Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
File:                     2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft (raw, json)
Hash identifier:          WVBkD43kh4q3/5P1IOb3bMitnOBst5xr8JbrQ+AeuAw=
Subject key identifier:   11:27:0F:62:49:69:87:B9:E6:CD:A4:4F:A1:F0:F8:D7:74:19:6A:84
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       0199FC8F653B254BC4E8C52302A06B15CAB7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
Manifest number:          16FA
Signing time:             Sun 19 Oct 2025 13:01:19 +0000
Manifest this update:     Sun 19 Oct 2025 13:01:19 +0000
Manifest next update:     Mon 20 Oct 2025 13:01:19 +0000
Files and hashes:         1: 2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl (hash: OACGX/yzm8I2rDR61dULC3L9u+aMAp35rorgbI9URGk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:8f:65:3b:25:4b:c4:e8:c5:23:02:a0:6b:15:ca:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Oct 19 13:01:19 2025 GMT
            Not After : Oct 20 13:01:19 2025 GMT
        Subject: CN=11270f62496987b9e6cda44fa1f0f8d774196a84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d4:e0:f7:bf:c7:53:4b:6c:a3:e4:be:bf:59:
                    a5:39:f9:00:9f:67:ae:12:48:fb:3f:37:e5:8e:a4:
                    d6:97:03:d6:4d:0a:4b:be:80:f5:6d:21:5f:2b:fd:
                    29:c1:20:51:2a:28:5b:48:74:eb:b0:8c:1d:2b:b7:
                    78:a9:f4:34:0a:b2:37:f6:ae:8b:df:7b:0f:a8:39:
                    88:ac:c8:73:06:26:72:07:a6:c4:ab:9d:b0:d6:26:
                    da:5a:b5:d6:56:3f:8e:5b:52:bd:33:1c:9b:0f:2b:
                    69:01:ef:05:7f:46:15:9f:3f:ae:0b:3b:74:6b:4b:
                    87:b2:b0:d4:e2:4f:50:50:7f:13:c8:f4:16:cb:e5:
                    83:42:a7:35:20:d2:c2:74:1c:fd:19:7a:99:b9:5c:
                    e5:d1:35:71:05:98:c3:35:f4:9a:f3:bb:c8:44:f9:
                    41:bf:93:65:29:1a:e6:f3:4c:9b:8c:29:7f:5b:a8:
                    4e:a4:c9:3f:e0:cb:9c:63:87:81:93:b6:24:0b:90:
                    bf:fb:4e:35:6f:7c:72:5f:b7:03:99:7b:1c:7c:3d:
                    49:d3:10:3e:07:34:de:9b:95:ac:04:e0:23:fa:17:
                    67:0b:ad:ef:84:22:b2:72:6b:41:62:2f:70:01:22:
                    a0:e8:81:5a:3c:73:82:89:18:ae:16:86:81:7e:ae:
                    34:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:27:0F:62:49:69:87:B9:E6:CD:A4:4F:A1:F0:F8:D7:74:19:6A:84
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         9c:f6:ed:60:7a:ad:ce:ff:c3:44:42:00:5f:af:bc:9d:cf:cb:
         ca:cf:4b:b7:95:ea:bb:f5:1e:e5:09:87:4f:e7:a2:93:85:eb:
         3e:e4:f3:f0:e8:8c:ea:eb:dd:6a:ff:f2:14:dc:5a:67:77:c9:
         13:9d:e7:a2:6c:80:5d:af:98:8e:eb:73:91:84:97:18:27:bb:
         51:4f:78:ca:51:dd:40:e7:d0:0a:78:85:c2:9e:6f:4e:4d:68:
         a1:a8:b8:79:75:02:c4:e8:d3:df:32:ca:93:b4:b3:49:d1:1b:
         68:36:76:c6:95:9a:5d:3a:d9:aa:90:4f:d7:f2:fe:fb:18:8a:
         9e:a0:55:7f:24:40:d5:3f:22:23:c9:76:b1:8e:0c:06:93:dc:
         c4:45:c0:36:87:b7:b6:ce:f6:0c:e0:a8:ff:ba:d5:f8:a5:3e:
         44:0e:1d:da:c5:03:83:e4:c4:33:47:71:c0:28:6f:df:24:b2:
         c0:fb:66:b2:38:89:31:b3:d9:5a:dd:c0:25:b4:6d:46:86:b5:
         df:c8:fd:b4:fa:d9:dd:d4:86:0b:1e:07:8a:a4:d2:43:30:09:
         f5:d7:fe:64:9e:81:59:24:9f:36:f9:8f:b0:6f:5e:47:e0:0f:
         ad:aa:4d:fb:ce:af:26:75:eb:f6:5d:24:11:38:51:54:e8:f3:
         38:7a:6e:3a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn8j2U7JUvE6MUjAqBrFcq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjUxMDE5MTMwMTE5WhcNMjUxMDIwMTMwMTE5WjAzMTEwLwYDVQQD
EygxMTI3MGY2MjQ5Njk4N2I5ZTZjZGE0NGZhMWYwZjhkNzc0MTk2YTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9Tg97/HU0tso+S+v1mlOfkAn2eu
Ekj7PzfljqTWlwPWTQpLvoD1bSFfK/0pwSBRKihbSHTrsIwdK7d4qfQ0CrI39q6L
33sPqDmIrMhzBiZyB6bEq52w1ibaWrXWVj+OW1K9MxybDytpAe8Ff0YVnz+uCzt0
a0uHsrDU4k9QUH8TyPQWy+WDQqc1INLCdBz9GXqZuVzl0TVxBZjDNfSa87vIRPlB
v5NlKRrm80ybjCl/W6hOpMk/4MucY4eBk7YkC5C/+041b3xyX7cDmXscfD1J0xA+
BzTem5WsBOAj+hdnC63vhCKycmtBYi9wASKg6IFaPHOCiRiuFoaBfq40zwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBEnD2JJaYe55s2kT6Hw+Nd0GWqEMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAnPbtYHqt
zv/DREIAX6+8nc/Lys9Lt5Xqu/Ue5QmHT+eik4XrPuTz8OiM6uvdav/yFNxaZ3fJ
E53nomyAXa+YjutzkYSXGCe7UU94ylHdQOfQCniFwp5vTk1ooai4eXUCxOjT3zLK
k7SzSdEbaDZ2xpWaXTrZqpBP1/L++xiKnqBVfyRA1T8iI8l2sY4MBpPcxEXANoe3
ts72DOCo/7rV+KU+RA4d2sUDg+TEM0dxwChv3ySywPtmsjiJMbPZWt3AJbRtRoa1
38j9tPrZ3dSGCx4HiqTSQzAJ9df+ZJ6BWSSfNvmPsG9eR+APrapN+86vJnXr9l0k
EThRVOjzOHpuOg==
-----END CERTIFICATE-----