Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          PqGUqHQi9GJEjAUjLZ+JZioVoKH5ua63g/yZFazrNHw=
Subject key identifier:   59:24:BB:70:3F:38:17:30:94:65:06:CF:DB:0A:98:3F:74:B8:BA:36
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       0197B88FF25611FDFB6FC3F4212DA1A7D393
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          15B2
Signing time:             Sat 28 Jun 2025 22:02:10 +0000
Manifest this update:     Sat 28 Jun 2025 22:02:10 +0000
Manifest next update:     Sun 29 Jun 2025 22:02:10 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: EH2lxjtH9PJ5RJqCdMczl/HJk+i1YIRcHoV9ElT9s84=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b8:8f:f2:56:11:fd:fb:6f:c3:f4:21:2d:a1:a7:d3:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Jun 28 22:02:10 2025 GMT
            Not After : Jun 29 22:02:10 2025 GMT
        Subject: CN=5924bb703f381730946506cfdb0a983f74b8ba36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:25:d6:e3:e2:f2:63:cc:df:df:6e:f8:a4:26:
                    77:ef:8f:ba:64:a3:54:71:eb:e8:5f:4c:ce:0a:c4:
                    2f:24:1f:e4:46:87:a2:49:da:c2:1a:c3:9d:21:2a:
                    3c:e5:f4:52:e5:2e:d7:56:33:1a:f2:c9:ea:63:fb:
                    a2:7a:90:12:58:ba:ab:a2:44:98:c5:1c:07:0a:60:
                    3d:fe:bc:f4:a6:8b:f1:89:50:0a:58:80:23:1e:bb:
                    57:00:07:2f:f0:cf:ae:b4:76:6b:6d:33:f1:90:01:
                    54:da:4e:d2:d0:30:f9:3b:4b:e5:fc:9a:8f:85:a9:
                    d3:6f:db:3b:d5:f9:9a:f2:44:7f:8f:3a:ce:24:f0:
                    0e:c0:53:53:af:11:32:98:d3:be:f0:a3:e2:1d:7b:
                    fc:db:5f:d3:6e:ae:61:08:8c:55:47:bf:7b:64:a3:
                    06:ea:75:11:ac:52:40:14:97:22:63:e4:3b:f2:1c:
                    61:27:f1:90:e7:bd:a6:0a:6e:2d:0d:7d:fb:9d:68:
                    da:60:96:35:72:1e:1d:56:84:8c:cf:38:27:0b:4a:
                    3e:c5:2a:9b:b4:e6:ab:71:aa:14:a3:79:bc:5d:72:
                    a1:30:2b:55:df:a2:46:c6:58:cb:03:51:bc:ad:0f:
                    3e:12:42:ea:3f:72:11:f0:cb:87:b4:b2:db:7f:2b:
                    f8:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:24:BB:70:3F:38:17:30:94:65:06:CF:DB:0A:98:3F:74:B8:BA:36
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         19:b7:7f:22:dc:aa:64:0a:99:29:c6:f3:44:2d:44:83:fc:27:
         be:3b:7b:c8:c8:9b:75:71:54:04:11:32:71:f0:85:ed:d2:84:
         28:1f:02:8d:f2:46:ca:9a:97:7f:22:3e:c9:40:aa:c9:95:92:
         bc:4f:63:15:63:31:4c:b5:17:bb:9f:f4:b8:22:82:88:8f:89:
         fb:54:d2:31:42:79:52:27:d6:3c:e9:b4:d7:e5:71:a4:27:57:
         c6:f4:2b:f8:10:af:31:a1:6b:4b:46:bd:04:23:46:19:a2:38:
         fe:3d:44:91:e0:e8:4b:f5:c5:5b:6f:26:2c:e0:b1:e6:e2:f2:
         83:f3:9e:fa:94:9b:df:83:c6:ea:3d:4a:ff:0f:ca:5b:d9:11:
         e1:32:0b:e7:4b:9c:8b:a4:62:58:ff:2f:44:d8:25:56:1d:a2:
         d7:26:73:93:d8:2c:f4:95:eb:20:f7:96:8f:24:a9:4d:1d:58:
         8d:f1:e9:32:94:8e:c5:98:0b:23:7d:47:2f:c0:00:a0:c4:11:
         42:d8:d4:37:62:c8:4f:08:6a:a9:24:1c:6d:c5:17:a8:61:f8:
         7d:47:d7:71:0f:2a:cb:cc:0a:88:8e:27:ce:fa:27:58:8f:a7:
         15:b3:9f:dc:59:a6:51:61:04:4f:4b:90:ce:6a:e7:a5:5a:a4:
         9e:a6:55:e3
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZe4j/JWEf37b8P0IS2hp9OTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjUwNjI4MjIwMjEwWhcNMjUwNjI5MjIwMjEwWjAzMTEwLwYDVQQD
Eyg1OTI0YmI3MDNmMzgxNzMwOTQ2NTA2Y2ZkYjBhOTgzZjc0YjhiYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCXW4+LyY8zf3274pCZ374+6ZKNU
cevoX0zOCsQvJB/kRoeiSdrCGsOdISo85fRS5S7XVjMa8snqY/uiepASWLqrokSY
xRwHCmA9/rz0povxiVAKWIAjHrtXAAcv8M+utHZrbTPxkAFU2k7S0DD5O0vl/JqP
hanTb9s71fma8kR/jzrOJPAOwFNTrxEymNO+8KPiHXv821/Tbq5hCIxVR797ZKMG
6nURrFJAFJciY+Q78hxhJ/GQ572mCm4tDX37nWjaYJY1ch4dVoSMzzgnC0o+xSqb
tOarcaoUo3m8XXKhMCtV36JGxljLA1G8rQ8+EkLqP3IR8MuHtLLbfyv4VwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFkku3A/OBcwlGUGz9sKmD90uLo2MB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAGbd/Ityq
ZAqZKcbzRC1Eg/wnvjt7yMibdXFUBBEycfCF7dKEKB8CjfJGypqXfyI+yUCqyZWS
vE9jFWMxTLUXu5/0uCKCiI+J+1TSMUJ5UifWPOm01+VxpCdXxvQr+BCvMaFrS0a9
BCNGGaI4/j1EkeDoS/XFW28mLOCx5uLyg/Oe+pSb34PG6j1K/w/KW9kR4TIL50uc
i6RiWP8vRNglVh2i1yZzk9gs9JXrIPeWjySpTR1YjfHpMpSOxZgLI31HL8AAoMQR
QtjUN2LITwhqqSQcbcUXqGH4fUfXcQ8qy8wKiI4nzvonWI+nFbOf3FmmUWEET0uQ
zmrnpVqknqZV4w==
-----END CERTIFICATE-----