Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.mft
File:                     OWpY9F0OyAFfoyauWP9YAzKJv50.mft (raw, json)
Hash identifier:          so9F+sYQ07opAG9Qo6Yl+5q0PxBvJbQac2M2x9lpeho=
Subject key identifier:   B7:C7:3F:85:EE:7F:B4:96:DA:F2:A4:12:57:4A:FC:84:7D:83:68:4C
Authority key identifier: 39:6A:58:F4:5D:0E:C8:01:5F:A3:26:AE:58:FF:58:03:32:89:BF:9D
Certificate issuer:       /CN=396a58f45d0ec8015fa326ae58ff58033289bf9d
Certificate serial:       019A4F98ECE357780B1BBBC4B4B388331268
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OWpY9F0OyAFfoyauWP9YAzKJv50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.mft
Manifest number:          170A
Signing time:             Tue 04 Nov 2025 16:00:13 +0000
Manifest this update:     Tue 04 Nov 2025 16:00:13 +0000
Manifest next update:     Wed 05 Nov 2025 16:00:13 +0000
Files and hashes:         1: OWpY9F0OyAFfoyauWP9YAzKJv50.crl (hash: 2ZMB1ecoWNLsgaQ+aYSmQ9vafMwqclPiDtZTV77WV50=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OWpY9F0OyAFfoyauWP9YAzKJv50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:98:ec:e3:57:78:0b:1b:bb:c4:b4:b3:88:33:12:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=396a58f45d0ec8015fa326ae58ff58033289bf9d
        Validity
            Not Before: Nov  4 16:00:13 2025 GMT
            Not After : Nov  5 16:00:13 2025 GMT
        Subject: CN=b7c73f85ee7fb496daf2a412574afc847d83684c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:89:eb:d2:f7:06:9f:27:e9:74:16:ba:49:0e:
                    80:80:9d:36:41:e1:c1:03:b9:f3:c1:12:fc:c6:11:
                    e0:51:5e:cd:65:75:1e:bc:5f:90:20:3b:34:4f:9a:
                    3e:99:59:b8:b5:bd:49:8a:85:33:d3:9c:51:94:69:
                    6a:92:c0:f2:e2:c3:96:bc:2d:bf:db:7d:05:4d:e3:
                    eb:58:30:9b:2e:73:8d:53:b9:7c:0b:e9:dc:8d:79:
                    47:0e:44:da:03:eb:9d:b6:8a:a7:da:ca:4b:56:91:
                    d8:7a:97:c5:e9:72:db:44:4d:27:3c:b4:ba:e4:38:
                    1a:69:a5:4e:c3:1a:8c:d4:d4:43:7f:68:18:b8:5e:
                    76:6d:d1:44:de:69:31:6d:84:56:a7:73:ad:da:63:
                    b1:c1:b2:8e:87:15:87:3a:73:c8:39:d8:a0:a1:b8:
                    a8:48:d0:49:c5:fb:3b:a3:32:42:79:81:93:36:9f:
                    29:7c:12:a2:2d:0f:91:71:dc:bf:73:1d:88:d9:c0:
                    47:46:95:dc:aa:c7:de:81:0a:90:c1:5c:06:73:9c:
                    94:56:74:3c:25:f0:07:87:6e:cc:78:90:be:f4:e3:
                    b3:67:79:ad:a5:2b:46:f2:d8:e6:cd:c0:e0:01:dd:
                    09:80:dc:a4:2f:1a:b4:e5:f0:1e:5d:26:13:42:fd:
                    bb:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C7:3F:85:EE:7F:B4:96:DA:F2:A4:12:57:4A:FC:84:7D:83:68:4C
            X509v3 Authority Key Identifier:
                keyid:39:6A:58:F4:5D:0E:C8:01:5F:A3:26:AE:58:FF:58:03:32:89:BF:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OWpY9F0OyAFfoyauWP9YAzKJv50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/495c34-95f9-495e-b1c8-474f2cf6e62a/1/OWpY9F0OyAFfoyauWP9YAzKJv50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         45:36:91:3e:b6:b5:88:a1:f1:72:c1:8a:93:f7:5b:da:42:51:
         37:06:c4:05:54:0a:96:50:6d:d3:2d:c2:42:26:08:44:d2:45:
         5d:4d:7e:82:48:44:8c:02:e7:73:08:ff:ea:d8:39:6c:6e:4c:
         46:cd:01:d9:4a:2b:f3:46:8f:9b:61:3e:69:d3:c8:e2:e3:23:
         ba:d4:e3:eb:45:ce:eb:b2:0c:eb:66:85:12:ae:00:d1:83:b6:
         46:4a:0f:09:8e:92:80:c4:23:b7:95:3a:b3:31:a5:77:92:38:
         89:81:41:67:38:fc:4c:ce:0c:da:51:84:f0:60:6e:1e:2b:13:
         46:64:ba:3c:f2:f3:cb:fc:4b:69:52:70:7f:f2:fb:55:8e:57:
         5c:03:52:ef:6a:ef:20:91:c9:cf:9f:3c:be:12:be:95:e3:d7:
         f4:31:a2:c7:00:b8:f0:c2:68:0c:92:ea:a4:cf:1e:c3:eb:cf:
         19:68:1e:7f:29:19:5c:dc:7f:a4:35:6a:21:7d:64:0e:0e:17:
         95:5e:6f:5b:99:4b:1b:05:f4:1f:53:41:40:e4:2b:52:2d:58:
         3f:a7:ca:5f:f0:c6:94:9c:87:cf:eb:46:79:83:cd:84:27:6f:
         5f:cc:61:0f:56:58:74:00:c2:ff:ff:64:fd:0d:41:a2:58:48:
         09:c5:1a:93
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpPmOzjV3gLG7vEtLOIMxJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NmE1OGY0NWQwZWM4MDE1ZmEzMjZhZTU4ZmY1ODAzMzI4
OWJmOWQwHhcNMjUxMTA0MTYwMDEzWhcNMjUxMTA1MTYwMDEzWjAzMTEwLwYDVQQD
EyhiN2M3M2Y4NWVlN2ZiNDk2ZGFmMmE0MTI1NzRhZmM4NDdkODM2ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwonr0vcGnyfpdBa6SQ6AgJ02QeHB
A7nzwRL8xhHgUV7NZXUevF+QIDs0T5o+mVm4tb1JioUz05xRlGlqksDy4sOWvC2/
230FTePrWDCbLnONU7l8C+ncjXlHDkTaA+udtoqn2spLVpHYepfF6XLbRE0nPLS6
5DgaaaVOwxqM1NRDf2gYuF52bdFE3mkxbYRWp3Ot2mOxwbKOhxWHOnPIOdigobio
SNBJxfs7ozJCeYGTNp8pfBKiLQ+Rcdy/cx2I2cBHRpXcqsfegQqQwVwGc5yUVnQ8
JfAHh27MeJC+9OOzZ3mtpStG8tjmzcDgAd0JgNykLxq05fAeXSYTQv27tQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFLfHP4Xuf7SW2vKkEldK/IR9g2hMMB8GA1UdIwQY
MBaAFDlqWPRdDsgBX6Mmrlj/WAMyib+dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1dwWTlGME95QUZmb3lhdVdQOVlBektKdjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80OTVjMzQtOTVmOS00OTVlLWIxYzgt
NDc0ZjJjZjZlNjJhLzEvT1dwWTlGME95QUZmb3lhdVdQOVlBektKdjUwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80OTVjMzQtOTVmOS00OTVlLWIxYzgtNDc0ZjJjZjZlNjJh
LzEvT1dwWTlGME95QUZmb3lhdVdQOVlBektKdjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEARTaRPra1
iKHxcsGKk/db2kJRNwbEBVQKllBt0y3CQiYIRNJFXU1+gkhEjALncwj/6tg5bG5M
Rs0B2Uor80aPm2E+adPI4uMjutTj60XO67IM62aFEq4A0YO2RkoPCY6SgMQjt5U6
szGld5I4iYFBZzj8TM4M2lGE8GBuHisTRmS6PPLzy/xLaVJwf/L7VY5XXANS72rv
IJHJz588vhK+lePX9DGixwC48MJoDJLqpM8ew+vPGWgefykZXNx/pDVqIX1kDg4X
lV5vW5lLGwX0H1NBQOQrUi1YP6fKX/DGlJyHz+tGeYPNhCdvX8xhD1ZYdADC//9k
/Q1BolhICcUakw==
-----END CERTIFICATE-----