Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/456a85-b7a1-4183-a64f-223f508c055a/1/3sQzl3xytL5diI9WhT7TGh_x78Y.mft
File:                     3sQzl3xytL5diI9WhT7TGh_x78Y.mft (raw, json)
Hash identifier:          ZiyzwsPQgjrD69OqBoNMtEssSBwZjs0nTEMAu8P4rUs=
Subject key identifier:   BD:60:61:0B:B7:2E:C8:78:CB:91:9A:4B:02:F5:17:32:80:1F:38:65
Authority key identifier: DE:C4:33:97:7C:72:B4:BE:5D:88:8F:56:85:3E:D3:1A:1F:F1:EF:C6
Certificate issuer:       /CN=dec433977c72b4be5d888f56853ed31a1ff1efc6
Certificate serial:       019A4DE152FAD2AD19AA06096F340FEE024B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3sQzl3xytL5diI9WhT7TGh_x78Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/456a85-b7a1-4183-a64f-223f508c055a/1/3sQzl3xytL5diI9WhT7TGh_x78Y.mft
Manifest number:          0DEC
Signing time:             Tue 04 Nov 2025 08:00:03 +0000
Manifest this update:     Tue 04 Nov 2025 08:00:03 +0000
Manifest next update:     Wed 05 Nov 2025 08:00:03 +0000
Files and hashes:         1: 3sQzl3xytL5diI9WhT7TGh_x78Y.crl (hash: t8ErnhlN2EHwPhwQD5i1XFDjQyESahwLj87w5gOWC3A=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/456a85-b7a1-4183-a64f-223f508c055a/1/3sQzl3xytL5diI9WhT7TGh_x78Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/456a85-b7a1-4183-a64f-223f508c055a/1/3sQzl3xytL5diI9WhT7TGh_x78Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3sQzl3xytL5diI9WhT7TGh_x78Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 08:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:e1:52:fa:d2:ad:19:aa:06:09:6f:34:0f:ee:02:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dec433977c72b4be5d888f56853ed31a1ff1efc6
        Validity
            Not Before: Nov  4 08:00:03 2025 GMT
            Not After : Nov  5 08:00:03 2025 GMT
        Subject: CN=bd60610bb72ec878cb919a4b02f51732801f3865
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c5:71:ea:a8:8e:4a:5c:42:2b:7d:d5:fc:5d:
                    30:45:c8:35:2b:4c:aa:e4:d8:a4:e7:6a:13:c5:fb:
                    17:a7:35:e1:fe:84:ce:b1:f5:d0:6c:63:48:bf:4b:
                    e7:5b:d5:01:13:2a:9d:f3:19:ed:b9:84:fc:69:b1:
                    c6:02:7c:63:2a:fc:76:ab:9e:ee:85:4f:ab:53:e8:
                    0e:d4:15:08:47:88:bb:57:bd:22:68:c2:65:67:0f:
                    b1:f2:16:c0:e3:b7:87:12:eb:d8:7e:b9:41:b2:4d:
                    ca:99:9a:25:62:03:6b:d9:c8:95:36:62:f7:20:ba:
                    2e:31:c1:11:dd:62:61:31:20:9d:29:ae:0d:bd:42:
                    9a:bd:42:82:c3:6c:49:ac:41:0c:cb:cb:4c:51:91:
                    3c:fe:cb:bc:4f:0c:8c:15:84:df:5c:49:a4:90:cf:
                    f3:64:89:cb:82:24:be:dd:56:6d:68:0f:bf:01:4f:
                    e4:48:98:e5:3c:69:79:36:71:76:84:a9:63:8a:50:
                    a0:ba:2d:b6:26:1c:ad:f9:30:68:f9:ec:dc:58:aa:
                    25:26:79:62:13:54:10:20:eb:77:8c:50:91:9e:2f:
                    e7:c9:f6:90:27:95:0a:c7:7f:30:0f:4f:9c:5b:22:
                    c2:7c:12:f9:60:31:d2:6b:01:89:0e:f2:63:1a:37:
                    c1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:60:61:0B:B7:2E:C8:78:CB:91:9A:4B:02:F5:17:32:80:1F:38:65
            X509v3 Authority Key Identifier:
                keyid:DE:C4:33:97:7C:72:B4:BE:5D:88:8F:56:85:3E:D3:1A:1F:F1:EF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3sQzl3xytL5diI9WhT7TGh_x78Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/456a85-b7a1-4183-a64f-223f508c055a/1/3sQzl3xytL5diI9WhT7TGh_x78Y.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/456a85-b7a1-4183-a64f-223f508c055a/1/3sQzl3xytL5diI9WhT7TGh_x78Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         cc:0b:d7:96:f8:dd:d2:21:fe:cb:7f:75:f4:a3:1e:05:d9:fd:
         99:6b:d2:eb:92:fa:f2:33:68:5a:20:45:a1:f8:0d:5a:7d:c8:
         e8:f2:39:9a:70:a5:f9:e2:07:91:71:5f:99:a5:36:9f:ca:b5:
         ba:ad:0f:8c:3c:cb:a3:c9:51:5a:e0:9b:b4:2a:7a:bb:84:23:
         09:2e:d9:12:5d:ed:22:5f:b6:dc:c8:9a:58:71:2c:53:08:d9:
         93:1e:e7:53:93:2e:09:9a:2a:a5:f6:0d:84:b1:e3:a2:cf:f2:
         78:e8:83:5a:df:22:74:99:bc:72:d2:13:21:e2:0d:ec:0c:94:
         d1:6e:ec:e6:48:3e:34:32:76:50:55:07:23:23:ff:bf:9f:9d:
         49:d1:f9:cc:01:31:bd:e4:bd:f7:62:ea:8c:1f:1b:92:f7:5a:
         81:1a:ab:75:f4:71:c7:f0:92:6f:10:a5:7e:25:22:3c:a7:33:
         9f:7a:f7:b9:74:de:81:23:ee:53:4c:19:41:56:89:ab:fc:f8:
         3c:5c:b2:b1:ca:3f:3c:bd:04:9f:fb:57:e2:f3:3f:9b:c9:22:
         ff:c9:21:19:19:84:e6:30:77:26:36:a5:52:ea:f7:5b:f7:d0:
         61:bc:ea:a4:f5:3f:15:bc:b3:e7:8a:c0:d4:99:66:cb:03:5e:
         c1:50:8d:53
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpN4VL60q0ZqgYJbzQP7gJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlYzQzMzk3N2M3MmI0YmU1ZDg4OGY1Njg1M2VkMzFhMWZm
MWVmYzYwHhcNMjUxMTA0MDgwMDAzWhcNMjUxMTA1MDgwMDAzWjAzMTEwLwYDVQQD
EyhiZDYwNjEwYmI3MmVjODc4Y2I5MTlhNGIwMmY1MTczMjgwMWYzODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocVx6qiOSlxCK33V/F0wRcg1K0yq
5Nik52oTxfsXpzXh/oTOsfXQbGNIv0vnW9UBEyqd8xntuYT8abHGAnxjKvx2q57u
hU+rU+gO1BUIR4i7V70iaMJlZw+x8hbA47eHEuvYfrlBsk3KmZolYgNr2ciVNmL3
ILouMcER3WJhMSCdKa4NvUKavUKCw2xJrEEMy8tMUZE8/su8TwyMFYTfXEmkkM/z
ZInLgiS+3VZtaA+/AU/kSJjlPGl5NnF2hKljilCgui22Jhyt+TBo+ezcWKolJnli
E1QQIOt3jFCRni/nyfaQJ5UKx38wD0+cWyLCfBL5YDHSawGJDvJjGjfBJQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFL1gYQu3Lsh4y5GaSwL1FzKAHzhlMB8GA1UdIwQY
MBaAFN7EM5d8crS+XYiPVoU+0xof8e/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3NRemwzeHl0TDVkaUk5V2hUN1RHaF94NzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80NTZhODUtYjdhMS00MTgzLWE2NGYt
MjIzZjUwOGMwNTVhLzEvM3NRemwzeHl0TDVkaUk5V2hUN1RHaF94NzhZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80NTZhODUtYjdhMS00MTgzLWE2NGYtMjIzZjUwOGMwNTVh
LzEvM3NRemwzeHl0TDVkaUk5V2hUN1RHaF94NzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAzAvXlvjd
0iH+y3919KMeBdn9mWvS65L68jNoWiBFofgNWn3I6PI5mnCl+eIHkXFfmaU2n8q1
uq0PjDzLo8lRWuCbtCp6u4QjCS7ZEl3tIl+23MiaWHEsUwjZkx7nU5MuCZoqpfYN
hLHjos/yeOiDWt8idJm8ctITIeIN7AyU0W7s5kg+NDJ2UFUHIyP/v5+dSdH5zAEx
veS992LqjB8bkvdagRqrdfRxx/CSbxClfiUiPKczn3r3uXTegSPuU0wZQVaJq/z4
PFyysco/PL0En/tX4vM/m8ki/8khGRmE5jB3JjalUur3W/fQYbzqpPU/Fbyz54rA
1JlmywNewVCNUw==
-----END CERTIFICATE-----