Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/db8ed5-37db-417e-9157-a3c3f9aa8608/1/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.mft
File:                     bdoFbDtU5QDKGcj1xHcKw_RQ5L0.mft (raw, json)
Hash identifier:          xuPQHj2O0FsMf9GnbsJITIHDjmK6P6sBGXOLOB+6rmM=
Subject key identifier:   4C:A6:CF:07:3E:AA:FD:0E:30:68:96:24:80:D8:5F:A1:8B:13:0B:10
Authority key identifier: 6D:DA:05:6C:3B:54:E5:00:CA:19:C8:F5:C4:77:0A:C3:F4:50:E4:BD
Certificate issuer:       /CN=6dda056c3b54e500ca19c8f5c4770ac3f450e4bd
Certificate serial:       019A4F62A84A1B509431DD3253E1DBCCD48F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/db8ed5-37db-417e-9157-a3c3f9aa8608/1/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.mft
Manifest number:          1709
Signing time:             Tue 04 Nov 2025 15:00:56 +0000
Manifest this update:     Tue 04 Nov 2025 15:00:56 +0000
Manifest next update:     Wed 05 Nov 2025 15:00:56 +0000
Files and hashes:         1: bdoFbDtU5QDKGcj1xHcKw_RQ5L0.crl (hash: N7MR+7mfWMYzFnd5sbXvbM0AEZXAmpXgNr47rw1fIAM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/db8ed5-37db-417e-9157-a3c3f9aa8608/1/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/db8ed5-37db-417e-9157-a3c3f9aa8608/1/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:62:a8:4a:1b:50:94:31:dd:32:53:e1:db:cc:d4:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6dda056c3b54e500ca19c8f5c4770ac3f450e4bd
        Validity
            Not Before: Nov  4 15:00:56 2025 GMT
            Not After : Nov  5 15:00:56 2025 GMT
        Subject: CN=4ca6cf073eaafd0e3068962480d85fa18b130b10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3d:3e:ea:16:2f:19:86:64:f0:c7:7d:6b:dc:
                    07:01:78:4e:6f:f1:0b:1b:7d:34:aa:55:93:39:5d:
                    68:b1:27:a7:88:c6:84:7f:29:3b:71:54:5c:3b:ec:
                    9f:5f:51:71:05:f8:73:fd:c3:df:d1:e7:1b:ee:5b:
                    44:31:20:de:5c:d3:52:5d:52:95:6a:08:3c:5e:7c:
                    13:4c:94:4d:f0:97:be:89:7c:0d:e2:47:14:1c:f1:
                    50:09:28:08:9e:1a:ea:90:4d:5c:5f:6a:b4:0e:a2:
                    67:cb:2a:13:22:5a:ca:d9:24:6c:9e:2f:8b:08:ca:
                    a8:2e:d2:08:31:1f:c3:86:1d:c4:69:44:f9:c5:63:
                    e4:67:5a:ae:d2:86:10:0a:39:29:64:19:20:25:3e:
                    c3:66:0e:9f:a0:5f:a9:42:e0:91:1d:df:fb:9b:f4:
                    53:03:64:74:5f:a3:c4:74:cb:21:68:8e:00:69:61:
                    6e:6a:5a:75:81:df:f1:3b:ea:3e:d8:dd:bf:29:47:
                    49:84:e1:d1:4c:6c:d6:8e:3f:c1:0a:d8:98:93:88:
                    89:45:a6:ce:90:17:1f:3a:a3:ac:84:31:3c:9f:8e:
                    8a:40:bb:1a:63:7c:54:4c:dc:3b:31:f9:40:08:e2:
                    6d:d1:de:51:d8:52:e2:44:14:38:b7:41:2d:9e:84:
                    f9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A6:CF:07:3E:AA:FD:0E:30:68:96:24:80:D8:5F:A1:8B:13:0B:10
            X509v3 Authority Key Identifier:
                keyid:6D:DA:05:6C:3B:54:E5:00:CA:19:C8:F5:C4:77:0A:C3:F4:50:E4:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/db8ed5-37db-417e-9157-a3c3f9aa8608/1/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/db8ed5-37db-417e-9157-a3c3f9aa8608/1/bdoFbDtU5QDKGcj1xHcKw_RQ5L0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         65:52:ae:86:c9:a5:e0:ad:74:50:55:fa:72:50:40:6f:02:fd:
         58:88:e7:39:80:07:ab:78:be:df:50:6a:09:2f:71:50:fe:f1:
         95:ad:d6:1c:35:ca:63:44:83:3e:dd:93:66:a3:44:e0:64:8f:
         65:91:8d:22:92:15:69:3b:b1:5e:c1:cf:a9:6a:bc:e2:e0:08:
         b3:3b:ed:6a:4f:b2:88:3b:06:c6:22:83:17:f1:d1:0d:81:dc:
         6f:c9:58:cd:c6:d3:c1:b9:35:60:03:e8:21:23:12:c5:41:85:
         49:a1:aa:c1:97:05:0a:0f:b9:9e:67:d2:c1:4b:9e:7f:8e:ec:
         fd:4d:20:67:d8:10:95:af:43:ef:aa:3c:94:a7:90:9d:fc:4f:
         c8:4d:44:ce:7f:ae:76:1a:ec:27:e8:55:f2:d7:f1:07:c0:27:
         5c:47:38:94:23:4a:dd:20:a3:ee:32:1d:aa:09:c6:ec:41:43:
         b9:a1:ce:4a:e3:fb:26:71:d0:e7:e5:db:53:90:b1:91:bd:7e:
         f5:ad:7b:2e:f1:aa:11:93:52:e4:72:df:55:1a:7d:70:0c:a0:
         2c:12:40:17:dc:81:bf:a0:fe:c5:05:38:e6:39:88:56:db:4e:
         88:2a:a2:73:b5:f1:50:30:95:fa:94:88:64:82:45:50:2f:83:
         cb:b3:a5:f0
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpPYqhKG1CUMd0yU+HbzNSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGEwNTZjM2I1NGU1MDBjYTE5YzhmNWM0NzcwYWMzZjQ1
MGU0YmQwHhcNMjUxMTA0MTUwMDU2WhcNMjUxMTA1MTUwMDU2WjAzMTEwLwYDVQQD
Eyg0Y2E2Y2YwNzNlYWFmZDBlMzA2ODk2MjQ4MGQ4NWZhMThiMTMwYjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwT0+6hYvGYZk8Md9a9wHAXhOb/EL
G300qlWTOV1osSeniMaEfyk7cVRcO+yfX1FxBfhz/cPf0ecb7ltEMSDeXNNSXVKV
agg8XnwTTJRN8Je+iXwN4kcUHPFQCSgInhrqkE1cX2q0DqJnyyoTIlrK2SRsni+L
CMqoLtIIMR/Dhh3EaUT5xWPkZ1qu0oYQCjkpZBkgJT7DZg6foF+pQuCRHd/7m/RT
A2R0X6PEdMshaI4AaWFualp1gd/xO+o+2N2/KUdJhOHRTGzWjj/BCtiYk4iJRabO
kBcfOqOshDE8n46KQLsaY3xUTNw7MflACOJt0d5R2FLiRBQ4t0EtnoT53wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEymzwc+qv0OMGiWJIDYX6GLEwsQMB8GA1UdIwQY
MBaAFG3aBWw7VOUAyhnI9cR3CsP0UOS9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRvRmJEdFU1UURLR2NqMXhIY0t3X1JRNUwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kYjhlZDUtMzdkYi00MTdlLTkxNTct
YTNjM2Y5YWE4NjA4LzEvYmRvRmJEdFU1UURLR2NqMXhIY0t3X1JRNUwwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kYjhlZDUtMzdkYi00MTdlLTkxNTctYTNjM2Y5YWE4NjA4
LzEvYmRvRmJEdFU1UURLR2NqMXhIY0t3X1JRNUwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAZVKuhsml
4K10UFX6clBAbwL9WIjnOYAHq3i+31BqCS9xUP7xla3WHDXKY0SDPt2TZqNE4GSP
ZZGNIpIVaTuxXsHPqWq84uAIszvtak+yiDsGxiKDF/HRDYHcb8lYzcbTwbk1YAPo
ISMSxUGFSaGqwZcFCg+5nmfSwUuef47s/U0gZ9gQla9D76o8lKeQnfxPyE1Ezn+u
dhrsJ+hV8tfxB8AnXEc4lCNK3SCj7jIdqgnG7EFDuaHOSuP7JnHQ5+XbU5Cxkb1+
9a17LvGqEZNS5HLfVRp9cAygLBJAF9yBv6D+xQU45jmIVttOiCqic7XxUDCV+pSI
ZIJFUC+Dy7Ol8A==
-----END CERTIFICATE-----