Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft
File:                     KrmiSem1jILhRV6yM5RVsDHn3d8.mft (raw, json)
Hash identifier:          TRrf3xzv0pSty6NVlnqdsDP1cLnjcn815l6nETtH6z8=
Subject key identifier:   48:CB:2F:8B:C3:69:AE:93:20:C6:F9:70:D1:B2:BA:CB:C6:B0:5A:5D
Authority key identifier: 2A:B9:A2:49:E9:B5:8C:82:E1:45:5E:B2:33:94:55:B0:31:E7:DD:DF
Certificate issuer:       /CN=2ab9a249e9b58c82e1455eb2339455b031e7dddf
Certificate serial:       019A4F62308AE24C160ED25A4033748F37D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KrmiSem1jILhRV6yM5RVsDHn3d8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft
Manifest number:          170A
Signing time:             Tue 04 Nov 2025 15:00:26 +0000
Manifest this update:     Tue 04 Nov 2025 15:00:26 +0000
Manifest next update:     Wed 05 Nov 2025 15:00:26 +0000
Files and hashes:         1: KrmiSem1jILhRV6yM5RVsDHn3d8.crl (hash: tWvEb213+NxbK2kPtVdtB0+mBlqJoHSrgSSs1jCRK8c=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KrmiSem1jILhRV6yM5RVsDHn3d8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:62:30:8a:e2:4c:16:0e:d2:5a:40:33:74:8f:37:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ab9a249e9b58c82e1455eb2339455b031e7dddf
        Validity
            Not Before: Nov  4 15:00:26 2025 GMT
            Not After : Nov  5 15:00:26 2025 GMT
        Subject: CN=48cb2f8bc369ae9320c6f970d1b2bacbc6b05a5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:51:04:a2:a3:50:b4:e0:c1:05:33:6d:60:
                    7f:94:48:d3:d1:84:4f:1e:3a:3a:89:17:37:45:f2:
                    ab:f9:18:b2:e7:d1:c2:fc:fe:f8:ea:9d:ba:b5:b5:
                    89:10:58:65:fa:14:00:7c:3e:48:19:5c:2e:c3:23:
                    46:6f:1c:20:bc:26:a9:b6:fa:64:72:88:13:89:42:
                    30:d5:73:cf:4c:ec:cc:94:c8:af:1a:13:6b:f8:49:
                    57:9b:d5:31:ac:52:5c:c2:c6:15:8b:50:3a:b2:d3:
                    d1:2d:27:66:c3:d6:62:01:af:25:de:32:d3:f1:aa:
                    ff:a1:5b:7d:cf:8a:82:1a:cc:5d:d8:42:4e:b0:dc:
                    16:17:a6:16:38:7d:06:70:5a:35:c5:40:b7:cd:60:
                    0c:2b:88:47:0d:fd:bb:07:a8:84:8b:f9:9f:c7:76:
                    35:8c:71:ba:f5:03:21:2c:f6:17:53:c0:d4:bb:e5:
                    a1:f9:f6:bc:c1:78:a9:43:96:a3:e6:2b:38:69:36:
                    b5:b7:44:a9:ad:9c:fb:29:a8:fa:10:dc:d8:eb:de:
                    9e:fb:20:0f:d7:6a:a4:24:de:30:3e:69:02:0b:0a:
                    72:f0:59:2d:77:05:fe:03:fe:13:ff:37:c1:0e:04:
                    b0:04:69:e9:de:2d:17:80:bc:2a:09:58:cc:9c:ab:
                    f8:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:CB:2F:8B:C3:69:AE:93:20:C6:F9:70:D1:B2:BA:CB:C6:B0:5A:5D
            X509v3 Authority Key Identifier:
                keyid:2A:B9:A2:49:E9:B5:8C:82:E1:45:5E:B2:33:94:55:B0:31:E7:DD:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KrmiSem1jILhRV6yM5RVsDHn3d8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9eab6d-6b35-4a5a-afb1-251f22093d04/1/KrmiSem1jILhRV6yM5RVsDHn3d8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         58:41:3d:d7:f6:0f:85:ae:59:bc:72:87:29:f8:da:97:51:35:
         60:37:36:34:b9:b3:a7:11:11:1f:9c:57:58:3a:21:1d:72:3f:
         96:f3:40:39:f2:ce:4d:22:6d:2c:6c:92:1e:df:bf:af:52:05:
         81:f9:2b:0d:5b:ee:38:ee:d7:dc:f6:c6:8b:a6:82:87:8d:19:
         da:08:bb:f1:6e:73:d6:12:c1:9e:7c:6d:69:6c:dd:b6:d9:e8:
         53:fa:42:b1:5d:96:09:25:d3:d8:ee:1d:5c:6c:0e:2b:1d:1f:
         c4:d8:87:4a:0d:c3:d1:ea:3f:78:b0:8a:8b:37:32:18:b9:cf:
         c7:27:f1:ce:49:f6:14:56:58:0d:22:0c:19:17:4e:05:34:ab:
         dd:29:b8:b8:98:5d:ec:0e:df:c9:91:30:7f:fc:c3:3d:fa:f8:
         db:a0:72:06:f6:e7:5f:02:22:5d:2d:a7:c3:fa:77:39:f1:47:
         39:c1:f2:79:af:fb:f0:f2:f6:0d:e5:ca:c5:5d:ac:54:8d:ec:
         a2:f0:6e:d4:9c:24:01:2d:59:13:d5:5a:4c:dc:1c:cd:88:21:
         05:44:20:ce:2e:0f:98:a9:38:73:98:7c:cf:17:89:17:47:34:
         5d:07:e2:36:67:d3:ce:db:f6:34:b6:5f:13:de:d6:8f:99:e1:
         d6:42:88:bd
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpPYjCK4kwWDtJaQDN0jzfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYjlhMjQ5ZTliNThjODJlMTQ1NWViMjMzOTQ1NWIwMzFl
N2RkZGYwHhcNMjUxMTA0MTUwMDI2WhcNMjUxMTA1MTUwMDI2WjAzMTEwLwYDVQQD
Eyg0OGNiMmY4YmMzNjlhZTkzMjBjNmY5NzBkMWIyYmFjYmM2YjA1YTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/5RBKKjULTgwQUzbWB/lEjT0YRP
Hjo6iRc3RfKr+Riy59HC/P746p26tbWJEFhl+hQAfD5IGVwuwyNGbxwgvCaptvpk
cogTiUIw1XPPTOzMlMivGhNr+ElXm9UxrFJcwsYVi1A6stPRLSdmw9ZiAa8l3jLT
8ar/oVt9z4qCGsxd2EJOsNwWF6YWOH0GcFo1xUC3zWAMK4hHDf27B6iEi/mfx3Y1
jHG69QMhLPYXU8DUu+Wh+fa8wXipQ5aj5is4aTa1t0SprZz7Kaj6ENzY696e+yAP
12qkJN4wPmkCCwpy8FktdwX+A/4T/zfBDgSwBGnp3i0XgLwqCVjMnKv4ywIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEjLL4vDaa6TIMb5cNGyusvGsFpdMB8GA1UdIwQY
MBaAFCq5oknptYyC4UVesjOUVbAx593fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3JtaVNlbTFqSUxoUlY2eU01UlZzREhuM2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85ZWFiNmQtNmIzNS00YTVhLWFmYjEt
MjUxZjIyMDkzZDA0LzEvS3JtaVNlbTFqSUxoUlY2eU01UlZzREhuM2Q4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85ZWFiNmQtNmIzNS00YTVhLWFmYjEtMjUxZjIyMDkzZDA0
LzEvS3JtaVNlbTFqSUxoUlY2eU01UlZzREhuM2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAWEE91/YP
ha5ZvHKHKfjal1E1YDc2NLmzpxERH5xXWDohHXI/lvNAOfLOTSJtLGySHt+/r1IF
gfkrDVvuOO7X3PbGi6aCh40Z2gi78W5z1hLBnnxtaWzdttnoU/pCsV2WCSXT2O4d
XGwOKx0fxNiHSg3D0eo/eLCKizcyGLnPxyfxzkn2FFZYDSIMGRdOBTSr3Sm4uJhd
7A7fyZEwf/zDPfr426ByBvbnXwIiXS2nw/p3OfFHOcHyea/78PL2DeXKxV2sVI3s
ovBu1JwkAS1ZE9VaTNwczYghBUQgzi4PmKk4c5h8zxeJF0c0XQfiNmfTztv2NLZf
E97Wj5nh1kKIvQ==
-----END CERTIFICATE-----