Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft
File:                     YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft (raw, json)
Hash identifier:          4VNFcVuhAn7bGcVFcCUBQK7pB3sJwQ2Kc4kUru+vCZg=
Subject key identifier:   CA:2A:96:02:B8:F6:60:E8:68:6E:DE:AC:79:B3:0D:52:FC:B2:DF:4B
Authority key identifier: 60:A4:34:FD:6B:FF:8B:6F:BB:0D:52:F8:DA:42:E9:1F:8A:5A:29:2F
Certificate issuer:       /CN=60a434fd6bff8b6fbb0d52f8da42e91f8a5a292f
Certificate serial:       019A503DD06C2A5EBB8066982FAD8B1C0ABA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YKQ0_Wv_i2-7DVL42kLpH4paKS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft
Manifest number:          08A7
Signing time:             Tue 04 Nov 2025 19:00:19 +0000
Manifest this update:     Tue 04 Nov 2025 19:00:19 +0000
Manifest next update:     Wed 05 Nov 2025 19:00:19 +0000
Files and hashes:         1: YKQ0_Wv_i2-7DVL42kLpH4paKS8.crl (hash: Z/B77TwJ27XdKA0I5rKdN7oG05at0CDfbprWJwUOIN8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YKQ0_Wv_i2-7DVL42kLpH4paKS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:3d:d0:6c:2a:5e:bb:80:66:98:2f:ad:8b:1c:0a:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60a434fd6bff8b6fbb0d52f8da42e91f8a5a292f
        Validity
            Not Before: Nov  4 19:00:19 2025 GMT
            Not After : Nov  5 19:00:19 2025 GMT
        Subject: CN=ca2a9602b8f660e8686edeac79b30d52fcb2df4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:43:68:1b:ae:56:de:1a:56:e7:86:9d:46:ab:
                    0b:11:cc:28:b1:94:db:6a:71:e3:73:98:17:fc:1d:
                    91:51:01:07:2c:4e:b5:d3:58:18:76:19:24:36:75:
                    cf:5b:f7:1f:c6:c8:fd:b8:3f:8f:3b:52:9b:11:ab:
                    c2:3c:bf:86:dc:aa:26:0a:97:b5:30:cf:f2:db:ac:
                    f7:18:fd:b7:c9:2a:df:7d:02:db:88:79:f6:2f:3c:
                    c2:44:dc:4c:e7:80:08:4b:24:6f:2b:cc:7f:01:0f:
                    4b:a3:43:42:e4:42:41:d9:14:5f:6b:de:3e:b6:1a:
                    6a:d2:b0:7c:3d:5a:93:b8:cb:f5:14:e0:7f:ac:b2:
                    8e:d5:00:f2:05:78:4b:cc:6a:73:70:8f:bb:4e:22:
                    98:be:eb:89:ce:1a:69:08:cf:fa:7f:83:37:16:a2:
                    b4:42:5d:6b:2f:d6:91:4e:4a:ff:76:c1:1a:b4:99:
                    39:3c:ee:be:6a:13:d6:1b:e5:1e:aa:a5:98:74:ea:
                    5e:15:4f:fe:f0:9d:0e:cc:e0:45:fa:87:1e:37:0d:
                    12:c5:39:fb:b4:5b:f6:06:9f:7a:98:b3:cc:7d:85:
                    71:76:cd:d9:c4:93:1f:7a:15:4a:7f:76:cc:15:bb:
                    45:6d:54:a2:16:f7:12:3e:bc:4b:c4:2e:7f:6d:99:
                    f2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2A:96:02:B8:F6:60:E8:68:6E:DE:AC:79:B3:0D:52:FC:B2:DF:4B
            X509v3 Authority Key Identifier:
                keyid:60:A4:34:FD:6B:FF:8B:6F:BB:0D:52:F8:DA:42:E9:1F:8A:5A:29:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YKQ0_Wv_i2-7DVL42kLpH4paKS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/6801c9-dd17-4dca-8100-6a3f01d9cb50/1/YKQ0_Wv_i2-7DVL42kLpH4paKS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         0f:f9:8e:7f:8b:7c:5a:d5:02:e1:18:72:8a:14:47:7d:2b:b4:
         9f:86:a8:1e:7f:8c:04:f5:70:25:a7:27:6f:38:fa:9a:55:df:
         a1:fd:1d:4e:e3:72:55:08:22:33:38:16:ca:8d:75:c0:95:6f:
         6c:ac:41:b3:21:cc:0a:13:57:cb:95:37:0f:b4:63:a8:54:e6:
         34:75:78:f6:ec:c8:18:17:d0:38:e3:94:30:55:83:7f:aa:ff:
         54:55:ad:4d:6f:cb:83:c7:05:83:85:70:03:7d:de:95:a0:1c:
         34:92:af:86:cc:a9:dd:4b:4b:7d:e7:d0:90:8b:60:4f:1c:a1:
         3e:85:70:55:e8:64:01:98:b6:0e:47:30:fa:0c:23:0b:38:79:
         9f:57:85:b4:6b:3f:87:25:0f:86:5d:59:85:7b:22:3c:58:fa:
         7b:6b:f2:bd:b0:20:a9:ff:21:58:2e:a0:15:60:85:0b:91:54:
         cb:99:88:11:53:83:e2:4b:5c:80:f2:3c:83:95:0f:bf:22:b4:
         d6:53:62:bb:45:b2:7f:11:a4:f4:a5:52:f5:d6:53:ac:35:81:
         c4:24:40:c7:11:b1:bf:e0:18:a9:c6:15:b0:1b:b5:c8:27:66:
         f3:57:ec:41:95:19:e9:be:0c:d9:cd:46:88:15:c5:f8:c6:fd:
         b2:83:fb:3d
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpQPdBsKl67gGaYL62LHAq6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYTQzNGZkNmJmZjhiNmZiYjBkNTJmOGRhNDJlOTFmOGE1
YTI5MmYwHhcNMjUxMTA0MTkwMDE5WhcNMjUxMTA1MTkwMDE5WjAzMTEwLwYDVQQD
EyhjYTJhOTYwMmI4ZjY2MGU4Njg2ZWRlYWM3OWIzMGQ1MmZjYjJkZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApENoG65W3hpW54adRqsLEcwosZTb
anHjc5gX/B2RUQEHLE6101gYdhkkNnXPW/cfxsj9uD+PO1KbEavCPL+G3KomCpe1
MM/y26z3GP23ySrffQLbiHn2LzzCRNxM54AISyRvK8x/AQ9Lo0NC5EJB2RRfa94+
thpq0rB8PVqTuMv1FOB/rLKO1QDyBXhLzGpzcI+7TiKYvuuJzhppCM/6f4M3FqK0
Ql1rL9aRTkr/dsEatJk5PO6+ahPWG+UeqqWYdOpeFU/+8J0OzOBF+oceNw0SxTn7
tFv2Bp96mLPMfYVxds3ZxJMfehVKf3bMFbtFbVSiFvcSPrxLxC5/bZny+QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMoqlgK49mDoaG7erHmzDVL8st9LMB8GA1UdIwQY
MBaAFGCkNP1r/4tvuw1S+NpC6R+KWikvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUtRMF9Xdl9pMi03RFZMNDJrTHBINHBhS1M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82ODAxYzktZGQxNy00ZGNhLTgxMDAt
NmEzZjAxZDljYjUwLzEvWUtRMF9Xdl9pMi03RFZMNDJrTHBINHBhS1M4Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82ODAxYzktZGQxNy00ZGNhLTgxMDAtNmEzZjAxZDljYjUw
LzEvWUtRMF9Xdl9pMi03RFZMNDJrTHBINHBhS1M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAD/mOf4t8
WtUC4RhyihRHfSu0n4aoHn+MBPVwJacnbzj6mlXfof0dTuNyVQgiMzgWyo11wJVv
bKxBsyHMChNXy5U3D7RjqFTmNHV49uzIGBfQOOOUMFWDf6r/VFWtTW/Lg8cFg4Vw
A33elaAcNJKvhsyp3UtLfefQkItgTxyhPoVwVehkAZi2Dkcw+gwjCzh5n1eFtGs/
hyUPhl1ZhXsiPFj6e2vyvbAgqf8hWC6gFWCFC5FUy5mIEVOD4ktcgPI8g5UPvyK0
1lNiu0WyfxGk9KVS9dZTrDWBxCRAxxGxv+AYqcYVsBu1yCdm81fsQZUZ6b4M2c1G
iBXF+Mb9soP7PQ==
-----END CERTIFICATE-----