Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/1d457b-40bd-448f-a915-20c8ab92696f/1/U4sGLLVCbwDmU3Pu9OTNihwn9o4.mft
File:                     U4sGLLVCbwDmU3Pu9OTNihwn9o4.mft (raw, json)
Hash identifier:          OW6sp+v74KRcqIBzvOM1QYArzLPQm0lfJpraPrpWbvA=
Subject key identifier:   D3:11:30:AA:AA:A4:97:4F:79:96:4C:05:1F:F4:40:21:4F:43:99:5C
Authority key identifier: 53:8B:06:2C:B5:42:6F:00:E6:53:73:EE:F4:E4:CD:8A:1C:27:F6:8E
Certificate issuer:       /CN=538b062cb5426f00e65373eef4e4cd8a1c27f68e
Certificate serial:       019A52D1FAB60E944C6B416B749E386DD872
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U4sGLLVCbwDmU3Pu9OTNihwn9o4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/1d457b-40bd-448f-a915-20c8ab92696f/1/U4sGLLVCbwDmU3Pu9OTNihwn9o4.mft
Manifest number:          170C
Signing time:             Wed 05 Nov 2025 07:01:24 +0000
Manifest this update:     Wed 05 Nov 2025 07:01:24 +0000
Manifest next update:     Thu 06 Nov 2025 07:01:24 +0000
Files and hashes:         1: U4sGLLVCbwDmU3Pu9OTNihwn9o4.crl (hash: QLeg7hm6PrDGNVavZvj6tmKXvOMK+g5vNgZcuk+pczI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/1d457b-40bd-448f-a915-20c8ab92696f/1/U4sGLLVCbwDmU3Pu9OTNihwn9o4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/1d457b-40bd-448f-a915-20c8ab92696f/1/U4sGLLVCbwDmU3Pu9OTNihwn9o4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U4sGLLVCbwDmU3Pu9OTNihwn9o4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:52:d1:fa:b6:0e:94:4c:6b:41:6b:74:9e:38:6d:d8:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=538b062cb5426f00e65373eef4e4cd8a1c27f68e
        Validity
            Not Before: Nov  5 07:01:24 2025 GMT
            Not After : Nov  6 07:01:24 2025 GMT
        Subject: CN=d31130aaaaa4974f79964c051ff440214f43995c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5e:e9:b7:9c:12:c2:58:c2:f9:29:da:2b:c9:
                    3a:e8:db:e3:1e:08:f1:63:be:19:29:8d:ed:be:d5:
                    f4:a3:68:6f:33:27:f1:c3:fb:20:fb:44:a5:b3:1c:
                    85:65:d9:d0:5b:c4:ec:c1:b4:c8:a8:06:54:bd:9a:
                    3e:53:4b:4f:f8:5c:25:42:c7:b6:dc:04:7a:ff:0c:
                    89:3a:12:8f:0d:db:1b:f3:ef:e4:09:3d:aa:5d:08:
                    b5:25:ac:ac:bd:f7:92:f5:c4:2e:2e:64:57:f3:cc:
                    91:84:10:4e:45:69:06:14:a2:f3:b3:0d:6b:c8:e5:
                    a1:7a:42:a3:c5:39:64:61:8d:27:ea:ce:a6:3e:0c:
                    b5:e5:a3:d9:67:7a:2f:f1:6a:75:84:1b:3e:ad:38:
                    d2:4a:d3:3f:70:49:a0:9d:3a:60:6e:fa:ac:ad:38:
                    f3:bd:3c:ad:ef:f4:32:d9:7d:11:a0:3d:e5:28:87:
                    8c:93:ad:56:75:87:ea:54:5b:2e:37:a6:29:35:b5:
                    02:95:c9:02:f1:b7:7a:0f:30:5f:e4:d0:a8:13:98:
                    40:00:20:47:2b:19:7d:cf:3f:91:35:32:7c:67:06:
                    21:4c:90:dd:fa:c9:d4:be:77:6a:e3:3e:2d:b0:fd:
                    de:cc:9e:3d:3a:b3:b8:ee:98:4f:e0:6b:09:a0:bd:
                    4d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:11:30:AA:AA:A4:97:4F:79:96:4C:05:1F:F4:40:21:4F:43:99:5C
            X509v3 Authority Key Identifier:
                keyid:53:8B:06:2C:B5:42:6F:00:E6:53:73:EE:F4:E4:CD:8A:1C:27:F6:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U4sGLLVCbwDmU3Pu9OTNihwn9o4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/1d457b-40bd-448f-a915-20c8ab92696f/1/U4sGLLVCbwDmU3Pu9OTNihwn9o4.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/1d457b-40bd-448f-a915-20c8ab92696f/1/U4sGLLVCbwDmU3Pu9OTNihwn9o4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         32:68:53:7b:58:49:db:5a:b7:30:61:0e:1a:7e:91:c2:f1:ce:
         c5:17:18:62:a2:32:c2:2d:be:b1:38:b8:3c:c6:46:fb:49:08:
         13:89:04:fe:00:d2:5f:17:4e:66:25:d5:25:9b:44:7f:94:8b:
         c8:30:c4:4a:b7:ae:95:76:a2:d8:1d:75:30:aa:b0:b5:5e:6b:
         23:85:49:b4:84:ec:b2:34:d4:83:98:5a:21:cd:a4:27:c2:62:
         7a:5a:1f:93:f3:77:ce:9e:88:cd:e3:76:8a:32:ec:39:1e:d6:
         b6:9c:51:6a:df:38:e2:83:60:5a:13:4a:fe:da:5f:52:0e:7c:
         f5:f5:7f:b0:97:9d:2d:1a:41:10:cd:33:c3:b4:16:ef:f7:39:
         79:67:73:81:d9:d8:66:49:c5:59:bf:28:23:84:93:f9:69:39:
         0a:23:0f:77:d6:80:e0:46:78:6b:9d:a3:25:cf:e8:ed:96:e9:
         0a:ca:bd:56:a9:1d:73:3e:ac:15:bd:42:dc:c4:63:50:c2:3f:
         a7:55:ff:e7:52:03:c2:a1:d3:f7:4d:0a:9f:5e:2e:38:8e:69:
         ed:dd:0c:20:9f:fc:9b:dc:c0:94:91:59:76:59:74:73:44:4a:
         d1:c9:27:71:8c:cc:03:a4:47:aa:bf:a1:68:57:7f:80:3e:1c:
         8e:1a:73:10
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZpS0fq2DpRMa0FrdJ44bdhyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzOGIwNjJjYjU0MjZmMDBlNjUzNzNlZWY0ZTRjZDhhMWMy
N2Y2OGUwHhcNMjUxMTA1MDcwMTI0WhcNMjUxMTA2MDcwMTI0WjAzMTEwLwYDVQQD
EyhkMzExMzBhYWFhYTQ5NzRmNzk5NjRjMDUxZmY0NDAyMTRmNDM5OTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF7pt5wSwljC+SnaK8k66NvjHgjx
Y74ZKY3tvtX0o2hvMyfxw/sg+0SlsxyFZdnQW8TswbTIqAZUvZo+U0tP+FwlQse2
3AR6/wyJOhKPDdsb8+/kCT2qXQi1JaysvfeS9cQuLmRX88yRhBBORWkGFKLzsw1r
yOWhekKjxTlkYY0n6s6mPgy15aPZZ3ov8Wp1hBs+rTjSStM/cEmgnTpgbvqsrTjz
vTyt7/Qy2X0RoD3lKIeMk61WdYfqVFsuN6YpNbUClckC8bd6DzBf5NCoE5hAACBH
Kxl9zz+RNTJ8ZwYhTJDd+snUvndq4z4tsP3ezJ49OrO47phP4GsJoL1N5wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFNMRMKqqpJdPeZZMBR/0QCFPQ5lcMB8GA1UdIwQY
MBaAFFOLBiy1Qm8A5lNz7vTkzYocJ/aOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTRzR0xMVkNid0RtVTNQdTlPVE5paHduOW80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8xZDQ1N2ItNDBiZC00NDhmLWE5MTUt
MjBjOGFiOTI2OTZmLzEvVTRzR0xMVkNid0RtVTNQdTlPVE5paHduOW80Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8xZDQ1N2ItNDBiZC00NDhmLWE5MTUtMjBjOGFiOTI2OTZm
LzEvVTRzR0xMVkNid0RtVTNQdTlPVE5paHduOW80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAMmhTe1hJ
21q3MGEOGn6RwvHOxRcYYqIywi2+sTi4PMZG+0kIE4kE/gDSXxdOZiXVJZtEf5SL
yDDESreulXai2B11MKqwtV5rI4VJtITssjTUg5haIc2kJ8Jielofk/N3zp6IzeN2
ijLsOR7WtpxRat844oNgWhNK/tpfUg589fV/sJedLRpBEM0zw7QW7/c5eWdzgdnY
ZknFWb8oI4ST+Wk5CiMPd9aA4EZ4a52jJc/o7ZbpCsq9Vqkdcz6sFb1C3MRjUMI/
p1X/51IDwqHT900Kn14uOI5p7d0MIJ/8m9zAlJFZdll0c0RK0ckncYzMA6RHqr+h
aFd/gD4cjhpzEA==
-----END CERTIFICATE-----