Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft
File:                     XtGkql_QUBs-ptafQzwvFkIRYIk.mft (raw, json)
Hash identifier:          D4Dvsg/Pya7CkKmDWNlC1Ec+4/schq2bZa1/GhLKzgE=
Subject key identifier:   45:22:FF:7D:90:98:E7:23:91:AC:BB:60:14:7F:25:4C:81:EA:B0:68
Authority key identifier: 5E:D1:A4:AA:5F:D0:50:1B:3E:A6:D6:9F:43:3C:2F:16:42:11:60:89
Certificate issuer:       /CN=5ed1a4aa5fd0501b3ea6d69f433c2f1642116089
Certificate serial:       019A4F6211F7FC98E41CB39264833DFBC2BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XtGkql_QUBs-ptafQzwvFkIRYIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft
Manifest number:          1708
Signing time:             Tue 04 Nov 2025 15:00:18 +0000
Manifest this update:     Tue 04 Nov 2025 15:00:18 +0000
Manifest next update:     Wed 05 Nov 2025 15:00:18 +0000
Files and hashes:         1: XtGkql_QUBs-ptafQzwvFkIRYIk.crl (hash: ZkgPmYRS4x+xRtFKjkr3vwW9Ahuz1vK/ffWjUwNDdGM=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XtGkql_QUBs-ptafQzwvFkIRYIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:62:11:f7:fc:98:e4:1c:b3:92:64:83:3d:fb:c2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ed1a4aa5fd0501b3ea6d69f433c2f1642116089
        Validity
            Not Before: Nov  4 15:00:18 2025 GMT
            Not After : Nov  5 15:00:18 2025 GMT
        Subject: CN=4522ff7d9098e72391acbb60147f254c81eab068
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6e:0f:de:3c:65:4d:b2:25:cb:ac:a4:8c:20:
                    f2:bc:6b:29:c8:62:61:11:eb:bd:09:74:e8:eb:0d:
                    cc:10:62:f1:c5:66:9a:d8:23:00:09:29:40:bd:48:
                    38:04:36:dd:f7:d7:47:b5:24:17:00:c5:9a:20:43:
                    2b:8f:de:83:da:11:94:98:4a:f2:ff:44:c9:bb:b9:
                    1c:c1:99:fe:a2:df:b4:63:8d:76:04:48:68:a0:06:
                    8e:dd:a9:4b:a0:4a:6f:2c:1c:f6:3e:05:35:9e:2a:
                    dc:87:25:2f:ad:d3:d3:ac:ab:dc:6f:99:cb:ef:c6:
                    5f:61:a1:24:85:62:d1:48:0d:a7:2d:31:df:f0:c6:
                    93:41:1f:51:06:8f:ca:04:b1:fb:ac:98:4f:93:d0:
                    6f:10:61:94:06:94:d2:85:d8:23:ec:c8:b5:e9:8b:
                    89:02:8f:8d:cd:ae:87:04:b7:4c:a9:51:5e:88:ba:
                    da:16:90:e3:79:80:75:bf:90:4f:12:cd:0d:2a:37:
                    5e:4a:c1:41:67:cc:4e:04:96:62:c7:28:c8:9a:4e:
                    a6:52:8f:8e:83:c2:6c:1d:dd:aa:5c:da:a1:c1:6d:
                    7d:ca:c3:99:91:22:d2:88:c4:b8:5f:3c:c2:2b:70:
                    68:37:3b:7e:8d:00:ec:5f:92:2a:60:6b:99:7a:f5:
                    3c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:22:FF:7D:90:98:E7:23:91:AC:BB:60:14:7F:25:4C:81:EA:B0:68
            X509v3 Authority Key Identifier:
                keyid:5E:D1:A4:AA:5F:D0:50:1B:3E:A6:D6:9F:43:3C:2F:16:42:11:60:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XtGkql_QUBs-ptafQzwvFkIRYIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/9c7703-8d14-4bc0-88a9-b9a86ac3e8be/1/XtGkql_QUBs-ptafQzwvFkIRYIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         9f:c8:23:04:c6:54:52:b3:06:cf:fc:4e:b1:3b:19:02:28:89:
         d1:e6:88:35:08:2d:12:ab:61:38:f1:16:a4:c0:d8:94:96:70:
         0e:12:3f:9c:91:42:58:be:83:6b:cb:0c:bc:82:71:9d:93:ce:
         80:c7:d5:eb:ed:d4:5f:69:5f:d9:cd:be:80:db:b0:ab:af:10:
         03:3a:0f:ff:16:f2:3a:3a:e1:e0:09:7b:44:f5:e1:1c:12:08:
         77:6b:67:70:bd:7c:af:55:16:c7:ec:23:78:6b:c7:7d:dd:17:
         30:0f:b8:f9:3e:29:50:a1:81:5c:ee:c9:cf:65:6c:dd:d2:0f:
         de:27:ae:d6:fc:41:03:2f:9f:f8:ee:9e:47:67:a3:b2:bf:2b:
         14:90:62:1f:59:41:aa:d3:d8:75:68:40:d3:38:3a:a7:c8:6a:
         53:6a:45:60:64:ae:b1:64:88:6e:85:f0:f8:db:7e:72:d0:3f:
         02:fc:8e:60:a1:d2:ce:94:b4:83:ab:70:a5:d2:50:00:d2:ec:
         a1:c7:02:4a:d6:fe:d1:18:fd:ab:7a:f6:54:4b:11:7b:f6:a9:
         ad:f6:e1:43:81:ff:6f:26:b4:d7:98:3e:25:27:94:a6:de:d7:
         e3:c3:c2:a5:0d:60:93:e1:85:00:cb:4d:23:01:8f:4f:54:5f:
         d3:2a:1e:25
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpPYhH3/JjkHLOSZIM9+8K8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZDFhNGFhNWZkMDUwMWIzZWE2ZDY5ZjQzM2MyZjE2NDIx
MTYwODkwHhcNMjUxMTA0MTUwMDE4WhcNMjUxMTA1MTUwMDE4WjAzMTEwLwYDVQQD
Eyg0NTIyZmY3ZDkwOThlNzIzOTFhY2JiNjAxNDdmMjU0YzgxZWFiMDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1W4P3jxlTbIly6ykjCDyvGspyGJh
Eeu9CXTo6w3MEGLxxWaa2CMACSlAvUg4BDbd99dHtSQXAMWaIEMrj96D2hGUmEry
/0TJu7kcwZn+ot+0Y412BEhooAaO3alLoEpvLBz2PgU1nirchyUvrdPTrKvcb5nL
78ZfYaEkhWLRSA2nLTHf8MaTQR9RBo/KBLH7rJhPk9BvEGGUBpTShdgj7Mi16YuJ
Ao+Nza6HBLdMqVFeiLraFpDjeYB1v5BPEs0NKjdeSsFBZ8xOBJZixyjImk6mUo+O
g8JsHd2qXNqhwW19ysOZkSLSiMS4XzzCK3BoNzt+jQDsX5IqYGuZevU8PQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEUi/32QmOcjkay7YBR/JUyB6rBoMB8GA1UdIwQY
MBaAFF7RpKpf0FAbPqbWn0M8LxZCEWCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHRHa3FsX1FVQnMtcHRhZlF6d3ZGa0lSWUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi85Yzc3MDMtOGQxNC00YmMwLTg4YTkt
YjlhODZhYzNlOGJlLzEvWHRHa3FsX1FVQnMtcHRhZlF6d3ZGa0lSWUlrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi85Yzc3MDMtOGQxNC00YmMwLTg4YTktYjlhODZhYzNlOGJl
LzEvWHRHa3FsX1FVQnMtcHRhZlF6d3ZGa0lSWUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAn8gjBMZU
UrMGz/xOsTsZAiiJ0eaINQgtEqthOPEWpMDYlJZwDhI/nJFCWL6Da8sMvIJxnZPO
gMfV6+3UX2lf2c2+gNuwq68QAzoP/xbyOjrh4Al7RPXhHBIId2tncL18r1UWx+wj
eGvHfd0XMA+4+T4pUKGBXO7Jz2Vs3dIP3ieu1vxBAy+f+O6eR2ejsr8rFJBiH1lB
qtPYdWhA0zg6p8hqU2pFYGSusWSIboXw+Nt+ctA/AvyOYKHSzpS0g6twpdJQANLs
occCStb+0Rj9q3r2VEsRe/aprfbhQ4H/bya015g+JSeUpt7X48PCpQ1gk+GFAMtN
IwGPT1Rf0yoeJQ==
-----END CERTIFICATE-----