Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft
File:                     oCUv6bQqZD9HflhGYZquiGkX7_s.mft (raw, json)
Hash identifier:          qXQ/ktP9Xm1sBhLNh4C5GaYD5PqaJgom4cXH5jU6rqg=
Subject key identifier:   2D:D8:FD:AC:F2:CE:FB:81:BF:9F:A1:52:EB:B2:B2:1C:46:DB:18:08
Authority key identifier: A0:25:2F:E9:B4:2A:64:3F:47:7E:58:46:61:9A:AE:88:69:17:EF:FB
Certificate issuer:       /CN=a0252fe9b42a643f477e5846619aae886917effb
Certificate serial:       019A00A34ED18D52DF420B0C05F496FC7AE5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oCUv6bQqZD9HflhGYZquiGkX7_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft
Manifest number:          14CD
Signing time:             Mon 20 Oct 2025 08:01:33 +0000
Manifest this update:     Mon 20 Oct 2025 08:01:33 +0000
Manifest next update:     Tue 21 Oct 2025 08:01:33 +0000
Files and hashes:         1: oCUv6bQqZD9HflhGYZquiGkX7_s.crl (hash: aDuRwf5qlLJ7Ud0mhUoH2y4fFi8qPa7Nf0zixh1y1dc=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oCUv6bQqZD9HflhGYZquiGkX7_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:a3:4e:d1:8d:52:df:42:0b:0c:05:f4:96:fc:7a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0252fe9b42a643f477e5846619aae886917effb
        Validity
            Not Before: Oct 20 08:01:33 2025 GMT
            Not After : Oct 21 08:01:33 2025 GMT
        Subject: CN=2dd8fdacf2cefb81bf9fa152ebb2b21c46db1808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4d:bd:37:94:6c:90:92:65:8e:19:f0:0c:79:
                    70:2a:9e:fb:1e:79:0a:9f:08:d7:5e:39:56:c6:eb:
                    5c:08:93:bd:d7:c0:40:48:bc:85:43:e9:3b:ab:19:
                    1d:67:78:f7:dc:73:d5:80:aa:ed:8e:cb:2b:66:4f:
                    aa:30:2b:60:0c:a6:aa:07:0e:0c:2c:9f:05:83:8c:
                    10:87:2d:fc:43:a9:bd:5e:72:2e:af:be:ee:34:7c:
                    a9:44:eb:d2:7c:fe:56:45:40:9d:1b:96:7f:92:1b:
                    9d:a1:ef:bb:7b:1c:57:4b:27:d9:3f:91:e7:e7:c7:
                    39:02:c0:45:5e:96:6b:34:d4:58:90:d6:a2:90:5f:
                    38:56:67:f3:00:56:c4:e0:98:2a:9a:5b:9f:45:6e:
                    13:90:dc:42:95:8c:a1:f5:e4:cf:9e:28:f1:62:23:
                    f2:04:03:bd:4b:95:06:94:cd:61:a1:c9:2c:c7:ef:
                    d5:7b:3c:6d:6f:53:d7:07:cd:67:cc:1c:85:95:e5:
                    b2:43:22:8a:cf:14:a9:e8:91:d4:7a:9f:c0:f0:24:
                    61:4d:b2:b6:68:cc:54:30:c2:c9:54:d0:37:fd:2c:
                    17:94:ca:81:01:b4:ed:63:41:1c:32:d3:2e:f9:d3:
                    5a:c6:ff:aa:73:06:c2:ae:eb:b0:e5:73:dd:cc:60:
                    91:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D8:FD:AC:F2:CE:FB:81:BF:9F:A1:52:EB:B2:B2:1C:46:DB:18:08
            X509v3 Authority Key Identifier:
                keyid:A0:25:2F:E9:B4:2A:64:3F:47:7E:58:46:61:9A:AE:88:69:17:EF:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oCUv6bQqZD9HflhGYZquiGkX7_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c9ca65-9253-4fc4-9bbf-01dc944c4477/1/oCUv6bQqZD9HflhGYZquiGkX7_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1f:dd:ed:31:03:c6:bb:32:44:0b:ae:86:a7:3f:f9:ac:31:35:
         06:68:92:26:cd:2c:60:6d:49:4d:73:74:e3:43:03:bb:11:5c:
         55:a5:a7:97:ae:61:0c:00:1f:c5:83:1e:cc:64:e7:38:7c:cd:
         ef:0b:e2:79:b1:e7:2e:ce:51:eb:f0:ee:2d:8a:be:cd:eb:40:
         a8:ef:f0:00:aa:0c:89:59:d7:be:4d:61:bc:63:a4:55:a7:7e:
         e8:d1:92:a5:b9:10:69:a6:c2:c1:d0:79:58:84:fb:6f:25:32:
         d0:ba:4a:cf:84:4e:d1:3a:e1:91:76:2f:31:8c:77:35:db:c7:
         ea:15:04:69:ca:2d:53:97:83:f6:a9:62:ee:43:6a:08:77:fa:
         b0:af:d6:c3:0b:a3:33:7b:f0:6b:94:76:81:66:21:bb:1b:2e:
         64:d2:33:a3:d3:dc:17:b1:3e:3e:0b:e0:25:d1:95:45:a2:a9:
         a8:56:18:60:72:c1:f5:cf:48:8b:b8:62:07:37:61:91:30:9a:
         70:53:71:b8:61:4e:05:c3:4e:aa:5e:b2:f3:98:c3:05:88:7f:
         e4:7b:49:61:5c:21:fc:5a:b0:22:3a:b4:14:36:38:13:a6:7d:
         c0:70:b6:a3:2f:fe:cf:9c:7e:f7:3a:c8:8d:28:f8:60:92:31:
         40:2c:7b:3a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZoAo07RjVLfQgsMBfSW/HrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMjUyZmU5YjQyYTY0M2Y0NzdlNTg0NjYxOWFhZTg4Njkx
N2VmZmIwHhcNMjUxMDIwMDgwMTMzWhcNMjUxMDIxMDgwMTMzWjAzMTEwLwYDVQQD
EygyZGQ4ZmRhY2YyY2VmYjgxYmY5ZmExNTJlYmIyYjIxYzQ2ZGIxODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuk29N5RskJJljhnwDHlwKp77HnkK
nwjXXjlWxutcCJO918BASLyFQ+k7qxkdZ3j33HPVgKrtjssrZk+qMCtgDKaqBw4M
LJ8Fg4wQhy38Q6m9XnIur77uNHypROvSfP5WRUCdG5Z/khudoe+7exxXSyfZP5Hn
58c5AsBFXpZrNNRYkNaikF84VmfzAFbE4JgqmlufRW4TkNxClYyh9eTPnijxYiPy
BAO9S5UGlM1hocksx+/Vezxtb1PXB81nzByFleWyQyKKzxSp6JHUep/A8CRhTbK2
aMxUMMLJVNA3/SwXlMqBAbTtY0EcMtMu+dNaxv+qcwbCruuw5XPdzGCRFQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFC3Y/azyzvuBv5+hUuuyshxG2xgIMB8GA1UdIwQY
MBaAFKAlL+m0KmQ/R35YRmGarohpF+/7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0NVdjZiUXFaRDlIZmxoR1lacXVpR2tYN19zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jOWNhNjUtOTI1My00ZmM0LTliYmYt
MDFkYzk0NGM0NDc3LzEvb0NVdjZiUXFaRDlIZmxoR1lacXVpR2tYN19zLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jOWNhNjUtOTI1My00ZmM0LTliYmYtMDFkYzk0NGM0NDc3
LzEvb0NVdjZiUXFaRDlIZmxoR1lacXVpR2tYN19zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAH93tMQPG
uzJEC66Gpz/5rDE1BmiSJs0sYG1JTXN040MDuxFcVaWnl65hDAAfxYMezGTnOHzN
7wviebHnLs5R6/DuLYq+zetAqO/wAKoMiVnXvk1hvGOkVad+6NGSpbkQaabCwdB5
WIT7byUy0LpKz4RO0TrhkXYvMYx3NdvH6hUEacotU5eD9qli7kNqCHf6sK/Wwwuj
M3vwa5R2gWYhuxsuZNIzo9PcF7E+PgvgJdGVRaKpqFYYYHLB9c9Ii7hiBzdhkTCa
cFNxuGFOBcNOql6y85jDBYh/5HtJYVwh/FqwIjq0FDY4E6Z9wHC2oy/+z5x+9zrI
jSj4YJIxQCx7Og==
-----END CERTIFICATE-----