Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7b540f-b83a-40b9-ae6d-cdcee23a83b0/1/yKQR5q7CPK13xDcrTXsLH8gtXcA.mft
File:                     yKQR5q7CPK13xDcrTXsLH8gtXcA.mft (raw, json)
Hash identifier:          GfqY9prQ1NnFBxf5+6IMpcyPfGasp+fBJmyEz1d9n5Y=
Subject key identifier:   64:7A:ED:FB:13:C0:B3:9C:E1:FE:D2:FF:08:4E:89:5E:BF:68:AE:AD
Authority key identifier: C8:A4:11:E6:AE:C2:3C:AD:77:C4:37:2B:4D:7B:0B:1F:C8:2D:5D:C0
Certificate issuer:       /CN=c8a411e6aec23cad77c4372b4d7b0b1fc82d5dc0
Certificate serial:       019A4DAA9D9E6E26AA85E1E74D1F77E6DAE9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yKQR5q7CPK13xDcrTXsLH8gtXcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7b540f-b83a-40b9-ae6d-cdcee23a83b0/1/yKQR5q7CPK13xDcrTXsLH8gtXcA.mft
Manifest number:          170A
Signing time:             Tue 04 Nov 2025 07:00:18 +0000
Manifest this update:     Tue 04 Nov 2025 07:00:18 +0000
Manifest next update:     Wed 05 Nov 2025 07:00:18 +0000
Files and hashes:         1: yKQR5q7CPK13xDcrTXsLH8gtXcA.crl (hash: lKd4IAFXQO8nA0+Y9w7YlcoZ5uJfZwdGNa6XQsjAhvk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7b540f-b83a-40b9-ae6d-cdcee23a83b0/1/yKQR5q7CPK13xDcrTXsLH8gtXcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7b540f-b83a-40b9-ae6d-cdcee23a83b0/1/yKQR5q7CPK13xDcrTXsLH8gtXcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yKQR5q7CPK13xDcrTXsLH8gtXcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4d:aa:9d:9e:6e:26:aa:85:e1:e7:4d:1f:77:e6:da:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8a411e6aec23cad77c4372b4d7b0b1fc82d5dc0
        Validity
            Not Before: Nov  4 07:00:18 2025 GMT
            Not After : Nov  5 07:00:18 2025 GMT
        Subject: CN=647aedfb13c0b39ce1fed2ff084e895ebf68aead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:db:24:63:e1:13:b1:3c:a1:9c:6a:7e:c3:70:
                    98:d9:11:ab:1b:8d:29:e2:b5:0a:67:d4:c2:d1:0e:
                    a7:54:bc:2b:87:2d:17:bb:50:d7:a9:05:7b:cd:67:
                    81:31:9e:7f:14:f2:ca:9f:da:07:6f:13:0d:4e:19:
                    dd:a3:5f:82:16:f1:dc:10:e3:b3:c6:72:37:fc:65:
                    88:f8:c9:f3:6f:18:1d:b9:68:47:be:63:72:5b:de:
                    ef:5d:c2:ac:83:d0:a6:5a:d1:74:12:09:82:bc:b9:
                    3d:85:d9:fa:32:a6:a8:f8:a3:76:3e:9a:bf:d2:3f:
                    55:cc:b7:fd:1f:7f:9a:d9:d2:a2:8c:8f:a0:6f:ec:
                    4b:ee:2e:f9:b2:56:42:66:8f:94:15:d7:d7:5c:51:
                    93:0a:2a:d8:b4:9f:4a:ee:af:24:fa:21:dc:41:b7:
                    45:23:e5:6d:6f:85:07:69:e7:0f:96:ce:27:ec:fe:
                    77:5b:2d:4c:b9:16:95:7e:d5:3c:0e:35:4e:55:ab:
                    ce:e5:d6:21:56:b9:e0:ca:be:9d:06:ca:3f:dc:9b:
                    10:cd:02:d0:a2:19:cb:fe:d3:a5:33:34:8f:56:8e:
                    cd:ae:84:8f:1c:51:f9:ac:d2:d6:4e:6e:ef:1b:88:
                    41:61:13:a1:b0:72:55:8a:e4:23:33:1d:6d:51:9f:
                    ad:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:7A:ED:FB:13:C0:B3:9C:E1:FE:D2:FF:08:4E:89:5E:BF:68:AE:AD
            X509v3 Authority Key Identifier:
                keyid:C8:A4:11:E6:AE:C2:3C:AD:77:C4:37:2B:4D:7B:0B:1F:C8:2D:5D:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKQR5q7CPK13xDcrTXsLH8gtXcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7b540f-b83a-40b9-ae6d-cdcee23a83b0/1/yKQR5q7CPK13xDcrTXsLH8gtXcA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7b540f-b83a-40b9-ae6d-cdcee23a83b0/1/yKQR5q7CPK13xDcrTXsLH8gtXcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         7e:08:58:e4:24:25:67:aa:bd:bc:eb:30:4a:ff:6e:48:cc:c0:
         50:b7:28:84:bf:d6:c1:3d:66:a9:fd:a2:04:f5:3c:85:18:99:
         cc:5a:e8:af:ff:8e:f1:94:87:dc:f2:c6:46:01:59:85:4f:0c:
         31:96:c4:b7:98:4e:c1:a2:5c:c7:44:0d:4b:9f:95:35:fa:1d:
         e1:16:60:de:47:0c:90:56:f5:7c:6e:cf:fb:f2:7d:d5:3c:5e:
         ee:84:10:ef:7e:5a:43:d1:b2:0d:66:b7:20:3e:61:61:1d:a1:
         68:35:85:58:ae:cf:2f:54:b3:0f:65:f5:84:08:7b:52:ff:53:
         ad:bb:f6:05:06:c0:fd:0a:e8:41:62:fa:a1:b6:64:7c:76:d0:
         c3:e3:d0:60:52:f7:d0:a8:e1:2d:82:58:7b:27:6e:e4:76:75:
         5e:da:f5:4e:98:bf:db:67:22:21:1b:7b:18:e7:8b:88:aa:27:
         63:72:bf:38:43:1c:39:b9:98:96:f7:c3:2d:93:d8:b6:a0:eb:
         17:51:d9:7e:40:40:f8:00:fe:65:01:aa:e0:fa:c9:2e:eb:50:
         c2:b0:19:18:c2:d2:63:a3:8c:15:58:e2:4d:ad:96:3d:76:16:
         f7:4b:b2:e3:b1:90:37:95:c5:80:e9:2d:77:f5:38:e8:30:f4:
         cf:7f:3a:c5
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpNqp2ebiaqheHnTR935trpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YTQxMWU2YWVjMjNjYWQ3N2M0MzcyYjRkN2IwYjFmYzgy
ZDVkYzAwHhcNMjUxMTA0MDcwMDE4WhcNMjUxMTA1MDcwMDE4WjAzMTEwLwYDVQQD
Eyg2NDdhZWRmYjEzYzBiMzljZTFmZWQyZmYwODRlODk1ZWJmNjhhZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNskY+ETsTyhnGp+w3CY2RGrG40p
4rUKZ9TC0Q6nVLwrhy0Xu1DXqQV7zWeBMZ5/FPLKn9oHbxMNThndo1+CFvHcEOOz
xnI3/GWI+MnzbxgduWhHvmNyW97vXcKsg9CmWtF0EgmCvLk9hdn6Mqao+KN2Ppq/
0j9VzLf9H3+a2dKijI+gb+xL7i75slZCZo+UFdfXXFGTCirYtJ9K7q8k+iHcQbdF
I+Vtb4UHaecPls4n7P53Wy1MuRaVftU8DjVOVavO5dYhVrngyr6dBso/3JsQzQLQ
ohnL/tOlMzSPVo7NroSPHFH5rNLWTm7vG4hBYROhsHJViuQjMx1tUZ+tnwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGR67fsTwLOc4f7S/whOiV6/aK6tMB8GA1UdIwQY
MBaAFMikEeauwjytd8Q3K017Cx/ILV3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUtRUjVxN0NQSzEzeERjclRYc0xIOGd0WGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83YjU0MGYtYjgzYS00MGI5LWFlNmQt
Y2RjZWUyM2E4M2IwLzEveUtRUjVxN0NQSzEzeERjclRYc0xIOGd0WGNBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83YjU0MGYtYjgzYS00MGI5LWFlNmQtY2RjZWUyM2E4M2Iw
LzEveUtRUjVxN0NQSzEzeERjclRYc0xIOGd0WGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAfghY5CQl
Z6q9vOswSv9uSMzAULcohL/WwT1mqf2iBPU8hRiZzFror/+O8ZSH3PLGRgFZhU8M
MZbEt5hOwaJcx0QNS5+VNfod4RZg3kcMkFb1fG7P+/J91Txe7oQQ735aQ9GyDWa3
ID5hYR2haDWFWK7PL1SzD2X1hAh7Uv9Trbv2BQbA/QroQWL6obZkfHbQw+PQYFL3
0KjhLYJYeydu5HZ1Xtr1Tpi/22ciIRt7GOeLiKonY3K/OEMcObmYlvfDLZPYtqDr
F1HZfkBA+AD+ZQGq4PrJLutQwrAZGMLSY6OMFVjiTa2WPXYW90uy47GQN5XFgOkt
d/U46DD0z386xQ==
-----END CERTIFICATE-----