Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/ecdb18-8d3b-4a72-a883-3284684ac7ec/1/JmQ9Xo5785a-PNTesdkvYBtRFp8.mft
File:                     JmQ9Xo5785a-PNTesdkvYBtRFp8.mft (raw, json)
Hash identifier:          bCVXDNZzCN6sec8/TF8rbztIQM/40Eoq0zeaq1y3ds0=
Subject key identifier:   95:47:E6:6B:AD:72:75:4C:7D:B0:BE:D8:EE:0C:4A:44:1A:B2:73:C3
Authority key identifier: 26:64:3D:5E:8E:7B:F3:96:BE:3C:D4:DE:B1:D9:2F:60:1B:51:16:9F
Certificate issuer:       /CN=26643d5e8e7bf396be3cd4deb1d92f601b51169f
Certificate serial:       019A4E4F7E1F69A5C1C5352A37532BB4B347
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmQ9Xo5785a-PNTesdkvYBtRFp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/ecdb18-8d3b-4a72-a883-3284684ac7ec/1/JmQ9Xo5785a-PNTesdkvYBtRFp8.mft
Manifest number:          0DA0
Signing time:             Tue 04 Nov 2025 10:00:23 +0000
Manifest this update:     Tue 04 Nov 2025 10:00:23 +0000
Manifest next update:     Wed 05 Nov 2025 10:00:23 +0000
Files and hashes:         1: JmQ9Xo5785a-PNTesdkvYBtRFp8.crl (hash: GUmGosD0bhEP/ysqAPIYUuuXVd8nfXv0mhZYe5Yl8yE=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/ecdb18-8d3b-4a72-a883-3284684ac7ec/1/JmQ9Xo5785a-PNTesdkvYBtRFp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/ecdb18-8d3b-4a72-a883-3284684ac7ec/1/JmQ9Xo5785a-PNTesdkvYBtRFp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmQ9Xo5785a-PNTesdkvYBtRFp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4e:4f:7e:1f:69:a5:c1:c5:35:2a:37:53:2b:b4:b3:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26643d5e8e7bf396be3cd4deb1d92f601b51169f
        Validity
            Not Before: Nov  4 10:00:23 2025 GMT
            Not After : Nov  5 10:00:23 2025 GMT
        Subject: CN=9547e66bad72754c7db0bed8ee0c4a441ab273c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:fb:1f:19:a5:ea:bc:4b:c4:7d:f8:90:40:7e:
                    ee:05:43:b3:1c:3e:0e:a5:9f:87:d1:25:1b:f2:1c:
                    64:62:c4:df:1d:05:32:3f:34:be:b4:46:63:9d:63:
                    ed:04:41:24:84:df:40:2b:cd:f2:e8:8f:0c:8b:18:
                    bb:e4:4a:ca:23:1f:c5:e4:68:22:7f:aa:3a:1f:b3:
                    f8:7e:83:8a:4c:b6:cf:a8:89:28:52:25:fb:fc:bc:
                    86:c8:9b:18:32:bc:67:76:23:06:e4:9c:35:b0:35:
                    b5:8f:fc:23:7a:c8:bc:92:dc:84:24:32:7b:eb:c8:
                    cc:4f:4c:03:4d:af:b8:ed:09:0d:d0:0b:69:7a:f9:
                    9a:aa:91:18:a8:61:7d:0e:44:3c:e1:0e:37:8c:2e:
                    fc:2b:40:b1:52:cb:f1:d6:d0:46:a9:18:6d:05:b8:
                    dd:ca:60:5c:25:e3:59:bb:2b:34:b9:41:55:86:8d:
                    ba:e7:a0:7d:d3:3e:22:00:f2:37:2b:e5:e6:33:6c:
                    ef:bc:cd:34:41:40:36:bb:10:45:07:2e:09:ef:cd:
                    9e:b1:64:f3:a5:cd:94:4b:39:6e:62:be:28:89:1e:
                    9f:a6:51:04:b5:78:43:fd:85:6b:8f:be:ce:5b:fc:
                    15:71:63:f8:20:35:3e:40:b6:d1:54:07:f6:12:f3:
                    70:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:47:E6:6B:AD:72:75:4C:7D:B0:BE:D8:EE:0C:4A:44:1A:B2:73:C3
            X509v3 Authority Key Identifier:
                keyid:26:64:3D:5E:8E:7B:F3:96:BE:3C:D4:DE:B1:D9:2F:60:1B:51:16:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmQ9Xo5785a-PNTesdkvYBtRFp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/ecdb18-8d3b-4a72-a883-3284684ac7ec/1/JmQ9Xo5785a-PNTesdkvYBtRFp8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/ecdb18-8d3b-4a72-a883-3284684ac7ec/1/JmQ9Xo5785a-PNTesdkvYBtRFp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5a:11:c8:65:5b:21:96:b4:3c:cd:c0:66:7e:d8:37:45:ac:4f:
         b3:16:4b:d4:00:7c:71:d9:6f:f4:3f:fa:67:80:b9:f4:ca:4d:
         5d:7d:73:96:a2:49:d9:ea:66:11:d3:c0:1e:99:f5:44:21:a2:
         be:68:2f:a0:02:a2:41:40:37:89:17:88:1d:5c:a1:17:c0:aa:
         d9:e7:5c:3d:7d:f6:68:5e:53:e8:f3:fa:01:3d:c5:b5:e2:6f:
         8e:60:f4:78:29:c5:da:e7:b3:dc:9b:6d:7e:74:86:5e:d1:af:
         25:64:c7:e2:4a:11:3e:c2:57:1e:06:8a:64:bd:f3:3e:37:00:
         a2:9d:2a:82:57:34:f3:df:c9:7a:88:9f:44:fc:41:19:ea:ba:
         2b:55:6b:2f:d0:d6:2d:b5:75:45:0f:88:c8:94:a0:3b:26:41:
         df:42:f4:c1:78:d2:97:06:b5:f7:f1:c6:da:3d:75:d3:26:45:
         e0:60:0c:4d:a4:49:4a:97:07:95:89:6b:2d:68:71:34:7a:e4:
         5a:0c:f2:3d:d8:18:7a:09:fc:ec:b5:1c:63:ae:24:b0:92:90:
         f9:0b:3b:24:56:3f:55:c3:91:54:8a:1c:37:1d:4d:21:1d:e1:
         12:76:1f:f3:7f:75:32:33:99:05:87:ea:b3:ab:d4:a8:54:1c:
         b0:1d:7c:1c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpOT34faaXBxTUqN1MrtLNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjQzZDVlOGU3YmYzOTZiZTNjZDRkZWIxZDkyZjYwMWI1
MTE2OWYwHhcNMjUxMTA0MTAwMDIzWhcNMjUxMTA1MTAwMDIzWjAzMTEwLwYDVQQD
Eyg5NTQ3ZTY2YmFkNzI3NTRjN2RiMGJlZDhlZTBjNGE0NDFhYjI3M2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfsfGaXqvEvEffiQQH7uBUOzHD4O
pZ+H0SUb8hxkYsTfHQUyPzS+tEZjnWPtBEEkhN9AK83y6I8Mixi75ErKIx/F5Ggi
f6o6H7P4foOKTLbPqIkoUiX7/LyGyJsYMrxndiMG5Jw1sDW1j/wjesi8ktyEJDJ7
68jMT0wDTa+47QkN0AtpevmaqpEYqGF9DkQ84Q43jC78K0CxUsvx1tBGqRhtBbjd
ymBcJeNZuys0uUFVho2656B90z4iAPI3K+XmM2zvvM00QUA2uxBFBy4J782esWTz
pc2USzluYr4oiR6fplEEtXhD/YVrj77OW/wVcWP4IDU+QLbRVAf2EvNw6QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJVH5mutcnVMfbC+2O4MSkQasnPDMB8GA1UdIwQY
MBaAFCZkPV6Oe/OWvjzU3rHZL2AbURafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1ROVhvNTc4NWEtUE5UZXNka3ZZQnRSRnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9lY2RiMTgtOGQzYi00YTcyLWE4ODMt
MzI4NDY4NGFjN2VjLzEvSm1ROVhvNTc4NWEtUE5UZXNka3ZZQnRSRnA4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9lY2RiMTgtOGQzYi00YTcyLWE4ODMtMzI4NDY4NGFjN2Vj
LzEvSm1ROVhvNTc4NWEtUE5UZXNka3ZZQnRSRnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAWhHIZVsh
lrQ8zcBmftg3RaxPsxZL1AB8cdlv9D/6Z4C59MpNXX1zlqJJ2epmEdPAHpn1RCGi
vmgvoAKiQUA3iReIHVyhF8Cq2edcPX32aF5T6PP6AT3FteJvjmD0eCnF2uez3Jtt
fnSGXtGvJWTH4koRPsJXHgaKZL3zPjcAop0qglc089/JeoifRPxBGeq6K1VrL9DW
LbV1RQ+IyJSgOyZB30L0wXjSlwa19/HG2j110yZF4GAMTaRJSpcHlYlrLWhxNHrk
WgzyPdgYegn87LUcY64ksJKQ+Qs7JFY/VcORVIocNx1NIR3hEnYf8391MjOZBYfq
s6vUqFQcsB18HA==
-----END CERTIFICATE-----