Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft
File:                     pzfikBac_OajOKZrykXP5jXRVEY.mft (raw, json)
Hash identifier:          PW6+HzXVqKeiYclMnJ7M16o9S2W7nG+9/VQGTZZ0010=
Subject key identifier:   D7:80:4D:4B:AC:7D:1A:79:FD:80:E3:2C:F0:60:5E:EA:85:39:F4:A1
Authority key identifier: A7:37:E2:90:16:9C:FC:E6:A3:38:A6:6B:CA:45:CF:E6:35:D1:54:46
Certificate issuer:       /CN=a737e290169cfce6a338a66bca45cfe635d15446
Certificate serial:       019A51504D2D2C5D2B0C8F783CE920FDFD99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pzfikBac_OajOKZrykXP5jXRVEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft
Manifest number:          170B
Signing time:             Wed 05 Nov 2025 00:00:08 +0000
Manifest this update:     Wed 05 Nov 2025 00:00:08 +0000
Manifest next update:     Thu 06 Nov 2025 00:00:08 +0000
Files and hashes:         1: pzfikBac_OajOKZrykXP5jXRVEY.crl (hash: car+vGc0KWWrzwvrfP9KN4/3ac59jb72tjrkKjRRXSM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pzfikBac_OajOKZrykXP5jXRVEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:51:50:4d:2d:2c:5d:2b:0c:8f:78:3c:e9:20:fd:fd:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a737e290169cfce6a338a66bca45cfe635d15446
        Validity
            Not Before: Nov  5 00:00:08 2025 GMT
            Not After : Nov  6 00:00:08 2025 GMT
        Subject: CN=d7804d4bac7d1a79fd80e32cf0605eea8539f4a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:db:f4:88:8a:da:c3:31:4a:14:8a:6c:8c:fa:
                    25:a8:76:ba:84:f4:7f:28:18:ec:0e:9c:e0:5b:b4:
                    94:77:e8:29:76:92:d3:eb:d9:56:8d:d1:e4:e7:0c:
                    22:2c:b4:90:6c:18:6f:d8:69:bb:04:6f:69:7e:e8:
                    67:a6:da:95:68:98:41:2a:02:db:51:2e:5b:ec:6d:
                    6c:a8:da:a3:d3:cb:7a:c4:f1:30:dc:96:9e:1a:15:
                    a9:92:58:20:24:07:f3:aa:4c:76:48:a3:d1:74:0a:
                    97:62:f7:dd:b0:27:65:c7:67:ee:a9:50:dd:dd:db:
                    c9:3f:d1:68:0b:78:91:d6:04:88:4b:07:f8:42:9e:
                    38:50:85:ac:ab:81:df:26:6c:a4:02:5e:df:07:1d:
                    80:23:7b:88:56:3d:53:61:d5:38:d9:c2:9e:8a:5d:
                    31:ea:ea:9c:de:77:b3:e8:f1:f7:0a:d4:73:58:09:
                    d5:6a:a6:26:81:c6:e8:45:1e:a0:a5:45:a9:33:c1:
                    85:9f:5c:3f:0b:ce:8e:3b:62:97:81:86:ed:dc:01:
                    68:16:0e:b3:2e:7f:cf:b2:e2:3c:45:11:8e:13:6f:
                    df:bd:17:85:03:53:ef:c1:0b:39:b9:7d:ed:b5:61:
                    6a:81:22:da:df:2d:02:21:5a:d0:57:20:60:e9:23:
                    45:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:80:4D:4B:AC:7D:1A:79:FD:80:E3:2C:F0:60:5E:EA:85:39:F4:A1
            X509v3 Authority Key Identifier:
                keyid:A7:37:E2:90:16:9C:FC:E6:A3:38:A6:6B:CA:45:CF:E6:35:D1:54:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pzfikBac_OajOKZrykXP5jXRVEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/afa9af-fe5e-4023-ac0f-76d267a2489d/1/pzfikBac_OajOKZrykXP5jXRVEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         68:0d:09:e6:78:b0:d5:23:61:18:37:43:da:20:9b:0c:1f:7f:
         9c:f9:23:ff:3a:67:1d:09:c8:d6:de:97:b5:a7:6d:d9:1c:be:
         91:8d:f1:09:fd:1e:99:63:82:d3:1f:d5:38:ff:f6:a8:c1:72:
         9c:fb:80:f4:f8:1e:bb:73:e1:98:e0:13:b7:2a:f9:e6:89:d1:
         3e:e6:f1:91:f3:37:24:e1:8d:0a:43:c0:24:b3:89:41:d7:4f:
         4a:47:ac:cf:c9:a8:24:3b:23:35:72:54:3a:14:f2:fe:7b:4f:
         0e:28:9e:34:9c:b4:76:4f:e3:04:64:26:53:74:f5:06:db:9c:
         35:09:3f:3f:ac:35:90:d1:ed:06:d1:14:65:c0:8a:26:de:6f:
         05:83:5f:79:e2:a8:18:c4:51:05:13:2b:3a:c2:24:62:78:dc:
         fc:84:a2:e1:c6:c2:d0:b7:38:7f:11:49:fa:f2:f1:76:e4:82:
         42:2b:9d:7d:b2:84:f3:fc:ca:e0:60:f2:87:63:72:6f:a3:88:
         9b:01:80:05:ec:c8:5d:6b:29:e5:b4:78:30:34:ed:b8:62:f0:
         c6:b5:21:e2:04:7d:67:c6:5c:48:ad:de:51:b3:c0:c8:8e:63:
         98:0a:9b:2c:ef:c9:a5:89:45:ea:20:8f:cc:f2:b8:f5:f4:05:
         a3:1d:34:d7
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpRUE0tLF0rDI94POkg/f2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MzdlMjkwMTY5Y2ZjZTZhMzM4YTY2YmNhNDVjZmU2MzVk
MTU0NDYwHhcNMjUxMTA1MDAwMDA4WhcNMjUxMTA2MDAwMDA4WjAzMTEwLwYDVQQD
EyhkNzgwNGQ0YmFjN2QxYTc5ZmQ4MGUzMmNmMDYwNWVlYTg1MzlmNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltv0iIrawzFKFIpsjPolqHa6hPR/
KBjsDpzgW7SUd+gpdpLT69lWjdHk5wwiLLSQbBhv2Gm7BG9pfuhnptqVaJhBKgLb
US5b7G1sqNqj08t6xPEw3JaeGhWpklggJAfzqkx2SKPRdAqXYvfdsCdlx2fuqVDd
3dvJP9FoC3iR1gSISwf4Qp44UIWsq4HfJmykAl7fBx2AI3uIVj1TYdU42cKeil0x
6uqc3nez6PH3CtRzWAnVaqYmgcboRR6gpUWpM8GFn1w/C86OO2KXgYbt3AFoFg6z
Ln/PsuI8RRGOE2/fvReFA1PvwQs5uX3ttWFqgSLa3y0CIVrQVyBg6SNF6QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNeATUusfRp5/YDjLPBgXuqFOfShMB8GA1UdIwQY
MBaAFKc34pAWnPzmozima8pFz+Y10VRGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHpmaWtCYWNfT2FqT0tacnlrWFA1alhSVkVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hZmE5YWYtZmU1ZS00MDIzLWFjMGYt
NzZkMjY3YTI0ODlkLzEvcHpmaWtCYWNfT2FqT0tacnlrWFA1alhSVkVZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hZmE5YWYtZmU1ZS00MDIzLWFjMGYtNzZkMjY3YTI0ODlk
LzEvcHpmaWtCYWNfT2FqT0tacnlrWFA1alhSVkVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAaA0J5niw
1SNhGDdD2iCbDB9/nPkj/zpnHQnI1t6Xtadt2Ry+kY3xCf0emWOC0x/VOP/2qMFy
nPuA9Pgeu3PhmOATtyr55onRPubxkfM3JOGNCkPAJLOJQddPSkesz8moJDsjNXJU
OhTy/ntPDiieNJy0dk/jBGQmU3T1BtucNQk/P6w1kNHtBtEUZcCKJt5vBYNfeeKo
GMRRBRMrOsIkYnjc/ISi4cbC0Lc4fxFJ+vLxduSCQiudfbKE8/zK4GDyh2Nyb6OI
mwGABezIXWsp5bR4MDTtuGLwxrUh4gR9Z8ZcSK3eUbPAyI5jmAqbLO/JpYlF6iCP
zPK49fQFox001w==
-----END CERTIFICATE-----