Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/3ba011-dbef-4577-9e00-588019a6b5cb/1/QL_eNYm0RMN59zNggxsd2OovhwM.mft
File:                     QL_eNYm0RMN59zNggxsd2OovhwM.mft (raw, json)
Hash identifier:          SSK/PR2Eo5/QJLbypL0muSDf02Vq6GR9K81//4J741s=
Subject key identifier:   35:83:C2:D5:B3:BE:F0:45:90:B6:67:59:9C:7C:26:70:88:21:AF:EB
Authority key identifier: 40:BF:DE:35:89:B4:44:C3:79:F7:33:60:83:1B:1D:D8:EA:2F:87:03
Certificate issuer:       /CN=40bfde3589b444c379f73360831b1dd8ea2f8703
Certificate serial:       0199FB45B5C761C6D57AFF645883E7DD7667
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QL_eNYm0RMN59zNggxsd2OovhwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/3ba011-dbef-4577-9e00-588019a6b5cb/1/QL_eNYm0RMN59zNggxsd2OovhwM.mft
Manifest number:          08F1
Signing time:             Sun 19 Oct 2025 07:01:13 +0000
Manifest this update:     Sun 19 Oct 2025 07:01:13 +0000
Manifest next update:     Mon 20 Oct 2025 07:01:13 +0000
Files and hashes:         1: QL_eNYm0RMN59zNggxsd2OovhwM.crl (hash: gDPG8kvJjYgkroPF1gMdW+IB4KIPZ4dixtvGRKVp3O8=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/3ba011-dbef-4577-9e00-588019a6b5cb/1/QL_eNYm0RMN59zNggxsd2OovhwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/3ba011-dbef-4577-9e00-588019a6b5cb/1/QL_eNYm0RMN59zNggxsd2OovhwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QL_eNYm0RMN59zNggxsd2OovhwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fb:45:b5:c7:61:c6:d5:7a:ff:64:58:83:e7:dd:76:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40bfde3589b444c379f73360831b1dd8ea2f8703
        Validity
            Not Before: Oct 19 07:01:13 2025 GMT
            Not After : Oct 20 07:01:13 2025 GMT
        Subject: CN=3583c2d5b3bef04590b667599c7c26708821afeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c4:60:f5:53:e7:13:16:37:3d:4f:d7:a7:7a:
                    6c:32:2f:08:6a:2f:1b:6c:91:ff:92:60:c2:4f:cf:
                    d0:c5:b2:6c:2e:e1:73:dc:f9:6d:90:16:03:d0:a6:
                    88:21:b2:6d:6d:08:eb:11:fb:da:35:58:c9:30:42:
                    23:61:a0:3c:0a:ce:da:8b:65:47:34:70:0f:d0:14:
                    a6:d9:29:c2:e4:54:99:e4:7b:c2:32:67:08:bb:59:
                    ae:a2:dc:b6:85:4d:7d:de:b1:7e:69:72:97:de:c3:
                    bd:56:73:46:bb:37:75:5f:3d:84:f5:a1:89:b3:9f:
                    17:dc:3b:95:37:31:56:4d:b8:1e:d2:00:a3:df:da:
                    04:fe:fc:c8:4f:18:38:20:b9:e9:de:6d:98:d8:7b:
                    b1:79:1e:3c:ce:74:42:60:05:0e:cb:ab:55:b3:66:
                    c9:ba:36:3f:b3:47:d0:d7:e8:7a:32:41:85:b9:59:
                    69:92:a4:89:20:b8:a1:dd:db:24:7c:c5:3e:c7:55:
                    ae:53:c4:ee:62:b5:3f:42:96:45:cb:98:1b:37:84:
                    f7:84:a0:33:f0:9e:dc:da:92:e2:50:cd:0f:20:9b:
                    48:37:ed:0e:77:88:4b:98:2a:38:b8:05:14:ae:17:
                    b0:f1:ec:b0:f0:ed:37:9b:6a:ad:52:2c:8f:49:18:
                    53:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:83:C2:D5:B3:BE:F0:45:90:B6:67:59:9C:7C:26:70:88:21:AF:EB
            X509v3 Authority Key Identifier:
                keyid:40:BF:DE:35:89:B4:44:C3:79:F7:33:60:83:1B:1D:D8:EA:2F:87:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QL_eNYm0RMN59zNggxsd2OovhwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ba011-dbef-4577-9e00-588019a6b5cb/1/QL_eNYm0RMN59zNggxsd2OovhwM.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/3ba011-dbef-4577-9e00-588019a6b5cb/1/QL_eNYm0RMN59zNggxsd2OovhwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         4b:74:23:30:89:04:b2:79:b8:f1:10:75:1e:12:66:f8:15:03:
         66:77:00:ea:7d:12:b7:8a:c0:80:36:5a:c7:16:36:76:d8:0e:
         83:2f:aa:bd:04:09:4e:6d:54:b1:59:7b:fb:ca:e3:70:93:b5:
         f8:64:84:23:c8:95:60:2d:cf:03:2b:6a:5a:96:d9:a8:b0:0a:
         69:91:78:86:58:4c:a0:f5:40:ac:59:bf:4e:10:56:83:3f:d2:
         ed:bf:0c:65:0f:64:52:f2:92:0d:b0:72:0c:aa:b8:f5:f9:87:
         84:0e:9a:34:54:d0:38:ba:69:b1:ee:8c:c1:32:b4:9f:01:24:
         2c:78:4c:49:b7:ff:34:d2:28:07:1d:61:dc:73:e6:d8:67:ed:
         89:a1:ae:34:d1:f9:9d:11:64:8e:7c:c8:36:40:2c:a4:b1:49:
         06:a7:0f:35:da:03:08:a8:dc:07:31:aa:e3:0a:e9:98:df:03:
         d2:44:53:47:d5:43:fe:12:90:b8:ba:5a:09:bd:2b:7a:7d:7f:
         a8:db:d5:7f:2d:e1:de:c2:90:7b:29:93:c5:1b:5d:34:49:95:
         ca:cd:33:e5:be:97:ea:5f:de:fc:99:fe:7c:ee:da:66:d7:fa:
         53:a2:d2:7c:91:43:fe:d9:b5:52:b9:ef:c6:da:70:3d:3c:99:
         f3:2e:7a:29
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn7RbXHYcbVev9kWIPn3XZnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwYmZkZTM1ODliNDQ0YzM3OWY3MzM2MDgzMWIxZGQ4ZWEy
Zjg3MDMwHhcNMjUxMDE5MDcwMTEzWhcNMjUxMDIwMDcwMTEzWjAzMTEwLwYDVQQD
EygzNTgzYzJkNWIzYmVmMDQ1OTBiNjY3NTk5YzdjMjY3MDg4MjFhZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocRg9VPnExY3PU/Xp3psMi8Iai8b
bJH/kmDCT8/QxbJsLuFz3PltkBYD0KaIIbJtbQjrEfvaNVjJMEIjYaA8Cs7ai2VH
NHAP0BSm2SnC5FSZ5HvCMmcIu1muoty2hU193rF+aXKX3sO9VnNGuzd1Xz2E9aGJ
s58X3DuVNzFWTbge0gCj39oE/vzITxg4ILnp3m2Y2HuxeR48znRCYAUOy6tVs2bJ
ujY/s0fQ1+h6MkGFuVlpkqSJILih3dskfMU+x1WuU8TuYrU/QpZFy5gbN4T3hKAz
8J7c2pLiUM0PIJtIN+0Od4hLmCo4uAUUrhew8eyw8O03m2qtUiyPSRhTuQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDWDwtWzvvBFkLZnWZx8JnCIIa/rMB8GA1UdIwQY
MBaAFEC/3jWJtETDefczYIMbHdjqL4cDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUxfZU5ZbTBSTU41OXpOZ2d4c2QyT292aHdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8zYmEwMTEtZGJlZi00NTc3LTllMDAt
NTg4MDE5YTZiNWNiLzEvUUxfZU5ZbTBSTU41OXpOZ2d4c2QyT292aHdNLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8zYmEwMTEtZGJlZi00NTc3LTllMDAtNTg4MDE5YTZiNWNi
LzEvUUxfZU5ZbTBSTU41OXpOZ2d4c2QyT292aHdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAS3QjMIkE
snm48RB1HhJm+BUDZncA6n0St4rAgDZaxxY2dtgOgy+qvQQJTm1UsVl7+8rjcJO1
+GSEI8iVYC3PAytqWpbZqLAKaZF4hlhMoPVArFm/ThBWgz/S7b8MZQ9kUvKSDbBy
DKq49fmHhA6aNFTQOLppse6MwTK0nwEkLHhMSbf/NNIoBx1h3HPm2GftiaGuNNH5
nRFkjnzINkAspLFJBqcPNdoDCKjcBzGq4wrpmN8D0kRTR9VD/hKQuLpaCb0ren1/
qNvVfy3h3sKQeymTxRtdNEmVys0z5b6X6l/e/Jn+fO7aZtf6U6LSfJFD/tm1Urnv
xtpwPTyZ8y56KQ==
-----END CERTIFICATE-----