Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft
File:                     PNQrfxakRkXr2PObog8ZBxOxs7w.mft (raw, json)
Hash identifier:          T4JZA05RS1rEGXbgpSnubrYq/1sFvijO3cZwnVohXn0=
Subject key identifier:   32:08:AA:60:CC:2F:D0:53:CB:D9:53:FC:8C:51:4D:C7:C5:AF:7C:51
Authority key identifier: 3C:D4:2B:7F:16:A4:46:45:EB:D8:F3:9B:A2:0F:19:07:13:B1:B3:BC
Certificate issuer:       /CN=3cd42b7f16a44645ebd8f39ba20f190713b1b3bc
Certificate serial:       01969ABDD1FE223FD3AEBCE4C4EE26CBD098
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNQrfxakRkXr2PObog8ZBxOxs7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft
Manifest number:          1520
Signing time:             Sun 04 May 2025 10:00:53 +0000
Manifest this update:     Sun 04 May 2025 10:00:53 +0000
Manifest next update:     Mon 05 May 2025 10:00:53 +0000
Files and hashes:         1: PNQrfxakRkXr2PObog8ZBxOxs7w.crl (hash: MfAMuAg7s0ibAMkTUPD5QaFnlj5dxLgRPRsSv4ObddU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNQrfxakRkXr2PObog8ZBxOxs7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9a:bd:d1:fe:22:3f:d3:ae:bc:e4:c4:ee:26:cb:d0:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd42b7f16a44645ebd8f39ba20f190713b1b3bc
        Validity
            Not Before: May  4 10:00:53 2025 GMT
            Not After : May  5 10:00:53 2025 GMT
        Subject: CN=3208aa60cc2fd053cbd953fc8c514dc7c5af7c51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:08:23:ae:4e:d4:a9:db:77:ac:9e:f4:75:39:
                    23:30:e4:f7:13:d2:e4:1b:43:e9:b8:93:4a:d7:c2:
                    01:34:d6:0b:f7:e4:7d:7d:ed:91:de:94:6a:28:11:
                    1a:df:9f:cd:d5:47:d3:a2:19:bb:af:35:f3:7c:e7:
                    c1:5b:96:6a:4b:b1:f5:2b:15:69:85:24:83:a0:46:
                    8b:c6:ac:f7:11:9d:cb:31:6b:39:a8:b0:45:78:46:
                    70:49:bb:67:84:0e:8b:73:86:f2:ed:3c:65:8f:42:
                    0d:89:07:9a:18:c6:b3:e4:77:8c:85:10:45:fa:af:
                    d9:eb:00:e1:1b:7c:14:05:d0:d6:5c:6f:a1:9c:5c:
                    87:ff:34:f5:e8:22:3b:34:4e:2c:92:17:78:fe:19:
                    d3:20:dc:bc:2a:b8:3c:32:9f:83:98:ea:4b:3c:82:
                    fa:20:b1:40:df:10:d1:e2:b2:03:b9:ba:98:a8:b7:
                    1e:64:5b:63:b0:f7:eb:a7:26:1d:ed:bb:7f:44:1f:
                    22:d6:d6:2d:06:57:da:95:f1:24:b9:81:eb:b1:b0:
                    bc:0c:99:16:de:5b:be:92:eb:ee:46:16:db:9f:97:
                    86:27:ce:bf:b7:2a:b4:55:fa:ad:a0:a0:97:e9:39:
                    a5:77:34:0f:d3:e7:ac:2c:80:a6:62:26:c2:10:06:
                    a9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:08:AA:60:CC:2F:D0:53:CB:D9:53:FC:8C:51:4D:C7:C5:AF:7C:51
            X509v3 Authority Key Identifier:
                keyid:3C:D4:2B:7F:16:A4:46:45:EB:D8:F3:9B:A2:0F:19:07:13:B1:B3:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNQrfxakRkXr2PObog8ZBxOxs7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/2acb71-3c3b-4a66-9700-cd2726114846/1/PNQrfxakRkXr2PObog8ZBxOxs7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         5c:52:ec:83:c4:e0:d3:7e:7d:62:bb:cd:59:6a:12:87:36:5e:
         b7:fd:a3:84:b7:af:b3:c6:c8:09:f3:12:aa:f1:53:96:48:e8:
         23:2d:2c:74:1c:78:75:e7:9a:15:f4:73:4e:56:8e:ac:55:7f:
         f4:9b:31:16:40:65:11:b0:41:24:4c:ac:f5:b9:36:a2:98:8d:
         d4:33:56:54:74:ef:f2:89:90:0c:91:93:fe:96:47:85:d3:35:
         1b:1a:a3:1f:61:dc:85:82:57:a1:e3:a4:36:00:26:1b:29:8e:
         05:77:af:82:34:57:1f:3c:5d:a6:35:ec:f7:42:68:8a:e6:07:
         e2:58:c0:bb:d3:75:12:b6:5a:c1:0f:83:ac:1d:4f:a3:d7:0d:
         a2:c7:96:a1:46:0b:6f:24:a0:65:ee:d0:6e:21:74:65:8d:bc:
         df:b0:a5:f2:65:96:c4:28:7a:a8:e2:d4:d5:dc:6b:40:37:a6:
         a8:a4:19:43:61:35:14:99:d9:c3:97:35:9c:b0:fe:6e:e1:91:
         e1:ad:1c:23:9b:35:f6:33:bc:ba:7f:ed:3a:80:5d:d3:c1:7b:
         80:13:a6:df:5d:09:7d:fe:bd:72:69:48:f4:8d:76:7a:21:05:
         04:19:ce:ae:a8:ba:6e:ab:82:b2:68:75:ab:63:62:18:1a:29:
         eb:59:07:b1
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZaavdH+Ij/TrrzkxO4my9CYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDQyYjdmMTZhNDQ2NDVlYmQ4ZjM5YmEyMGYxOTA3MTNi
MWIzYmMwHhcNMjUwNTA0MTAwMDUzWhcNMjUwNTA1MTAwMDUzWjAzMTEwLwYDVQQD
EygzMjA4YWE2MGNjMmZkMDUzY2JkOTUzZmM4YzUxNGRjN2M1YWY3YzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQgjrk7Uqdt3rJ70dTkjMOT3E9Lk
G0PpuJNK18IBNNYL9+R9fe2R3pRqKBEa35/N1UfTohm7rzXzfOfBW5ZqS7H1KxVp
hSSDoEaLxqz3EZ3LMWs5qLBFeEZwSbtnhA6Lc4by7Txlj0INiQeaGMaz5HeMhRBF
+q/Z6wDhG3wUBdDWXG+hnFyH/zT16CI7NE4skhd4/hnTINy8Krg8Mp+DmOpLPIL6
ILFA3xDR4rIDubqYqLceZFtjsPfrpyYd7bt/RB8i1tYtBlfalfEkuYHrsbC8DJkW
3lu+kuvuRhbbn5eGJ86/tyq0VfqtoKCX6TmldzQP0+esLICmYibCEAapWQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDIIqmDML9BTy9lT/IxRTcfFr3xRMB8GA1UdIwQY
MBaAFDzUK38WpEZF69jzm6IPGQcTsbO8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5RcmZ4YWtSa1hyMlBPYm9nOFpCeE94czd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8yYWNiNzEtM2MzYi00YTY2LTk3MDAt
Y2QyNzI2MTE0ODQ2LzEvUE5RcmZ4YWtSa1hyMlBPYm9nOFpCeE94czd3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8yYWNiNzEtM2MzYi00YTY2LTk3MDAtY2QyNzI2MTE0ODQ2
LzEvUE5RcmZ4YWtSa1hyMlBPYm9nOFpCeE94czd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAXFLsg8Tg
0359YrvNWWoShzZet/2jhLevs8bICfMSqvFTlkjoIy0sdBx4deeaFfRzTlaOrFV/
9JsxFkBlEbBBJEys9bk2opiN1DNWVHTv8omQDJGT/pZHhdM1GxqjH2HchYJXoeOk
NgAmGymOBXevgjRXHzxdpjXs90JoiuYH4ljAu9N1ErZawQ+DrB1Po9cNoseWoUYL
bySgZe7QbiF0ZY2837Cl8mWWxCh6qOLU1dxrQDemqKQZQ2E1FJnZw5c1nLD+buGR
4a0cI5s19jO8un/tOoBd08F7gBOm310Jff69cmlI9I12eiEFBBnOrqi6bquCsmh1
q2NiGBop61kHsQ==
-----END CERTIFICATE-----