Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/0a277e-0656-4cfe-a8a8-02e3d9e02eec/1/soehvthfaZtS-gaqGeUc8liPFLk.mft
File:                     soehvthfaZtS-gaqGeUc8liPFLk.mft (raw, json)
Hash identifier:          S3NCgpPm6FualsHPcbz3eM19jaU44fi8DoDw/KqL+3E=
Subject key identifier:   C3:49:81:46:D9:09:0A:79:64:72:AA:E8:F8:CA:54:62:A3:1B:50:91
Authority key identifier: B2:87:A1:BE:D8:5F:69:9B:52:FA:06:AA:19:E5:1C:F2:58:8F:14:B9
Certificate issuer:       /CN=b287a1bed85f699b52fa06aa19e51cf2588f14b9
Certificate serial:       0199FDD8D6A64D3F9E1F211C43B41AD20CC8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/soehvthfaZtS-gaqGeUc8liPFLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/0a277e-0656-4cfe-a8a8-02e3d9e02eec/1/soehvthfaZtS-gaqGeUc8liPFLk.mft
Manifest number:          1185
Signing time:             Sun 19 Oct 2025 19:01:10 +0000
Manifest this update:     Sun 19 Oct 2025 19:01:10 +0000
Manifest next update:     Mon 20 Oct 2025 19:01:10 +0000
Files and hashes:         1: soehvthfaZtS-gaqGeUc8liPFLk.crl (hash: 1zeTMEXKc4JNIFDKgOeTOk9iXlo9+nGvLHILf2+CxI0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/0a277e-0656-4cfe-a8a8-02e3d9e02eec/1/soehvthfaZtS-gaqGeUc8liPFLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/0a277e-0656-4cfe-a8a8-02e3d9e02eec/1/soehvthfaZtS-gaqGeUc8liPFLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/soehvthfaZtS-gaqGeUc8liPFLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:d8:d6:a6:4d:3f:9e:1f:21:1c:43:b4:1a:d2:0c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b287a1bed85f699b52fa06aa19e51cf2588f14b9
        Validity
            Not Before: Oct 19 19:01:10 2025 GMT
            Not After : Oct 20 19:01:10 2025 GMT
        Subject: CN=c3498146d9090a796472aae8f8ca5462a31b5091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:04:bc:02:09:ca:89:21:85:57:fc:52:5f:e6:
                    3f:b6:7d:05:ac:fc:09:1a:97:c0:24:70:6b:48:5d:
                    5b:7e:c5:04:67:5e:ad:41:15:f7:43:bd:00:04:63:
                    c7:dc:83:23:93:3a:82:53:00:7e:ed:9f:68:70:f0:
                    76:26:b4:37:ac:6c:51:80:7e:a4:39:9e:b9:85:37:
                    97:c3:e8:e6:01:b2:5c:b9:0f:e5:df:9d:89:49:ee:
                    cb:8b:d1:48:92:d6:9d:dd:60:3c:4a:c2:bf:5e:6c:
                    eb:1c:60:a5:29:ee:6e:44:a9:7d:06:37:09:7e:d8:
                    71:09:bf:1b:10:17:5d:d8:16:d6:27:38:25:10:9b:
                    08:42:62:63:d5:e2:45:96:e5:9a:ee:91:ed:0c:74:
                    89:c7:d7:e6:4f:e0:68:a3:c2:ca:60:63:8a:23:65:
                    1c:ab:0b:b4:ba:47:01:a9:33:a9:cc:58:c1:1a:dc:
                    10:20:85:a1:a7:96:b2:d3:fc:b1:0b:05:a2:11:da:
                    cb:ce:cf:17:04:13:9a:6a:12:c5:3e:d5:85:6b:76:
                    20:5b:01:22:28:54:94:bf:55:14:d3:c2:c2:40:87:
                    2c:04:4c:37:4d:e7:97:c9:5f:35:be:e3:9f:79:c5:
                    9c:0f:30:fd:87:1f:63:e1:7d:e6:20:23:00:c7:c0:
                    68:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:49:81:46:D9:09:0A:79:64:72:AA:E8:F8:CA:54:62:A3:1B:50:91
            X509v3 Authority Key Identifier:
                keyid:B2:87:A1:BE:D8:5F:69:9B:52:FA:06:AA:19:E5:1C:F2:58:8F:14:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/soehvthfaZtS-gaqGeUc8liPFLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/0a277e-0656-4cfe-a8a8-02e3d9e02eec/1/soehvthfaZtS-gaqGeUc8liPFLk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/0a277e-0656-4cfe-a8a8-02e3d9e02eec/1/soehvthfaZtS-gaqGeUc8liPFLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         03:f9:85:97:a4:d6:5d:6e:cf:99:1a:52:0f:91:09:54:50:4e:
         1c:75:53:29:b1:5e:20:fa:ba:6a:a5:ae:e3:01:88:c9:98:f5:
         a5:36:76:33:22:f5:71:53:bd:10:45:72:1b:cb:72:56:4b:61:
         18:8e:a3:45:55:d9:49:bc:14:f5:38:a2:43:d9:f3:27:17:7d:
         c4:e4:3e:a9:07:3a:40:8e:6c:16:9a:dd:f6:00:34:12:04:38:
         7c:73:33:21:1c:d0:c3:e7:65:57:70:1f:d6:b2:a1:ed:95:b6:
         70:e1:cc:28:d3:75:31:e1:dc:89:b3:87:fd:47:1d:d3:78:50:
         03:7c:21:59:86:c5:04:f3:53:b9:0e:96:b1:60:ab:58:99:55:
         0b:db:9b:63:fa:84:b0:23:c9:2c:2c:0c:ce:b1:f9:71:6a:34:
         4c:75:5e:5f:77:19:6a:15:94:06:a1:9d:3d:74:74:87:e2:ca:
         73:9d:4f:82:4c:d5:fb:8e:2f:db:d5:06:e6:ce:5c:25:bb:ca:
         26:5f:f8:1d:4c:c5:51:4b:88:13:2b:90:db:b6:f4:c7:3b:9e:
         f3:82:2d:db:d8:2a:3f:c3:da:17:f3:72:ce:b4:10:78:8b:ec:
         ab:1e:51:0d:21:ff:87:d2:cd:27:dc:35:3b:d2:56:0b:0b:1d:
         b4:1c:dc:c8
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn92NamTT+eHyEcQ7Qa0gzIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyODdhMWJlZDg1ZjY5OWI1MmZhMDZhYTE5ZTUxY2YyNTg4
ZjE0YjkwHhcNMjUxMDE5MTkwMTEwWhcNMjUxMDIwMTkwMTEwWjAzMTEwLwYDVQQD
EyhjMzQ5ODE0NmQ5MDkwYTc5NjQ3MmFhZThmOGNhNTQ2MmEzMWI1MDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQS8AgnKiSGFV/xSX+Y/tn0FrPwJ
GpfAJHBrSF1bfsUEZ16tQRX3Q70ABGPH3IMjkzqCUwB+7Z9ocPB2JrQ3rGxRgH6k
OZ65hTeXw+jmAbJcuQ/l352JSe7Li9FIktad3WA8SsK/XmzrHGClKe5uRKl9BjcJ
fthxCb8bEBdd2BbWJzglEJsIQmJj1eJFluWa7pHtDHSJx9fmT+Boo8LKYGOKI2Uc
qwu0ukcBqTOpzFjBGtwQIIWhp5ay0/yxCwWiEdrLzs8XBBOaahLFPtWFa3YgWwEi
KFSUv1UU08LCQIcsBEw3TeeXyV81vuOfecWcDzD9hx9j4X3mICMAx8BobwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFMNJgUbZCQp5ZHKq6PjKVGKjG1CRMB8GA1UdIwQY
MBaAFLKHob7YX2mbUvoGqhnlHPJYjxS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc29laHZ0aGZhWnRTLWdhcUdlVWM4bGlQRkxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wYTI3N2UtMDY1Ni00Y2ZlLWE4YTgt
MDJlM2Q5ZTAyZWVjLzEvc29laHZ0aGZhWnRTLWdhcUdlVWM4bGlQRkxrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wYTI3N2UtMDY1Ni00Y2ZlLWE4YTgtMDJlM2Q5ZTAyZWVj
LzEvc29laHZ0aGZhWnRTLWdhcUdlVWM4bGlQRkxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAA/mFl6TW
XW7PmRpSD5EJVFBOHHVTKbFeIPq6aqWu4wGIyZj1pTZ2MyL1cVO9EEVyG8tyVkth
GI6jRVXZSbwU9TiiQ9nzJxd9xOQ+qQc6QI5sFprd9gA0EgQ4fHMzIRzQw+dlV3Af
1rKh7ZW2cOHMKNN1MeHcibOH/Ucd03hQA3whWYbFBPNTuQ6WsWCrWJlVC9ubY/qE
sCPJLCwMzrH5cWo0THVeX3cZahWUBqGdPXR0h+LKc51PgkzV+44v29UG5s5cJbvK
Jl/4HUzFUUuIEyuQ27b0xzue84It29gqP8PaF/NyzrQQeIvsqx5RDSH/h9LNJ9w1
O9JWCwsdtBzcyA==
-----END CERTIFICATE-----