Manifest

$ rpki-client -vvf rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
File:                     B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft (raw, json)
Hash identifier:          tIgim0RICnZ1T7zMjt6ER77w39wnMLBP0mowOnwT2v0=
Subject key identifier:   C1:31:30:07:3D:7B:D3:59:68:5A:B1:02:06:87:B5:37:B7:07:D8:12
Authority key identifier: B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4
Certificate issuer:       /CN=b60561dffbfde255fec14d4d9f0e13f4375352e4
Certificate serial:       4B408343147D57B4950CCEAFA035BFBEFF1DE2F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer
Subject info access:      rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
Manifest number:          FE
Signing time:             Sun 29 Jun 2025 15:47:09 +0000
Manifest this update:     Sun 29 Jun 2025 15:42:09 +0000
Manifest next update:     Mon 30 Jun 2025 16:58:09 +0000
Files and hashes:         1: 323030313a3637633a6438303a3a2f34382d3438203d3e20343031353531.roa (hash: mqadfIJnOHBwBW3bzOjsszkG4yNmowPDrD6AKDG5B1Q=)
                          2: B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl (hash: W+oUd0Fio0GLvcEE/tCbcrGUjG74NeFGrWtYYUB9Tug=)
Validation:               OK
Signature path:           rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl
                          rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 16:58:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:40:83:43:14:7d:57:b4:95:0c:ce:af:a0:35:bf:be:ff:1d:e2:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b60561dffbfde255fec14d4d9f0e13f4375352e4
        Validity
            Not Before: Jun 29 15:42:09 2025 GMT
            Not After : Jun 30 16:58:09 2025 GMT
        Subject: CN=C13130073D7BD359685AB1020687B537B707D812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f8:cc:d6:d5:9e:a8:dd:dc:80:71:66:da:a9:
                    ba:97:c1:20:8e:bf:85:1c:51:f7:36:9e:a9:b0:d9:
                    d2:98:25:45:a7:be:93:e6:1c:62:f2:7c:ae:c9:a9:
                    67:5c:e3:6d:ee:30:18:ed:d6:92:5f:c0:c1:34:a9:
                    47:81:5b:7d:c3:a6:b8:22:88:c3:80:af:2b:d5:a5:
                    d8:3c:eb:07:53:1d:e5:00:26:f9:38:95:02:d9:f7:
                    8c:05:c2:74:3b:40:9d:fa:48:e2:5b:35:4d:c6:39:
                    e3:8b:65:0e:b0:27:57:34:da:a1:f6:c1:7c:88:3f:
                    db:bc:7b:4f:9c:18:dd:77:10:da:0f:57:d2:51:71:
                    ee:87:7d:f3:01:00:84:53:d2:31:48:45:83:4e:5e:
                    bc:3d:4c:f9:f1:12:7f:13:a1:89:e5:35:52:3a:20:
                    e2:58:72:5a:37:ec:27:03:4b:a7:d2:a4:20:c6:1c:
                    c6:8a:67:11:b9:8d:80:30:0e:9a:c7:f1:7f:a2:b7:
                    b0:28:9c:4b:a2:46:03:03:03:e0:88:f9:5e:c3:2f:
                    e7:11:fa:6a:ed:f1:b7:ea:65:55:c9:1d:51:97:21:
                    69:7e:37:2e:ac:9f:61:80:84:32:a7:76:2b:32:6d:
                    58:d5:99:51:85:fe:7d:41:d1:54:bb:a3:97:e1:a5:
                    dc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:31:30:07:3D:7B:D3:59:68:5A:B1:02:06:87:B5:37:B7:07:D8:12
            X509v3 Authority Key Identifier:
                keyid:B6:05:61:DF:FB:FD:E2:55:FE:C1:4D:4D:9F:0E:13:F4:37:53:52:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tgVh3_v94lX-wU1Nnw4T9DdTUuQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.nellicus.net/repo/nellicus/0/B60561DFFBFDE255FEC14D4D9F0E13F4375352E4.mft

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         66:ba:ca:05:e3:d0:10:fa:63:90:37:e4:5d:b0:18:00:b1:6e:
         48:a3:f2:11:2d:92:d3:82:62:a3:40:3a:c5:76:05:ce:16:8b:
         b3:9f:e4:e7:15:2c:f1:92:52:23:b4:b9:d2:50:c0:6e:f1:56:
         27:da:83:da:d1:ed:19:6e:23:f4:b9:39:10:b9:9f:cd:6a:a5:
         24:6f:ea:e3:9b:94:57:92:d4:d3:9d:32:a6:b3:1f:91:c4:e7:
         e5:50:ca:76:63:6c:b1:01:a8:84:d6:f9:af:1c:80:ad:25:5b:
         e2:4f:28:ef:c3:ec:78:63:ae:07:19:d2:d4:41:c5:1a:ec:6b:
         cf:c1:d6:55:ef:f7:25:5f:c4:52:db:19:ab:f2:bd:ac:6e:dc:
         34:3d:c3:9e:67:a4:85:24:a3:e7:bb:34:61:db:17:ef:30:03:
         b7:64:1f:ae:d3:a4:08:b7:a5:53:d1:ec:a3:3b:57:c3:b9:f1:
         e8:51:6c:59:31:ab:50:d5:ae:88:9e:31:6b:03:e7:f0:b2:4b:
         8a:3e:7d:43:9d:df:f6:e2:b7:ce:30:7d:7c:df:bd:6e:dd:5f:
         c3:68:fd:c5:22:51:da:cb:7f:58:44:01:da:35:e7:8d:3b:7a:
         6e:92:3a:69:72:24:5d:12:b2:c8:42:bc:05:ef:73:c3:8c:19:
         86:78:cd:98
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIUS0CDQxR9V7SVDM6voDW/vv8d4vYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjYwNTYxZGZmYmZkZTI1NWZlYzE0ZDRkOWYwZTEzZjQz
NzUzNTJlNDAeFw0yNTA2MjkxNTQyMDlaFw0yNTA2MzAxNjU4MDlaMDMxMTAvBgNV
BAMTKEMxMzEzMDA3M0Q3QkQzNTk2ODVBQjEwMjA2ODdCNTM3QjcwN0Q4MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc+MzW1Z6o3dyAcWbaqbqXwSCO
v4UcUfc2nqmw2dKYJUWnvpPmHGLyfK7JqWdc423uMBjt1pJfwME0qUeBW33Dprgi
iMOAryvVpdg86wdTHeUAJvk4lQLZ94wFwnQ7QJ36SOJbNU3GOeOLZQ6wJ1c02qH2
wXyIP9u8e0+cGN13ENoPV9JRce6HffMBAIRT0jFIRYNOXrw9TPnxEn8ToYnlNVI6
IOJYclo37CcDS6fSpCDGHMaKZxG5jYAwDprH8X+it7AonEuiRgMDA+CI+V7DL+cR
+mrt8bfqZVXJHVGXIWl+Ny6sn2GAhDKndisybVjVmVGF/n1B0VS7o5fhpdyhAgMB
AAGjggHrMIIB5zAdBgNVHQ4EFgQUwTEwBz1701loWrECBoe1N7cH2BIwHwYDVR0j
BBgwFoAUtgVh3/v94lX+wU1Nnw4T9DdTUuQwDgYDVR0PAQH/BAQDAgeAMGcGA1Ud
HwRgMF4wXKBaoFiGVnJzeW5jOi8vcnBraS5uZWxsaWN1cy5uZXQvcmVwby9uZWxs
aWN1cy8wL0I2MDU2MURGRkJGREUyNTVGRUMxNEQ0RDlGMEUxM0Y0Mzc1MzUyRTQu
Y3JsMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJp
cGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC90Z1ZoM192OTRsWC13VTFObnc0VDlE
ZFRVdVEuY2VyMHIGCCsGAQUFBwELBGYwZDBiBggrBgEFBQcwC4ZWcnN5bmM6Ly9y
cGtpLm5lbGxpY3VzLm5ldC9yZXBvL25lbGxpY3VzLzAvQjYwNTYxREZGQkZERTI1
NUZFQzE0RDREOUYwRTEzRjQzNzUzNTJFNC5tZnQwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMBUGCCsG
AQUFBwEIAQH/BAYwBKACBQAwDQYJKoZIhvcNAQELBQADggEBAGa6ygXj0BD6Y5A3
5F2wGACxbkij8hEtktOCYqNAOsV2Bc4Wi7Of5OcVLPGSUiO0udJQwG7xVifag9rR
7RluI/S5ORC5n81qpSRv6uOblFeS1NOdMqazH5HE5+VQynZjbLEBqITW+a8cgK0l
W+JPKO/D7HhjrgcZ0tRBxRrsa8/B1lXv9yVfxFLbGavyvaxu3DQ9w55npIUko+e7
NGHbF+8wA7dkH67TpAi3pVPR7KM7V8O58ehRbFkxq1DVroieMWsD5/CyS4o+fUOd
3/bit84wfXzfvW7dX8No/cUiUdrLf1hEAdo15407em6SOmlyJF0SsshCvAXvc8OM
GYZ4zZg=
-----END CERTIFICATE-----