Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft
File:                     upsYDHz0DC3X-keDflGa37wisD0.mft (raw, json)
Hash identifier:          npT7A19PzE34pqJnlEzfeDV0iIj2wiAHymzeiooILLU=
Subject key identifier:   84:4C:3E:71:A5:44:93:33:F1:34:1D:12:9E:C2:FD:D1:8C:DF:50:AA
Authority key identifier: BA:9B:18:0C:7C:F4:0C:2D:D7:FA:47:83:7E:51:9A:DF:BC:22:B0:3D
Certificate issuer:       /CN=ba9b180c7cf40c2dd7fa47837e519adfbc22b03d
Certificate serial:       0199FAA0CB823E020B20FB9929537ED6FE6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upsYDHz0DC3X-keDflGa37wisD0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft
Manifest number:          4D
Signing time:             Sun 19 Oct 2025 04:01:05 +0000
Manifest this update:     Sun 19 Oct 2025 04:01:05 +0000
Manifest next update:     Mon 20 Oct 2025 04:01:05 +0000
Files and hashes:         1: upsYDHz0DC3X-keDflGa37wisD0.crl (hash: LGI6yhwfMRiEZ/sl9HEwcMd55KrYt+xJOcuk2DMtbso=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/upsYDHz0DC3X-keDflGa37wisD0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fa:a0:cb:82:3e:02:0b:20:fb:99:29:53:7e:d6:fe:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9b180c7cf40c2dd7fa47837e519adfbc22b03d
        Validity
            Not Before: Oct 19 04:01:05 2025 GMT
            Not After : Oct 20 04:01:05 2025 GMT
        Subject: CN=844c3e71a5449333f1341d129ec2fdd18cdf50aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f3:f9:68:d2:f5:2b:68:d4:89:ae:a4:bd:2c:
                    11:b2:43:c0:a3:ec:8c:d0:55:f5:ae:ea:c1:94:90:
                    54:3c:1f:ad:a8:af:31:ad:42:ff:3f:10:e3:46:c6:
                    a2:1f:10:11:86:9f:cb:13:d5:28:9b:28:05:72:ac:
                    14:f9:8e:60:0b:87:fd:74:67:d0:c5:bc:60:80:0a:
                    9a:4b:c6:be:54:45:47:38:18:f0:e3:6b:d0:3f:02:
                    90:d5:75:2d:e7:da:d0:29:33:6a:58:9b:57:99:f7:
                    35:4c:c0:00:62:c8:05:81:09:6c:6b:89:a2:3b:d0:
                    20:ca:09:dc:f2:95:2f:e6:a8:4f:1b:6e:78:56:5d:
                    60:8e:11:37:d0:ed:51:d4:e4:20:55:12:8d:62:6d:
                    63:95:8d:19:57:88:0f:b2:ba:97:5c:0b:44:86:1e:
                    80:d2:47:81:fc:9e:37:9c:26:e5:9f:4f:aa:9b:63:
                    6d:0b:11:47:6a:7e:ef:18:5b:71:50:b3:12:94:92:
                    10:a2:ee:b2:8c:9c:0e:b8:05:66:c4:fb:8e:f7:dc:
                    82:88:b0:96:8a:af:11:a3:39:f5:30:8b:8a:33:74:
                    34:63:2c:8c:7b:b2:b0:28:81:30:0c:c7:11:fe:62:
                    a2:cf:6f:b1:73:9d:01:39:84:b4:ec:0d:0d:0f:1a:
                    13:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:4C:3E:71:A5:44:93:33:F1:34:1D:12:9E:C2:FD:D1:8C:DF:50:AA
            X509v3 Authority Key Identifier:
                keyid:BA:9B:18:0C:7C:F4:0C:2D:D7:FA:47:83:7E:51:9A:DF:BC:22:B0:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upsYDHz0DC3X-keDflGa37wisD0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4512a0-73fa-4426-b5e9-74b778c0b546/1/upsYDHz0DC3X-keDflGa37wisD0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         39:0f:40:bf:ca:84:99:5c:2a:da:b2:ab:98:7f:ca:43:fc:5c:
         bc:73:a4:22:62:52:99:1e:b9:fd:83:29:6f:02:7e:eb:5c:6e:
         e3:6e:8e:4e:51:bb:07:a4:b8:ba:06:db:62:ef:86:e6:5f:75:
         83:e1:2e:ad:54:94:d4:c1:19:45:45:49:4c:34:21:93:11:06:
         db:10:c0:04:08:16:25:01:70:62:dd:1c:84:bb:de:d1:ab:e7:
         ee:7a:aa:71:25:97:1b:7a:9a:5a:08:45:c9:38:2e:fc:b1:3f:
         51:84:8f:13:4c:0d:41:17:66:07:3d:32:1e:67:d3:f6:94:f5:
         7a:2d:e6:43:13:2f:14:1f:52:35:f7:10:f2:e5:29:f6:a5:45:
         92:66:5c:33:08:31:8b:cf:49:c2:dd:2f:d2:23:db:27:97:a1:
         65:6f:90:fa:72:c3:45:75:7e:c5:e9:2e:2f:b5:c4:73:07:fc:
         c2:b9:37:46:aa:c6:1c:69:1e:d8:37:a9:92:85:cd:b6:64:be:
         0d:2c:1b:ae:43:08:e5:bf:59:67:56:25:5a:a7:b3:69:f5:fc:
         5f:5e:bb:3b:b1:aa:41:bc:69:12:2e:ea:e7:c1:d2:c7:9b:68:
         44:91:e2:f3:7a:c7:c7:ca:66:f9:ad:de:e8:f4:8f:ab:ee:ae:
         61:cd:08:c8
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn6oMuCPgILIPuZKVN+1v5vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWIxODBjN2NmNDBjMmRkN2ZhNDc4MzdlNTE5YWRmYmMy
MmIwM2QwHhcNMjUxMDE5MDQwMTA1WhcNMjUxMDIwMDQwMTA1WjAzMTEwLwYDVQQD
Eyg4NDRjM2U3MWE1NDQ5MzMzZjEzNDFkMTI5ZWMyZmRkMThjZGY1MGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/P5aNL1K2jUia6kvSwRskPAo+yM
0FX1rurBlJBUPB+tqK8xrUL/PxDjRsaiHxARhp/LE9UomygFcqwU+Y5gC4f9dGfQ
xbxggAqaS8a+VEVHOBjw42vQPwKQ1XUt59rQKTNqWJtXmfc1TMAAYsgFgQlsa4mi
O9Agygnc8pUv5qhPG254Vl1gjhE30O1R1OQgVRKNYm1jlY0ZV4gPsrqXXAtEhh6A
0keB/J43nCbln0+qm2NtCxFHan7vGFtxULMSlJIQou6yjJwOuAVmxPuO99yCiLCW
iq8Rozn1MIuKM3Q0YyyMe7KwKIEwDMcR/mKiz2+xc50BOYS07A0NDxoTPQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFIRMPnGlRJMz8TQdEp7C/dGM31CqMB8GA1UdIwQY
MBaAFLqbGAx89Awt1/pHg35Rmt+8IrA9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXBzWURIejBEQzNYLWtlRGZsR2EzN3dpc0QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80NTEyYTAtNzNmYS00NDI2LWI1ZTkt
NzRiNzc4YzBiNTQ2LzEvdXBzWURIejBEQzNYLWtlRGZsR2EzN3dpc0QwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80NTEyYTAtNzNmYS00NDI2LWI1ZTktNzRiNzc4YzBiNTQ2
LzEvdXBzWURIejBEQzNYLWtlRGZsR2EzN3dpc0QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAOQ9Av8qE
mVwq2rKrmH/KQ/xcvHOkImJSmR65/YMpbwJ+61xu426OTlG7B6S4ugbbYu+G5l91
g+EurVSU1MEZRUVJTDQhkxEG2xDABAgWJQFwYt0chLve0avn7nqqcSWXG3qaWghF
yTgu/LE/UYSPE0wNQRdmBz0yHmfT9pT1ei3mQxMvFB9SNfcQ8uUp9qVFkmZcMwgx
i89Jwt0v0iPbJ5ehZW+Q+nLDRXV+xekuL7XEcwf8wrk3RqrGHGke2DepkoXNtmS+
DSwbrkMI5b9ZZ1YlWqezafX8X167O7GqQbxpEi7q58HSx5toRJHi83rHx8pm+a3e
6PSPq+6uYc0IyA==
-----END CERTIFICATE-----