Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/174c3e-fa5b-49d1-9d21-e2bd2e4c5232/1/kffw_3S3yfrqKXjtlehAmEkE3NY.mft
File:                     kffw_3S3yfrqKXjtlehAmEkE3NY.mft (raw, json)
Hash identifier:          mgsBh/W0984gLflRSHaFFynHc9YLT/vRzUlU1DaNDMU=
Subject key identifier:   5C:FA:D0:98:77:8E:74:71:7C:B5:2C:BA:B6:83:5B:89:CF:75:60:02
Authority key identifier: 91:F7:F0:FF:74:B7:C9:FA:EA:29:78:ED:95:E8:40:98:49:04:DC:D6
Certificate issuer:       /CN=91f7f0ff74b7c9faea2978ed95e840984904dcd6
Certificate serial:       019A4D73F52B8D2E9343AD992CCB4055FF05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kffw_3S3yfrqKXjtlehAmEkE3NY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/174c3e-fa5b-49d1-9d21-e2bd2e4c5232/1/kffw_3S3yfrqKXjtlehAmEkE3NY.mft
Manifest number:          0AC8
Signing time:             Tue 04 Nov 2025 06:00:36 +0000
Manifest this update:     Tue 04 Nov 2025 06:00:36 +0000
Manifest next update:     Wed 05 Nov 2025 06:00:36 +0000
Files and hashes:         1: kffw_3S3yfrqKXjtlehAmEkE3NY.crl (hash: tQECA4xjYbq575egWOuP6C8Yk2tNT1uh5zKqlQD9e28=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/174c3e-fa5b-49d1-9d21-e2bd2e4c5232/1/kffw_3S3yfrqKXjtlehAmEkE3NY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/174c3e-fa5b-49d1-9d21-e2bd2e4c5232/1/kffw_3S3yfrqKXjtlehAmEkE3NY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kffw_3S3yfrqKXjtlehAmEkE3NY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 06:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:73:f5:2b:8d:2e:93:43:ad:99:2c:cb:40:55:ff:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91f7f0ff74b7c9faea2978ed95e840984904dcd6
        Validity
            Not Before: Nov  4 06:00:36 2025 GMT
            Not After : Nov  5 06:00:36 2025 GMT
        Subject: CN=5cfad098778e74717cb52cbab6835b89cf756002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:60:f5:01:48:63:f5:02:f1:63:06:6d:19:55:
                    e0:10:1e:1d:6f:49:92:49:8a:50:a1:52:79:46:52:
                    87:d6:10:25:6c:52:40:ea:91:dd:a8:b3:72:4b:50:
                    49:ff:2b:f5:25:a1:d4:42:e6:2d:88:fc:63:06:b3:
                    0f:f2:9f:88:ff:e3:40:c5:c3:d4:42:a3:2b:23:14:
                    23:ca:17:e3:a2:99:5d:bd:0b:6f:1c:5a:b8:e7:21:
                    7f:53:3d:c6:a2:73:c0:4f:35:1e:d1:39:95:51:3d:
                    2d:cc:99:e1:5f:b6:80:7f:7b:f6:ba:2a:81:63:b5:
                    a7:a7:ea:f4:09:32:0c:91:82:4c:8a:99:2c:91:5b:
                    8f:63:68:65:72:8b:60:43:bf:01:85:ed:68:0d:bd:
                    9e:2e:20:b3:cc:e6:5d:c1:8e:ba:3e:16:7b:32:39:
                    32:b1:19:b0:2b:30:95:3c:ac:9f:0d:48:47:1f:ca:
                    59:67:a7:d7:03:02:a9:eb:54:79:fd:9c:8c:c9:62:
                    42:69:06:f2:1a:f9:2e:5a:61:80:1f:ce:75:24:23:
                    df:bd:3d:b0:80:5c:cf:89:8e:23:35:f0:b8:fb:8c:
                    d5:49:64:01:be:66:8b:75:f6:a2:28:9d:d5:a0:47:
                    31:03:5a:c5:c0:e6:fb:10:44:9c:37:e0:9e:fb:0d:
                    85:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:FA:D0:98:77:8E:74:71:7C:B5:2C:BA:B6:83:5B:89:CF:75:60:02
            X509v3 Authority Key Identifier:
                keyid:91:F7:F0:FF:74:B7:C9:FA:EA:29:78:ED:95:E8:40:98:49:04:DC:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kffw_3S3yfrqKXjtlehAmEkE3NY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/174c3e-fa5b-49d1-9d21-e2bd2e4c5232/1/kffw_3S3yfrqKXjtlehAmEkE3NY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/174c3e-fa5b-49d1-9d21-e2bd2e4c5232/1/kffw_3S3yfrqKXjtlehAmEkE3NY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a0:93:04:9d:a4:65:49:7d:fa:e1:59:be:ef:34:94:84:2f:76:
         34:29:58:de:10:50:6a:5b:16:e0:46:bd:92:6d:97:7a:f2:46:
         32:2a:90:79:05:86:70:7f:ae:36:9d:79:af:18:77:3d:7a:58:
         59:b7:21:eb:e4:5c:3b:3f:25:c1:ed:e9:4e:9e:36:1a:62:c5:
         2d:3e:5d:ad:50:2e:b0:99:bb:1e:17:21:bb:b6:f4:a6:54:06:
         40:43:34:03:3c:e7:74:3f:9f:67:32:9f:4c:1a:cb:70:e3:d8:
         cc:f3:6e:ac:32:28:a2:b0:d0:5e:da:a3:af:c0:cb:00:e3:7c:
         e0:6d:b5:91:2d:62:76:31:c8:dd:48:e6:9a:ce:d9:7d:de:e0:
         09:a9:95:8f:70:04:f6:b8:79:6c:6d:f1:30:9a:fa:12:a3:9b:
         48:7b:e9:52:b6:a6:f5:25:ad:9b:d4:cb:b3:13:cc:6a:91:10:
         46:25:9e:e1:02:80:79:d2:8f:2d:99:65:21:cf:36:5c:96:39:
         2f:43:c2:a6:03:2c:e6:a4:a3:03:12:ee:79:7a:81:67:8c:11:
         98:ff:e4:71:c6:6c:ae:bf:4f:3d:6b:67:5d:f4:46:03:02:92:
         8e:28:6e:b9:96:22:fe:f0:b6:05:94:34:8d:ff:1b:e9:cc:a7:
         a4:49:cd:ed
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpNc/UrjS6TQ62ZLMtAVf8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZjdmMGZmNzRiN2M5ZmFlYTI5NzhlZDk1ZTg0MDk4NDkw
NGRjZDYwHhcNMjUxMTA0MDYwMDM2WhcNMjUxMTA1MDYwMDM2WjAzMTEwLwYDVQQD
Eyg1Y2ZhZDA5ODc3OGU3NDcxN2NiNTJjYmFiNjgzNWI4OWNmNzU2MDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2D1AUhj9QLxYwZtGVXgEB4db0mS
SYpQoVJ5RlKH1hAlbFJA6pHdqLNyS1BJ/yv1JaHUQuYtiPxjBrMP8p+I/+NAxcPU
QqMrIxQjyhfjopldvQtvHFq45yF/Uz3GonPATzUe0TmVUT0tzJnhX7aAf3v2uiqB
Y7Wnp+r0CTIMkYJMipkskVuPY2hlcotgQ78Bhe1oDb2eLiCzzOZdwY66PhZ7Mjky
sRmwKzCVPKyfDUhHH8pZZ6fXAwKp61R5/ZyMyWJCaQbyGvkuWmGAH851JCPfvT2w
gFzPiY4jNfC4+4zVSWQBvmaLdfaiKJ3VoEcxA1rFwOb7EEScN+Ce+w2FxQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFz60Jh3jnRxfLUsuraDW4nPdWACMB8GA1UdIwQY
MBaAFJH38P90t8n66il47ZXoQJhJBNzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2Zmd18zUzN5ZnJxS1hqdGxlaEFtRWtFM05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8xNzRjM2UtZmE1Yi00OWQxLTlkMjEt
ZTJiZDJlNGM1MjMyLzEva2Zmd18zUzN5ZnJxS1hqdGxlaEFtRWtFM05ZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8xNzRjM2UtZmE1Yi00OWQxLTlkMjEtZTJiZDJlNGM1MjMy
LzEva2Zmd18zUzN5ZnJxS1hqdGxlaEFtRWtFM05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAoJMEnaRl
SX364Vm+7zSUhC92NClY3hBQalsW4Ea9km2XevJGMiqQeQWGcH+uNp15rxh3PXpY
Wbch6+RcOz8lwe3pTp42GmLFLT5drVAusJm7Hhchu7b0plQGQEM0AzzndD+fZzKf
TBrLcOPYzPNurDIoorDQXtqjr8DLAON84G21kS1idjHI3Ujmms7Zfd7gCamVj3AE
9rh5bG3xMJr6EqObSHvpUram9SWtm9TLsxPMapEQRiWe4QKAedKPLZllIc82XJY5
L0PCpgMs5qSjAxLueXqBZ4wRmP/kccZsrr9PPWtnXfRGAwKSjihuuZYi/vC2BZQ0
jf8b6cynpEnN7Q==
-----END CERTIFICATE-----