Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          91Clvh78rBQJRcCUMSvWvCGP+bNHic+y9pXPyOJYiiw=
Subject key identifier:   62:A2:42:55:2E:03:48:9A:18:4B:83:9D:00:B5:38:C3:6F:1D:80:8B
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       0196BF6E821D7FA3B028C6F0FA7ED160F4F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          1531
Signing time:             Sun 11 May 2025 13:00:12 +0000
Manifest this update:     Sun 11 May 2025 13:00:12 +0000
Manifest next update:     Mon 12 May 2025 13:00:12 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: MvzJ64VlY2ZB9d2xnA/+R1C2ldsQUxJ/z6DsSrGF5y8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:bf:6e:82:1d:7f:a3:b0:28:c6:f0:fa:7e:d1:60:f4:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: May 11 13:00:12 2025 GMT
            Not After : May 12 13:00:12 2025 GMT
        Subject: CN=62a242552e03489a184b839d00b538c36f1d808b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:51:ff:7d:ed:d5:14:b9:62:9a:b2:c3:cf:86:
                    ab:05:6e:f3:59:0b:c4:15:fb:81:51:14:36:ad:70:
                    9c:10:8d:91:8d:53:58:66:63:b4:92:b3:9b:14:4b:
                    95:50:b9:27:6d:9f:2e:e0:98:be:0b:9a:8d:0f:70:
                    8f:51:58:c8:7e:c6:39:cd:ab:c5:88:1e:eb:0d:f0:
                    87:88:89:d1:46:e2:52:a0:f2:c4:8e:ed:ef:79:a2:
                    d7:a5:cc:60:a7:af:d1:e6:b8:c3:4c:7f:02:5a:ef:
                    df:28:ea:01:bc:c6:b0:40:f3:31:a1:d0:e5:8b:e0:
                    0b:83:ce:89:59:09:8c:d7:de:47:44:3d:9e:31:85:
                    8f:61:42:16:7a:7a:4a:e7:0c:29:8a:9f:45:c2:8c:
                    2f:f4:1f:7a:9b:48:41:80:25:fe:80:5f:97:27:f7:
                    6c:a8:6e:58:52:29:04:d5:46:2c:11:60:10:6e:f5:
                    08:2e:74:6f:11:86:66:c9:10:8b:41:61:a0:e1:02:
                    9d:7a:4e:0a:c0:63:a1:21:c6:2c:9c:19:00:6e:1f:
                    5a:4b:b2:f8:8a:09:a7:c1:f9:5e:ae:41:53:fb:74:
                    28:98:f8:57:11:0f:78:df:1d:dd:24:fd:be:fb:78:
                    33:7a:6c:2e:7f:10:ad:02:0f:27:e8:f3:c2:29:55:
                    12:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A2:42:55:2E:03:48:9A:18:4B:83:9D:00:B5:38:C3:6F:1D:80:8B
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         07:a5:16:a0:62:d1:8a:b7:29:76:cb:03:70:21:26:64:16:13:
         50:81:bf:b5:9e:24:14:35:5a:aa:ed:c4:b5:c4:3d:7a:3a:f5:
         08:df:f1:55:52:98:82:1b:46:d8:9f:89:16:c7:61:19:94:92:
         15:b9:05:ac:3e:27:40:ff:33:bf:31:cb:4c:9d:cb:d8:db:b9:
         d9:74:2e:6d:fc:ef:93:be:74:23:20:53:5c:49:d5:6e:87:5a:
         31:54:4d:e4:99:bd:b0:9a:4a:8b:20:62:1e:6a:53:cd:81:74:
         04:88:45:ca:bb:10:53:0b:5c:dc:b5:52:59:00:a0:5c:1f:c5:
         41:a3:31:c9:2c:1f:c5:76:b6:f6:79:a5:99:ce:ac:c1:7f:aa:
         1a:9b:11:df:4b:ed:1f:79:27:43:0f:5c:d9:9a:4a:f2:3f:3b:
         a2:46:89:25:88:eb:ed:89:01:e2:11:8e:d5:c6:a6:ad:0c:4a:
         b7:54:34:fb:13:0f:58:b0:90:63:fd:7d:63:aa:ad:2e:0a:8a:
         7f:ba:7c:0e:4c:f4:e3:eb:22:03:0e:ab:6e:d1:66:97:dc:f8:
         13:1b:6e:e1:8d:af:66:11:88:ff:ab:0e:e8:bd:52:fb:5f:a4:
         71:59:4a:c1:b3:e2:ea:f6:8e:4e:e8:18:4e:c8:80:4f:8e:0f:
         45:88:7c:df
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZa/boIdf6OwKMbw+n7RYPT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjUwNTExMTMwMDEyWhcNMjUwNTEyMTMwMDEyWjAzMTEwLwYDVQQD
Eyg2MmEyNDI1NTJlMDM0ODlhMTg0YjgzOWQwMGI1MzhjMzZmMWQ4MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVH/fe3VFLlimrLDz4arBW7zWQvE
FfuBURQ2rXCcEI2RjVNYZmO0krObFEuVULknbZ8u4Ji+C5qND3CPUVjIfsY5zavF
iB7rDfCHiInRRuJSoPLEju3veaLXpcxgp6/R5rjDTH8CWu/fKOoBvMawQPMxodDl
i+ALg86JWQmM195HRD2eMYWPYUIWenpK5wwpip9Fwowv9B96m0hBgCX+gF+XJ/ds
qG5YUikE1UYsEWAQbvUILnRvEYZmyRCLQWGg4QKdek4KwGOhIcYsnBkAbh9aS7L4
igmnwflerkFT+3QomPhXEQ943x3dJP2++3gzemwufxCtAg8n6PPCKVUSYQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFGKiQlUuA0iaGEuDnQC1OMNvHYCLMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAB6UWoGLR
ircpdssDcCEmZBYTUIG/tZ4kFDVaqu3EtcQ9ejr1CN/xVVKYghtG2J+JFsdhGZSS
FbkFrD4nQP8zvzHLTJ3L2Nu52XQubfzvk750IyBTXEnVbodaMVRN5Jm9sJpKiyBi
HmpTzYF0BIhFyrsQUwtc3LVSWQCgXB/FQaMxySwfxXa29nmlmc6swX+qGpsR30vt
H3knQw9c2ZpK8j87okaJJYjr7YkB4hGO1camrQxKt1Q0+xMPWLCQY/19Y6qtLgqK
f7p8Dkz04+siAw6rbtFml9z4Extu4Y2vZhGI/6sO6L1S+1+kcVlKwbPi6vaOTugY
TsiAT44PRYh83w==
-----END CERTIFICATE-----