Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/d938dc-00c4-4680-9944-4a3733f4722b/1/aBFGMD9XUewN_C71R6qyR69OaB8.mft
File:                     aBFGMD9XUewN_C71R6qyR69OaB8.mft (raw, json)
Hash identifier:          eP8tr9ouz0EL55VXef0SR5pByuT2GqJULNaJDp0pLBg=
Subject key identifier:   8E:BC:63:92:E1:F3:D2:99:CD:68:4E:65:01:97:44:A9:35:C6:CD:8B
Authority key identifier: 68:11:46:30:3F:57:51:EC:0D:FC:2E:F5:47:AA:B2:47:AF:4E:68:1F
Certificate issuer:       /CN=681146303f5751ec0dfc2ef547aab247af4e681f
Certificate serial:       019A52D247693F08EB85D5FC59A6C7061200
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aBFGMD9XUewN_C71R6qyR69OaB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/d938dc-00c4-4680-9944-4a3733f4722b/1/aBFGMD9XUewN_C71R6qyR69OaB8.mft
Manifest number:          0DEF
Signing time:             Wed 05 Nov 2025 07:01:43 +0000
Manifest this update:     Wed 05 Nov 2025 07:01:43 +0000
Manifest next update:     Thu 06 Nov 2025 07:01:43 +0000
Files and hashes:         1: aBFGMD9XUewN_C71R6qyR69OaB8.crl (hash: ckeI4ZY9Gr3LOVD7PJ8lS7sCvcNbUiX+asCpXnLaiTA=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/d938dc-00c4-4680-9944-4a3733f4722b/1/aBFGMD9XUewN_C71R6qyR69OaB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/d938dc-00c4-4680-9944-4a3733f4722b/1/aBFGMD9XUewN_C71R6qyR69OaB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aBFGMD9XUewN_C71R6qyR69OaB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:52:d2:47:69:3f:08:eb:85:d5:fc:59:a6:c7:06:12:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=681146303f5751ec0dfc2ef547aab247af4e681f
        Validity
            Not Before: Nov  5 07:01:43 2025 GMT
            Not After : Nov  6 07:01:43 2025 GMT
        Subject: CN=8ebc6392e1f3d299cd684e65019744a935c6cd8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4e:dc:eb:fb:68:e9:1e:36:13:53:47:6d:78:
                    f1:a1:00:3e:be:49:3c:f8:60:0f:71:09:a7:e6:0c:
                    5c:e0:f2:e9:7d:ec:0c:eb:64:98:42:0d:6f:5c:b4:
                    cc:a6:e2:bd:48:17:5f:f1:e2:bb:29:01:98:d7:40:
                    67:b4:53:3d:1d:7a:c9:32:65:34:e0:92:e3:6c:53:
                    1c:91:7c:6c:56:45:22:f2:f9:c7:40:c7:da:f1:6b:
                    0a:7b:da:1d:ad:47:7e:45:de:bf:41:26:dc:b7:9e:
                    5b:17:19:bb:c1:f2:ee:70:3e:97:bb:d0:49:ee:57:
                    57:77:13:ea:68:48:fb:11:8d:44:45:0e:bc:fc:ac:
                    a2:fe:15:4b:ea:18:1d:46:65:ab:56:10:b3:4f:3d:
                    54:70:7d:db:5f:5b:35:39:6d:96:34:72:47:ce:a9:
                    f4:8c:62:a1:47:4e:c0:8d:6b:75:1a:27:cb:88:cd:
                    f0:21:26:5a:fc:33:d9:58:0a:2f:35:bf:27:94:a2:
                    18:3a:c1:99:d9:be:3e:94:cd:89:41:d7:22:d1:f5:
                    42:35:d3:e2:57:a3:fc:ee:8e:29:c4:83:0f:50:33:
                    8f:e7:6d:ea:00:a2:87:bb:d8:b4:f7:b2:b8:e3:00:
                    24:a2:51:4d:d3:ad:35:9c:67:cf:27:65:3e:69:ed:
                    1a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BC:63:92:E1:F3:D2:99:CD:68:4E:65:01:97:44:A9:35:C6:CD:8B
            X509v3 Authority Key Identifier:
                keyid:68:11:46:30:3F:57:51:EC:0D:FC:2E:F5:47:AA:B2:47:AF:4E:68:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBFGMD9XUewN_C71R6qyR69OaB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/d938dc-00c4-4680-9944-4a3733f4722b/1/aBFGMD9XUewN_C71R6qyR69OaB8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/d938dc-00c4-4680-9944-4a3733f4722b/1/aBFGMD9XUewN_C71R6qyR69OaB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         0a:b2:fc:f1:c0:bb:b9:61:74:15:c1:d5:4f:87:22:18:63:fe:
         61:26:22:af:3d:25:c8:82:87:97:4e:5f:f1:63:fc:d2:d1:13:
         72:ae:44:4a:1f:41:ca:c3:1b:0d:13:3d:07:30:35:aa:84:ab:
         7f:46:53:af:b5:8f:68:e2:86:37:82:67:c9:f6:89:2b:13:61:
         4d:60:91:36:bb:5f:70:62:07:ff:f1:cb:71:b9:80:51:e2:1b:
         cc:80:c2:65:43:0d:d2:2b:5e:00:ca:e3:63:13:79:a7:a9:8e:
         e3:98:8a:85:57:13:24:e8:25:22:09:d7:2d:46:d7:7d:81:a1:
         c5:49:88:95:37:96:31:ca:93:61:7f:d7:51:a1:77:65:82:d8:
         d8:44:88:f3:cd:03:23:a9:97:4a:fe:bf:9f:50:c0:07:85:9e:
         af:6f:dc:06:87:f3:d8:c9:3a:98:18:4c:05:84:b0:39:0f:a4:
         93:f3:37:df:7f:d9:61:ce:4a:ba:33:88:77:40:6d:d2:8c:fe:
         02:44:c0:66:38:aa:0a:40:e1:50:a3:a1:06:15:51:4c:41:20:
         ab:6e:f5:8a:a7:ac:ea:62:d5:e2:c7:68:9f:de:35:3a:c7:05:
         50:03:88:d6:a1:5c:2d:eb:f0:7b:22:fe:d6:4c:f6:f5:e8:ac:
         d8:74:26:77
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpS0kdpPwjrhdX8WabHBhIAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTE0NjMwM2Y1NzUxZWMwZGZjMmVmNTQ3YWFiMjQ3YWY0
ZTY4MWYwHhcNMjUxMTA1MDcwMTQzWhcNMjUxMTA2MDcwMTQzWjAzMTEwLwYDVQQD
Eyg4ZWJjNjM5MmUxZjNkMjk5Y2Q2ODRlNjUwMTk3NDRhOTM1YzZjZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsE7c6/to6R42E1NHbXjxoQA+vkk8
+GAPcQmn5gxc4PLpfewM62SYQg1vXLTMpuK9SBdf8eK7KQGY10BntFM9HXrJMmU0
4JLjbFMckXxsVkUi8vnHQMfa8WsKe9odrUd+Rd6/QSbct55bFxm7wfLucD6Xu9BJ
7ldXdxPqaEj7EY1ERQ68/Kyi/hVL6hgdRmWrVhCzTz1UcH3bX1s1OW2WNHJHzqn0
jGKhR07AjWt1GifLiM3wISZa/DPZWAovNb8nlKIYOsGZ2b4+lM2JQdci0fVCNdPi
V6P87o4pxIMPUDOP523qAKKHu9i097K44wAkolFN0601nGfPJ2U+ae0amwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFI68Y5Lh89KZzWhOZQGXRKk1xs2LMB8GA1UdIwQY
MBaAFGgRRjA/V1HsDfwu9UeqskevTmgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJGR01EOVhVZXdOX0M3MVI2cXlSNjlPYUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9kOTM4ZGMtMDBjNC00NjgwLTk5NDQt
NGEzNzMzZjQ3MjJiLzEvYUJGR01EOVhVZXdOX0M3MVI2cXlSNjlPYUI4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9kOTM4ZGMtMDBjNC00NjgwLTk5NDQtNGEzNzMzZjQ3MjJi
LzEvYUJGR01EOVhVZXdOX0M3MVI2cXlSNjlPYUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEACrL88cC7
uWF0FcHVT4ciGGP+YSYirz0lyIKHl05f8WP80tETcq5ESh9BysMbDRM9BzA1qoSr
f0ZTr7WPaOKGN4JnyfaJKxNhTWCRNrtfcGIH//HLcbmAUeIbzIDCZUMN0iteAMrj
YxN5p6mO45iKhVcTJOglIgnXLUbXfYGhxUmIlTeWMcqTYX/XUaF3ZYLY2ESI880D
I6mXSv6/n1DAB4Wer2/cBofz2Mk6mBhMBYSwOQ+kk/M333/ZYc5KujOId0Bt0oz+
AkTAZjiqCkDhUKOhBhVRTEEgq271iqes6mLV4sdon941OscFUAOI1qFcLevweyL+
1kz29eis2HQmdw==
-----END CERTIFICATE-----