Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft
File:                     KhQFaUht0XjbWDoKHklt8iMYXTU.mft (raw, json)
Hash identifier:          U1czfPPNYKpS6Rn7dkcR7y6s2OwvoQIqae6fePhZFKw=
Subject key identifier:   A1:BF:0A:41:2F:90:F3:2B:DE:05:F2:69:B7:70:ED:C3:99:08:6C:E7
Authority key identifier: 2A:14:05:69:48:6D:D1:78:DB:58:3A:0A:1E:49:6D:F2:23:18:5D:35
Certificate issuer:       /CN=2a140569486dd178db583a0a1e496df223185d35
Certificate serial:       019A5150BE32FDB60183BD017CF7B51980D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KhQFaUht0XjbWDoKHklt8iMYXTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft
Manifest number:          0954
Signing time:             Wed 05 Nov 2025 00:00:37 +0000
Manifest this update:     Wed 05 Nov 2025 00:00:37 +0000
Manifest next update:     Thu 06 Nov 2025 00:00:37 +0000
Files and hashes:         1: KhQFaUht0XjbWDoKHklt8iMYXTU.crl (hash: TfuJk2rk+HpSy3tSR8ldzMSQM2TgYMMU9AOSG33vffY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KhQFaUht0XjbWDoKHklt8iMYXTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:51:50:be:32:fd:b6:01:83:bd:01:7c:f7:b5:19:80:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a140569486dd178db583a0a1e496df223185d35
        Validity
            Not Before: Nov  5 00:00:37 2025 GMT
            Not After : Nov  6 00:00:37 2025 GMT
        Subject: CN=a1bf0a412f90f32bde05f269b770edc399086ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:42:76:77:2c:38:32:4c:60:7d:7e:eb:41:22:
                    a0:41:a7:2e:ab:29:8a:f8:e9:61:49:72:c2:1b:4b:
                    21:49:92:df:20:c8:8d:88:9b:06:e6:cb:27:0f:b7:
                    42:91:d4:9e:18:28:29:d5:84:ae:d5:8e:f1:23:ef:
                    24:20:de:bd:fa:79:6f:49:92:58:11:7d:47:55:46:
                    53:ba:1b:6f:32:56:31:33:55:34:e9:f7:5e:cb:a5:
                    2d:13:21:c5:0f:f6:51:81:f3:11:ea:31:43:69:ae:
                    58:b8:b2:69:be:08:55:cc:fa:1a:4c:8b:93:e1:71:
                    08:a7:6d:69:45:ed:8f:80:6c:61:11:13:dd:12:1a:
                    4f:64:f2:63:2c:fb:42:1e:a6:53:3b:09:a8:47:cf:
                    1e:52:b9:30:c4:07:e7:c6:3f:b5:91:b6:e9:eb:9d:
                    73:11:0e:f7:70:d1:38:8d:e5:ab:95:d2:4d:24:2c:
                    18:61:22:ac:02:1e:d9:c5:5b:65:5b:7b:4c:5a:e6:
                    4b:53:14:32:99:5c:4c:3d:20:f3:2d:b5:24:1c:3a:
                    ca:cb:6d:6c:5f:eb:f4:58:40:64:d0:e2:20:a5:83:
                    c8:a4:b2:6d:ee:07:26:62:70:2d:db:4c:65:f7:f7:
                    24:7f:88:6e:2f:1a:5c:42:bc:ff:be:16:8b:54:8d:
                    24:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:BF:0A:41:2F:90:F3:2B:DE:05:F2:69:B7:70:ED:C3:99:08:6C:E7
            X509v3 Authority Key Identifier:
                keyid:2A:14:05:69:48:6D:D1:78:DB:58:3A:0A:1E:49:6D:F2:23:18:5D:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KhQFaUht0XjbWDoKHklt8iMYXTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/569574-441e-415b-803f-54bd649b4852/1/KhQFaUht0XjbWDoKHklt8iMYXTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         0c:aa:7d:ac:cd:b2:9e:c3:ea:9d:9c:8f:33:b5:02:66:1b:9c:
         d0:b5:f6:8b:4b:cf:5b:6c:81:b9:01:c7:96:e3:17:e3:1b:49:
         30:6c:6d:c9:2d:a0:cd:13:63:3e:48:0b:2f:3a:ec:94:cc:b1:
         1a:bb:b6:8c:91:69:93:a0:0b:45:64:4f:c7:3f:fc:f7:5c:44:
         c8:de:41:96:1e:e2:58:6e:19:c9:48:af:50:bf:e8:86:8b:6e:
         d4:a6:e6:f5:de:07:34:0f:f7:6f:b0:ee:26:16:2e:66:45:f1:
         fb:a0:1b:54:9c:7c:ae:e2:bc:c4:28:4e:2e:ee:2e:4e:ea:c1:
         07:d8:03:8e:82:17:3a:08:7f:a3:53:cd:1f:d0:fa:cf:46:df:
         00:64:da:3c:5c:25:e8:bd:dc:9b:96:ba:ae:ea:b5:f4:97:bc:
         f2:7d:0e:32:49:20:14:d4:7d:47:0a:b6:39:0b:a4:b7:d8:4d:
         08:9d:12:9d:53:c0:c0:b3:eb:d6:8c:7e:90:af:9a:2e:9f:a8:
         3b:86:60:a6:03:87:b6:8b:ec:c8:8a:3f:4b:7a:d0:9f:34:99:
         1a:22:9b:70:37:4b:47:0d:9d:38:e9:ca:da:30:d9:af:1c:28:
         d8:f7:02:ba:3a:a7:6f:08:02:40:34:ff:a3:33:3a:cb:03:ef:
         34:f1:5a:ce
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpRUL4y/bYBg70BfPe1GYDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMTQwNTY5NDg2ZGQxNzhkYjU4M2EwYTFlNDk2ZGYyMjMx
ODVkMzUwHhcNMjUxMTA1MDAwMDM3WhcNMjUxMTA2MDAwMDM3WjAzMTEwLwYDVQQD
EyhhMWJmMGE0MTJmOTBmMzJiZGUwNWYyNjliNzcwZWRjMzk5MDg2Y2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkJ2dyw4MkxgfX7rQSKgQacuqymK
+OlhSXLCG0shSZLfIMiNiJsG5ssnD7dCkdSeGCgp1YSu1Y7xI+8kIN69+nlvSZJY
EX1HVUZTuhtvMlYxM1U06fdey6UtEyHFD/ZRgfMR6jFDaa5YuLJpvghVzPoaTIuT
4XEIp21pRe2PgGxhERPdEhpPZPJjLPtCHqZTOwmoR88eUrkwxAfnxj+1kbbp651z
EQ73cNE4jeWrldJNJCwYYSKsAh7ZxVtlW3tMWuZLUxQymVxMPSDzLbUkHDrKy21s
X+v0WEBk0OIgpYPIpLJt7gcmYnAt20xl9/ckf4huLxpcQrz/vhaLVI0kBQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKG/CkEvkPMr3gXyabdw7cOZCGznMB8GA1UdIwQY
MBaAFCoUBWlIbdF421g6Ch5JbfIjGF01MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2hRRmFVaHQwWGpiV0RvS0hrbHQ4aU1ZWFRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81Njk1NzQtNDQxZS00MTViLTgwM2Yt
NTRiZDY0OWI0ODUyLzEvS2hRRmFVaHQwWGpiV0RvS0hrbHQ4aU1ZWFRVLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81Njk1NzQtNDQxZS00MTViLTgwM2YtNTRiZDY0OWI0ODUy
LzEvS2hRRmFVaHQwWGpiV0RvS0hrbHQ4aU1ZWFRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEADKp9rM2y
nsPqnZyPM7UCZhuc0LX2i0vPW2yBuQHHluMX4xtJMGxtyS2gzRNjPkgLLzrslMyx
Gru2jJFpk6ALRWRPxz/891xEyN5Blh7iWG4ZyUivUL/ohotu1Kbm9d4HNA/3b7Du
JhYuZkXx+6AbVJx8ruK8xChOLu4uTurBB9gDjoIXOgh/o1PNH9D6z0bfAGTaPFwl
6L3cm5a6ruq19Je88n0OMkkgFNR9Rwq2OQukt9hNCJ0SnVPAwLPr1ox+kK+aLp+o
O4ZgpgOHtovsyIo/S3rQnzSZGiKbcDdLRw2dOOnK2jDZrxwo2PcCujqnbwgCQDT/
ozM6ywPvNPFazg==
-----END CERTIFICATE-----