Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/d60eb6-3bb2-45c0-9daf-9f55b4ae90cc/1/QAnHa7ftKz0UTNhVpewajrfU3pk.mft
File:                     QAnHa7ftKz0UTNhVpewajrfU3pk.mft (raw, json)
Hash identifier:          4qaGfKZBtR3lLKOOo5Ybnmp+nXtQRJWHOamdTgdfIIM=
Subject key identifier:   F6:01:D7:FD:0F:95:82:41:DB:CC:64:65:3E:B3:C4:DE:CB:A4:08:4A
Authority key identifier: 40:09:C7:6B:B7:ED:2B:3D:14:4C:D8:55:A5:EC:1A:8E:B7:D4:DE:99
Certificate issuer:       /CN=4009c76bb7ed2b3d144cd855a5ec1a8eb7d4de99
Certificate serial:       0196A98BFB77E11D75E54CEB8EFF2C1578A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QAnHa7ftKz0UTNhVpewajrfU3pk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/d60eb6-3bb2-45c0-9daf-9f55b4ae90cc/1/QAnHa7ftKz0UTNhVpewajrfU3pk.mft
Manifest number:          13CE
Signing time:             Wed 07 May 2025 07:00:45 +0000
Manifest this update:     Wed 07 May 2025 07:00:45 +0000
Manifest next update:     Thu 08 May 2025 07:00:45 +0000
Files and hashes:         1: QAnHa7ftKz0UTNhVpewajrfU3pk.crl (hash: SJDl+T0lY5drNMN7PqivWE3zC2tEi1k1ByKg54PnSL4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/d60eb6-3bb2-45c0-9daf-9f55b4ae90cc/1/QAnHa7ftKz0UTNhVpewajrfU3pk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/d60eb6-3bb2-45c0-9daf-9f55b4ae90cc/1/QAnHa7ftKz0UTNhVpewajrfU3pk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QAnHa7ftKz0UTNhVpewajrfU3pk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 07:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a9:8b:fb:77:e1:1d:75:e5:4c:eb:8e:ff:2c:15:78:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4009c76bb7ed2b3d144cd855a5ec1a8eb7d4de99
        Validity
            Not Before: May  7 07:00:45 2025 GMT
            Not After : May  8 07:00:45 2025 GMT
        Subject: CN=f601d7fd0f958241dbcc64653eb3c4decba4084a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c4:ff:4e:ab:c2:d2:f9:78:a0:73:5a:2e:67:
                    7d:c4:74:c0:fa:e7:0a:27:ed:e6:b2:13:db:1a:65:
                    12:07:d4:af:65:98:df:5b:b2:5b:21:95:1a:33:99:
                    5c:5b:eb:68:25:0b:7a:f3:0b:ea:4a:76:03:3a:46:
                    ae:87:d2:04:c3:a3:d5:b7:75:1a:75:2f:bd:c9:8d:
                    ff:7e:74:3a:a8:4d:d6:8b:34:1d:13:bf:0e:6a:4a:
                    37:2d:fc:12:74:0a:b2:5c:55:7b:49:7b:38:3d:4b:
                    7f:0f:af:5c:40:ef:31:42:46:d7:1a:d7:f4:0d:d7:
                    5a:26:21:f2:cb:02:ee:72:62:ad:63:91:e8:b2:fc:
                    75:98:9e:8c:df:e4:4a:1d:61:a4:90:fe:d6:c9:b8:
                    65:16:75:f1:58:95:a5:db:fc:2f:ff:65:4f:a2:41:
                    89:4a:db:78:fa:67:96:c2:0a:0c:ad:aa:05:03:e1:
                    f9:50:8a:65:91:95:92:d4:73:09:5f:6d:c9:51:c1:
                    b1:0c:0b:4c:08:fe:17:d5:59:1e:0c:bd:79:1f:e9:
                    bd:61:b6:5d:71:dd:34:63:61:6e:c8:6b:8d:68:24:
                    fb:8f:c4:8e:03:ec:9c:05:aa:bc:e5:ee:54:2e:a5:
                    46:35:cb:76:9f:3b:96:00:cc:c8:db:1b:ec:b5:1c:
                    51:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:01:D7:FD:0F:95:82:41:DB:CC:64:65:3E:B3:C4:DE:CB:A4:08:4A
            X509v3 Authority Key Identifier:
                keyid:40:09:C7:6B:B7:ED:2B:3D:14:4C:D8:55:A5:EC:1A:8E:B7:D4:DE:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QAnHa7ftKz0UTNhVpewajrfU3pk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/d60eb6-3bb2-45c0-9daf-9f55b4ae90cc/1/QAnHa7ftKz0UTNhVpewajrfU3pk.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/d60eb6-3bb2-45c0-9daf-9f55b4ae90cc/1/QAnHa7ftKz0UTNhVpewajrfU3pk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         91:a9:a1:a9:8d:75:c8:46:06:05:6e:19:fa:31:3f:b6:cc:e2:
         80:9b:b4:9b:cf:eb:d3:fa:61:cd:c6:ff:4d:27:68:fa:ab:86:
         71:6a:94:79:cf:73:5e:c2:3e:b6:4d:cd:52:7d:5c:4b:bf:1c:
         3f:32:db:1a:fd:b0:96:5f:d3:49:fa:e7:5c:51:c0:dd:26:21:
         83:9b:e2:26:f8:fc:ea:4d:94:2a:fd:19:56:a5:29:91:ca:3d:
         35:ba:d7:e5:c4:bf:11:cb:02:ad:c2:04:f8:a0:8b:8b:0a:e6:
         80:dd:06:d7:d4:d7:ef:b0:ad:5a:81:3d:c8:9b:96:0d:99:ea:
         5a:ff:47:a3:91:21:ca:33:d5:06:5b:b7:06:09:e2:57:e9:9b:
         e8:10:2e:33:8e:fa:57:13:9c:23:47:96:4e:3a:d2:09:43:fc:
         b2:7c:c1:9d:8b:1a:e0:d6:73:87:a0:e8:10:c1:9b:27:52:5b:
         f4:81:c8:2a:6b:b6:a5:c4:47:d3:e8:50:2d:0f:80:f6:b8:0f:
         ca:b2:4d:15:db:35:f4:a1:20:c8:74:f2:a6:16:1d:09:6a:66:
         dd:7f:e1:09:ad:02:c6:09:5a:8e:a6:69:46:4c:08:0a:70:54:
         90:c7:69:8f:b1:29:0c:cd:dc:6c:d0:ae:f1:e5:f8:b0:fb:4f:
         a8:4a:96:7c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZapi/t34R115Uzrjv8sFXipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMDljNzZiYjdlZDJiM2QxNDRjZDg1NWE1ZWMxYThlYjdk
NGRlOTkwHhcNMjUwNTA3MDcwMDQ1WhcNMjUwNTA4MDcwMDQ1WjAzMTEwLwYDVQQD
EyhmNjAxZDdmZDBmOTU4MjQxZGJjYzY0NjUzZWIzYzRkZWNiYTQwODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusT/TqvC0vl4oHNaLmd9xHTA+ucK
J+3mshPbGmUSB9SvZZjfW7JbIZUaM5lcW+toJQt68wvqSnYDOkauh9IEw6PVt3Ua
dS+9yY3/fnQ6qE3WizQdE78Oako3LfwSdAqyXFV7SXs4PUt/D69cQO8xQkbXGtf0
DddaJiHyywLucmKtY5Hosvx1mJ6M3+RKHWGkkP7WybhlFnXxWJWl2/wv/2VPokGJ
Stt4+meWwgoMraoFA+H5UIplkZWS1HMJX23JUcGxDAtMCP4X1VkeDL15H+m9YbZd
cd00Y2FuyGuNaCT7j8SOA+ycBaq85e5ULqVGNct2nzuWAMzI2xvstRxRYwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFPYB1/0PlYJB28xkZT6zxN7LpAhKMB8GA1UdIwQY
MBaAFEAJx2u37Ss9FEzYVaXsGo631N6ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUFuSGE3ZnRLejBVVE5oVnBld2FqcmZVM3BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9kNjBlYjYtM2JiMi00NWMwLTlkYWYt
OWY1NWI0YWU5MGNjLzEvUUFuSGE3ZnRLejBVVE5oVnBld2FqcmZVM3BrLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9kNjBlYjYtM2JiMi00NWMwLTlkYWYtOWY1NWI0YWU5MGNj
LzEvUUFuSGE3ZnRLejBVVE5oVnBld2FqcmZVM3BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAkamhqY11
yEYGBW4Z+jE/tszigJu0m8/r0/phzcb/TSdo+quGcWqUec9zXsI+tk3NUn1cS78c
PzLbGv2wll/TSfrnXFHA3SYhg5viJvj86k2UKv0ZVqUpkco9NbrX5cS/EcsCrcIE
+KCLiwrmgN0G19TX77CtWoE9yJuWDZnqWv9Ho5EhyjPVBlu3BgniV+mb6BAuM476
VxOcI0eWTjrSCUP8snzBnYsa4NZzh6DoEMGbJ1Jb9IHIKmu2pcRH0+hQLQ+A9rgP
yrJNFds19KEgyHTyphYdCWpm3X/hCa0CxglajqZpRkwICnBUkMdpj7EpDM3cbNCu
8eX4sPtPqEqWfA==
-----END CERTIFICATE-----