Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
File:                     2bN6OM6IfTdjYEau84ehwjMVLkE.mft (raw, json)
Hash identifier:          /bdjW3U8x67JC0nvVFZswieqDpcH99QLZ68de/M8ics=
Subject key identifier:   52:7D:66:08:7A:60:C3:A0:AB:D6:D3:DA:B6:C0:D9:E0:E6:8F:50:5B
Authority key identifier: D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41
Certificate issuer:       /CN=d9b37a38ce887d37636046aef387a1c233152e41
Certificate serial:       01976D3D5B660E02405AE5277D0F2C712419
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
Manifest number:          0620
Signing time:             Sat 14 Jun 2025 07:00:27 +0000
Manifest this update:     Sat 14 Jun 2025 07:00:27 +0000
Manifest next update:     Sun 15 Jun 2025 07:00:27 +0000
Files and hashes:         1: 2bN6OM6IfTdjYEau84ehwjMVLkE.crl (hash: i09uoIRfIpXZEl3GGa4/1y1f9IM/Hs+cgcacDElNeBY=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6d:3d:5b:66:0e:02:40:5a:e5:27:7d:0f:2c:71:24:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9b37a38ce887d37636046aef387a1c233152e41
        Validity
            Not Before: Jun 14 07:00:27 2025 GMT
            Not After : Jun 15 07:00:27 2025 GMT
        Subject: CN=527d66087a60c3a0abd6d3dab6c0d9e0e68f505b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:56:1e:57:60:65:e4:64:ce:c2:56:d3:e1:c0:
                    33:da:56:84:41:5f:b3:ad:4f:f1:30:6f:0e:34:3b:
                    9a:51:b9:e6:c4:ca:56:3b:62:c5:42:47:05:a5:39:
                    f6:34:e6:65:05:dd:01:1e:23:e7:8c:1f:f3:6c:5a:
                    25:8e:d3:df:db:7c:26:30:9f:d2:e9:e2:35:ed:42:
                    d5:47:71:a2:a8:c7:92:a1:bf:f3:96:70:b3:83:cd:
                    36:92:8c:48:fb:52:c1:c1:d4:d6:2f:76:cb:e8:83:
                    4e:cb:73:ab:34:81:ad:cc:f9:85:03:09:82:a6:80:
                    08:68:4b:24:23:ba:67:d1:84:51:06:f2:1f:e9:02:
                    a1:59:fe:ef:8a:cc:52:94:3c:b2:16:74:6e:d8:da:
                    a4:cc:14:88:b3:61:53:a3:21:eb:db:75:1b:22:6d:
                    44:d1:60:a7:83:38:36:2e:60:7c:33:45:07:2a:59:
                    09:56:94:72:c9:a7:88:99:45:70:1d:e1:b1:d8:bf:
                    65:71:0f:b3:ff:ae:f2:81:da:0d:60:ae:b8:22:5f:
                    47:32:b8:6c:b3:4b:82:91:94:67:de:66:7d:08:14:
                    9e:c2:c5:bc:02:cb:b3:e8:63:19:c8:da:f2:e0:86:
                    be:c1:f9:e2:b7:d2:a7:92:b1:43:6c:1c:8a:a1:0f:
                    e4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:7D:66:08:7A:60:C3:A0:AB:D6:D3:DA:B6:C0:D9:E0:E6:8F:50:5B
            X509v3 Authority Key Identifier:
                keyid:D9:B3:7A:38:CE:88:7D:37:63:60:46:AE:F3:87:A1:C2:33:15:2E:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2bN6OM6IfTdjYEau84ehwjMVLkE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/9545f2-fb60-4878-ae58-d6aac613830b/1/2bN6OM6IfTdjYEau84ehwjMVLkE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         40:3f:d7:f5:fa:b5:6c:ab:01:08:1d:8e:3c:2a:7a:fc:6e:ea:
         95:4c:d9:5b:83:4f:58:af:93:17:75:23:e2:68:e8:0e:43:69:
         5c:b3:3b:16:95:8f:00:52:2a:77:86:ee:23:e0:7f:e0:76:c2:
         0e:d8:7c:63:0a:a1:30:0e:c8:64:c8:a8:a6:f1:23:78:ac:cf:
         6b:fb:c1:49:ee:0e:85:e8:9f:0a:53:61:36:c5:12:4a:6c:d7:
         92:55:d4:7c:fb:eb:54:60:e1:9f:c7:d3:e2:5f:dd:dc:d8:4c:
         c6:24:f5:42:b1:6c:80:c0:8d:4e:29:c1:3e:04:d5:da:93:28:
         45:88:8b:1f:1c:0b:a6:ad:66:2a:2c:cf:cd:71:af:c2:30:45:
         d0:14:4b:3d:51:e1:4d:cf:7f:a3:c5:e8:cf:71:98:6a:2b:77:
         c6:d2:6f:00:a3:bf:66:9b:4c:3e:92:f4:f2:84:ad:ac:72:96:
         9d:7f:fd:cd:43:12:60:bc:ba:3c:36:c9:d5:44:17:50:15:f3:
         f8:08:8c:f4:1f:d0:ff:cc:ed:93:eb:51:81:0b:eb:d4:66:06:
         40:b5:55:ac:fb:04:eb:ce:b5:46:9c:ac:c6:88:30:c6:c7:03:
         b2:e8:f5:9d:cb:02:77:3f:6c:86:f3:cc:e9:40:c1:3b:72:aa:
         c9:71:a2:d6
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZdtPVtmDgJAWuUnfQ8scSQZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YjM3YTM4Y2U4ODdkMzc2MzYwNDZhZWYzODdhMWMyMzMx
NTJlNDEwHhcNMjUwNjE0MDcwMDI3WhcNMjUwNjE1MDcwMDI3WjAzMTEwLwYDVQQD
Eyg1MjdkNjYwODdhNjBjM2EwYWJkNmQzZGFiNmMwZDllMGU2OGY1MDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFYeV2Bl5GTOwlbT4cAz2laEQV+z
rU/xMG8ONDuaUbnmxMpWO2LFQkcFpTn2NOZlBd0BHiPnjB/zbFoljtPf23wmMJ/S
6eI17ULVR3GiqMeSob/zlnCzg802koxI+1LBwdTWL3bL6INOy3OrNIGtzPmFAwmC
poAIaEskI7pn0YRRBvIf6QKhWf7visxSlDyyFnRu2NqkzBSIs2FToyHr23UbIm1E
0WCngzg2LmB8M0UHKlkJVpRyyaeImUVwHeGx2L9lcQ+z/67ygdoNYK64Il9HMrhs
s0uCkZRn3mZ9CBSewsW8Asuz6GMZyNry4Ia+wfnit9KnkrFDbByKoQ/kMwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFJ9Zgh6YMOgq9bT2rbA2eDmj1BbMB8GA1UdIwQY
MBaAFNmzejjOiH03Y2BGrvOHocIzFS5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgt
ZDZhYWM2MTM4MzBiLzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS85NTQ1ZjItZmI2MC00ODc4LWFlNTgtZDZhYWM2MTM4MzBi
LzEvMmJONk9NNklmVGRqWUVhdTg0ZWh3ak1WTGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAQD/X9fq1
bKsBCB2OPCp6/G7qlUzZW4NPWK+TF3Uj4mjoDkNpXLM7FpWPAFIqd4buI+B/4HbC
Dth8YwqhMA7IZMiopvEjeKzPa/vBSe4OheifClNhNsUSSmzXklXUfPvrVGDhn8fT
4l/d3NhMxiT1QrFsgMCNTinBPgTV2pMoRYiLHxwLpq1mKizPzXGvwjBF0BRLPVHh
Tc9/o8Xoz3GYait3xtJvAKO/ZptMPpL08oStrHKWnX/9zUMSYLy6PDbJ1UQXUBXz
+AiM9B/Q/8ztk+tRgQvr1GYGQLVVrPsE6861RpysxogwxscDsuj1ncsCdz9shvPM
6UDBO3KqyXGi1g==
-----END CERTIFICATE-----