Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
File:                     APkIwDKKjpc_pArFL8M359PE_tA.mft (raw, json)
Hash identifier:          uaud+KcTJhMDFVWp+vpoANJLppEHDHMVK6CEIyVaCFQ=
Subject key identifier:   C8:A3:63:56:2B:EC:80:BB:BE:58:5C:76:A2:03:EB:D5:E6:04:B6:2B
Authority key identifier: 00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0
Certificate issuer:       /CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
Certificate serial:       0198D65F46C663830290EF2CE3475C3E4E8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
Manifest number:          1646
Signing time:             Sat 23 Aug 2025 10:00:24 +0000
Manifest this update:     Sat 23 Aug 2025 10:00:24 +0000
Manifest next update:     Sun 24 Aug 2025 10:00:24 +0000
Files and hashes:         1: APkIwDKKjpc_pArFL8M359PE_tA.crl (hash: mcWPE1ipDqaVryXH9HMz8ZFkggj20c0e01cAmeXV4co=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d6:5f:46:c6:63:83:02:90:ef:2c:e3:47:5c:3e:4e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00f908c0328a8e973fa40ac52fc337e7d3c4fed0
        Validity
            Not Before: Aug 23 10:00:24 2025 GMT
            Not After : Aug 24 10:00:24 2025 GMT
        Subject: CN=c8a363562bec80bbbe585c76a203ebd5e604b62b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:77:c8:68:b8:0b:8d:23:73:d6:c8:5c:96:b3:
                    0c:f8:75:95:6f:80:3c:7e:76:4e:08:75:36:3c:6f:
                    51:99:f6:0e:3f:51:22:f4:8a:aa:de:fb:c8:8d:a9:
                    33:29:46:c0:6b:2b:a5:b6:be:a4:13:9c:48:66:1c:
                    84:48:48:d6:1a:46:c7:dc:a4:57:db:5b:89:61:a6:
                    92:2e:23:fb:f0:80:11:4f:57:46:af:33:6a:8a:59:
                    10:99:59:ea:75:c5:c2:d7:22:02:8d:f2:2d:fb:b7:
                    9a:0f:b2:65:91:8e:05:50:7a:8a:be:49:a9:ca:2e:
                    d9:9a:36:f0:29:98:a1:1d:f7:92:da:45:3b:9c:41:
                    ae:be:3f:66:90:35:5b:b6:7e:9c:6f:a8:e0:dc:4a:
                    ee:e4:94:8a:df:cd:b9:24:e0:4b:de:fd:13:96:9a:
                    80:d5:0b:a5:75:73:cc:3b:fc:9b:64:a7:51:65:fd:
                    fc:c8:c0:fc:23:ee:1c:d6:57:78:cf:4a:40:9a:57:
                    a1:18:66:56:11:7e:14:95:b7:54:c3:13:a8:90:18:
                    07:5e:5b:55:85:b6:c6:cb:1f:aa:33:57:ba:ef:45:
                    b7:be:39:75:40:fc:dc:de:92:60:6e:57:41:09:74:
                    7d:e4:9c:dd:c3:c7:e5:1e:38:e5:f7:c8:f9:70:2d:
                    9c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A3:63:56:2B:EC:80:BB:BE:58:5C:76:A2:03:EB:D5:E6:04:B6:2B
            X509v3 Authority Key Identifier:
                keyid:00:F9:08:C0:32:8A:8E:97:3F:A4:0A:C5:2F:C3:37:E7:D3:C4:FE:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/APkIwDKKjpc_pArFL8M359PE_tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/ea2c50-afca-40b1-9381-7decf1e47865/1/APkIwDKKjpc_pArFL8M359PE_tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         b0:35:12:5c:2e:b9:b0:3b:34:e9:fa:0d:af:9a:22:a6:8f:4f:
         95:11:bd:d4:03:51:ac:33:09:93:6a:fd:6a:48:5a:42:c2:4c:
         ab:1b:d4:73:0b:45:ad:d8:3c:f7:46:92:71:0e:f3:47:0c:0a:
         b0:29:95:3b:fd:bc:ee:54:91:09:de:cf:4d:05:72:7c:86:6e:
         d6:9f:8f:f3:86:a7:59:ad:7f:70:db:61:ca:f1:d3:83:af:52:
         14:0d:46:45:e8:df:a5:75:99:1f:7c:a7:4f:4b:49:87:76:12:
         1c:01:a3:44:ae:9d:a7:1c:2c:d1:9a:6f:8a:28:cd:32:7b:9f:
         2a:d0:8c:36:3f:72:56:b7:78:95:0d:6c:d8:5c:25:77:4a:c0:
         5a:ed:41:c3:75:d0:5d:a9:eb:84:66:5f:7f:12:e7:a2:bf:58:
         52:93:99:fb:37:69:9c:14:7f:e1:20:c4:36:5d:6f:ac:ae:23:
         b0:32:5a:1f:6d:07:2e:aa:da:f0:d5:f5:5b:2d:d9:38:ce:b7:
         62:34:a1:17:18:22:8b:70:a5:a3:c3:40:9c:a0:41:0d:e5:c6:
         fb:54:db:a6:0b:ad:46:16:71:c6:0d:77:ed:14:59:b3:dc:3c:
         bd:bd:8e:1b:8f:b2:75:00:63:9f:2a:5d:6a:01:87:3a:e7:24:
         60:35:99:97
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZjWX0bGY4MCkO8s40dcPk6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZjkwOGMwMzI4YThlOTczZmE0MGFjNTJmYzMzN2U3ZDNj
NGZlZDAwHhcNMjUwODIzMTAwMDI0WhcNMjUwODI0MTAwMDI0WjAzMTEwLwYDVQQD
EyhjOGEzNjM1NjJiZWM4MGJiYmU1ODVjNzZhMjAzZWJkNWU2MDRiNjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinfIaLgLjSNz1shclrMM+HWVb4A8
fnZOCHU2PG9RmfYOP1Ei9Iqq3vvIjakzKUbAayultr6kE5xIZhyESEjWGkbH3KRX
21uJYaaSLiP78IART1dGrzNqilkQmVnqdcXC1yICjfIt+7eaD7JlkY4FUHqKvkmp
yi7ZmjbwKZihHfeS2kU7nEGuvj9mkDVbtn6cb6jg3Eru5JSK3825JOBL3v0TlpqA
1QuldXPMO/ybZKdRZf38yMD8I+4c1ld4z0pAmlehGGZWEX4UlbdUwxOokBgHXltV
hbbGyx+qM1e670W3vjl1QPzc3pJgbldBCXR95Jzdw8flHjjl98j5cC2c+wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMijY1Yr7IC7vlhcdqID69XmBLYrMB8GA1UdIwQY
MBaAFAD5CMAyio6XP6QKxS/DN+fTxP7QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEt
N2RlY2YxZTQ3ODY1LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYTJjNTAtYWZjYS00MGIxLTkzODEtN2RlY2YxZTQ3ODY1
LzEvQVBrSXdES0tqcGNfcEFyRkw4TTM1OVBFX3RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAsDUSXC65
sDs06foNr5oipo9PlRG91ANRrDMJk2r9akhaQsJMqxvUcwtFrdg890aScQ7zRwwK
sCmVO/287lSRCd7PTQVyfIZu1p+P84anWa1/cNthyvHTg69SFA1GRejfpXWZH3yn
T0tJh3YSHAGjRK6dpxws0ZpviijNMnufKtCMNj9yVrd4lQ1s2Fwld0rAWu1Bw3XQ
XanrhGZffxLnor9YUpOZ+zdpnBR/4SDENl1vrK4jsDJaH20HLqra8NX1Wy3ZOM63
YjShFxgii3Clo8NAnKBBDeXG+1TbpgutRhZxxg137RRZs9w8vb2OG4+ydQBjnypd
agGHOuckYDWZlw==
-----END CERTIFICATE-----