:47:23:
                    ef:47:28:56:e8:f7:04:53:3e:8d:46:42:33:ce:cf:
                    fd:40:bb:f1:7b:ba:bb:91:a7:6b:ad:d4:5d:28:8e:
                    65:4d:e0:26:d2:f3:78:fc:f5:e5:2e:40:c7:b3:c9:
                    35:70:1c:06:80:0a:11:a4:24:de:ee:37:de:bf:8d:
                    a9:99:70:69:80:52:3e:bc:9b:05:fa:ee:40:42:26:
                    4a:38:f7:a5:13:fe:0f:dc:cb:07:d1:e1:e5:65:07:
                    27:2d:ee:8e:e9:57:77:4d:5e:63:81:49:23:58:7a:
                    e8:4d:be:f9:c1:a6:18:75:4b:18:7a:ea:fa:95:6c:
                    bb:25:9f:75:cb:e9:b7:87:17:a6:b3:d6:88:e1:5c:
                    45:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:34:2D:DF:83:F4:BB:F9:39:DD:00:49:0E:BD:F8:68:C1:CF:C1:DE
            X509v3 Authority Key Identifier:
                keyid:D3:4D:4A:3B:74:7F:CA:70:10:3B:17:F3:DB:DC:50:45:CA:CE:32:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/001KO3R_ynAQOxfz29xQRcrOMt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/8d8372-e079-4831-afd2-437934c58453/1/001KO3R_ynAQOxfz29xQRcrOMt8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/8d8372-e079-4831-afd2-437934c58453/1/001KO3R_ynAQOxfz29xQRcrOMt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         50:c8:c9:02:c7:cb:97:0a:7c:36:96:08:9b:d9:cd:e4:13:e3:
         de:78:71:61:25:9f:90:ee:89:e7:5a:38:0b:c5:66:52:46:72:
         bb:22:94:1f:d9:11:d8:11:0f:e6:54:49:15:0b:b6:00:7d:68:
         a5:fd:b6:35:db:eb:fe:95:76:73:32:0e:87:91:27:8d:c8:e5:
         20:0e:57:ff:97:a8:e4:3f:79:fd:a9:26:45:fe:86:d0:a4:9d:
         e3:e9:06:ae:96:57:bc:ff:8c:6f:d3:78:e2:c7:9f:3a:c0:f3:
         a9:11:3e:f2:c4:78:c5:57:39:a5:1f:90:ff:a5:f9:40:51:2a:
         39:1b:f4:2c:84:4d:0f:78:fd:db:f6:af:36:e6:a7:dd:6a:0b:
         a3:18:f1:4b:bd:14:b4:f1:bb:43:35:04:d1:cf:fb:fc:0c:c0:
         42:1e:2b:83:3d:ff:48:79:eb:a3:13:f7:61:43:30:06:5b:5e:
         df:8f:32:40:8f:65:c7:32:1c:77:7d:63:27:76:c8:28:28:44:
         c6:27:1d:92:70:87:a2:72:d3:fc:63:84:25:cd:0d:8b:d3:91:
         2b:ec:0b:0b:5e:19:5f:24:26:e2:fc:2d:ca:e6:59:1b:e6:3e:
         5a:98:c7:1e:86:7b:ed:ca:13:6a:6b:62:84:73:8a:c0:95:60:
         e3:3b:61:8b
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpMmAOZYEE9SAegJIpwIOBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNGQ0YTNiNzQ3ZmNhNzAxMDNiMTdmM2RiZGM1MDQ1Y2Fj
ZTMyZGYwHhcNMjUxMTA0MDIwMDIxWhcNMjUxMTA1MDIwMDIxWjAzMTEwLwYDVQQD
Eyg2NjM0MmRkZjgzZjRiYmY5MzlkZDAwNDkwZWJkZjg2OGMxY2ZjMWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWW3FK9UsRS97ddcE9RaIDDuqZl4
jQpGdryO2mqzU6EN04V6OSq0+YnjcAzE0l1Zh/a70vfbx8KMAcdzVkxH7XvMSkiZ
e5r5apCQEu8fNczjthcF8iXxsHKjrL5MGaSELLu27h8wEDCKYDDj6bf4eogwql0B
RyPvRyhW6PcEUz6NRkIzzs/9QLvxe7q7kadrrdRdKI5lTeAm0vN4/PXlLkDHs8k1
cBwGgAoRpCTe7jfev42pmXBpgFI+vJsF+u5AQiZKOPelE/4P3MsH0eHlZQcnLe6O
6Vd3TV5jgUkjWHroTb75waYYdUsYeur6lWy7JZ91y+m3hxems9aI4VxF/QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGY0Ld+D9Lv5Od0ASQ69+GjBz8HeMB8GA1UdIwQY
MBaAFNNNSjt0f8pwEDsX89vcUEXKzjLfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDAxS08zUl95bkFRT3hmejI5eFFSY3JPTXQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi84ZDgzNzItZTA3OS00ODMxLWFmZDIt
NDM3OTM0YzU4NDUzLzEvMDAxS08zUl95bkFRT3hmejI5eFFSY3JPTXQ4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi84ZDgzNzItZTA3OS00ODMxLWFmZDItNDM3OTM0YzU4NDUz
LzEvMDAxS08zUl95bkFRT3hmejI5eFFSY3JPTXQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAUMjJAsfL
lwp8NpYIm9nN5BPj3nhxYSWfkO6J51o4C8VmUkZyuyKUH9kR2BEP5lRJFQu2AH1o
pf22Ndvr/pV2czIOh5EnjcjlIA5X/5eo5D95/akmRf6G0KSd4+kGrpZXvP+Mb9N4
4sefOsDzqRE+8sR4xVc5pR+Q/6X5QFEqORv0LIRND3j92/avNuan3WoLoxjxS70U
tPG7QzUE0c/7/AzAQh4rgz3/SHnroxP3YUMwBlte348yQI9lxzIcd31jJ3bIKChE
xicdknCHonLT/GOEJc0Ni9ORK+wLC14ZXyQm4vwtyuZZG+Y+WpjHHoZ77coTamti
hHOKwJVg4zthiw==
-----END CERTIFICATE-----