Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft
File:                     kHpNEpJLU1fjAmev48XMc2QkEVg.mft (raw, json)
Hash identifier:          851bbIy8OYt/Rnc9N0o030AXwD24IngLn004sauOK3Y=
Subject key identifier:   A4:50:BF:4A:9C:22:96:A9:E0:4E:34:15:A9:5F:06:65:59:96:5E:1F
Authority key identifier: 90:7A:4D:12:92:4B:53:57:E3:02:67:AF:E3:C5:CC:73:64:24:11:58
Certificate issuer:       /CN=907a4d12924b5357e30267afe3c5cc7364241158
Certificate serial:       019A01B681284684FBD95FEEB4A1CF1A1EB7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kHpNEpJLU1fjAmev48XMc2QkEVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft
Manifest number:          10FA
Signing time:             Mon 20 Oct 2025 13:02:09 +0000
Manifest this update:     Mon 20 Oct 2025 13:02:09 +0000
Manifest next update:     Tue 21 Oct 2025 13:02:09 +0000
Files and hashes:         1: kHpNEpJLU1fjAmev48XMc2QkEVg.crl (hash: rFxz3ZmWitXJz8dDqtbsObQk7lsPpLjfdd5bxxHzJq4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kHpNEpJLU1fjAmev48XMc2QkEVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:b6:81:28:46:84:fb:d9:5f:ee:b4:a1:cf:1a:1e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=907a4d12924b5357e30267afe3c5cc7364241158
        Validity
            Not Before: Oct 20 13:02:09 2025 GMT
            Not After : Oct 21 13:02:09 2025 GMT
        Subject: CN=a450bf4a9c2296a9e04e3415a95f066559965e1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:93:bd:90:7e:9d:fb:99:0c:f9:db:3d:bb:e7:
                    f5:9d:df:23:33:87:60:78:fe:07:c6:50:7f:da:03:
                    11:89:ce:7f:32:e1:01:9e:5e:5c:da:7e:0b:07:cf:
                    0b:da:07:0d:7d:2a:07:c4:47:8f:00:9f:a2:ab:1c:
                    67:2f:2b:cc:3e:ac:5e:bb:a3:52:b3:e3:c9:36:36:
                    57:a7:b2:1d:2d:3b:10:66:60:08:1d:77:2c:7c:78:
                    97:ea:e5:77:38:54:19:45:92:40:e3:3c:d7:22:13:
                    74:81:18:0c:38:2e:7f:3a:89:7f:c3:7e:11:19:34:
                    7b:70:dd:43:8a:b5:bb:bb:6e:ee:b6:28:f7:f3:b6:
                    38:f6:f0:ed:32:4a:5d:1c:3c:6a:33:a3:bb:d5:71:
                    46:b1:39:92:57:a1:89:51:d0:ca:16:9d:96:19:20:
                    87:4c:c4:9f:bf:f0:1e:48:c6:3e:52:9f:19:83:bd:
                    20:94:ac:d3:37:56:5c:05:50:ce:ef:9c:b3:46:20:
                    d1:d9:34:ca:66:b8:68:1b:3b:4e:4a:e5:b1:53:db:
                    a2:ea:e1:ce:27:8c:fa:c5:a2:de:aa:17:48:7c:79:
                    67:54:08:a7:fc:a6:ba:f6:50:97:20:ea:61:21:80:
                    18:1a:46:c3:69:ae:57:09:a4:47:1a:1b:79:7f:29:
                    b5:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:50:BF:4A:9C:22:96:A9:E0:4E:34:15:A9:5F:06:65:59:96:5E:1F
            X509v3 Authority Key Identifier:
                keyid:90:7A:4D:12:92:4B:53:57:E3:02:67:AF:E3:C5:CC:73:64:24:11:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kHpNEpJLU1fjAmev48XMc2QkEVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/aef44f-cbdf-4120-84f1-621a2bb40c66/1/kHpNEpJLU1fjAmev48XMc2QkEVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         44:df:a9:47:60:2d:9e:c7:6d:af:e0:01:59:69:55:fc:ce:2f:
         6a:65:c9:a0:53:20:aa:2f:f2:57:52:51:eb:be:51:52:04:35:
         8a:25:02:4a:9e:04:6e:a1:28:57:14:64:0e:b7:21:f8:49:da:
         1f:e3:70:06:3b:fc:6e:ed:d5:93:9a:0e:f6:65:b9:9c:e1:01:
         58:9e:e7:2b:6e:aa:ae:9d:24:d5:b0:b4:57:71:0d:96:70:bd:
         3a:64:9c:7c:5e:72:f2:a0:48:3a:f9:20:97:33:39:4e:f4:0b:
         59:88:a0:bb:e4:be:6f:57:08:33:5b:0f:69:bf:be:16:52:02:
         ce:46:c2:48:1b:ef:c7:9f:70:a2:c0:07:d0:fe:e8:ef:94:b3:
         4f:ef:dd:1b:88:fd:a7:e9:18:2d:95:89:26:b0:5e:72:c7:8d:
         a3:d8:e7:5d:bf:e0:bd:59:e7:93:af:92:f5:06:7c:9b:21:58:
         c1:27:a6:e8:81:46:cd:d9:25:1a:45:c5:e9:6f:68:3d:54:9d:
         1b:27:c5:fe:fd:b1:78:db:22:9d:8e:a3:27:fb:70:53:50:f3:
         e5:61:62:68:9a:7f:3e:ba:72:78:a5:d8:79:93:90:6a:04:1b:
         eb:69:0a:d3:38:fb:b3:8f:23:05:17:90:5d:98:1e:d4:b7:81:
         91:18:92:64
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZoBtoEoRoT72V/utKHPGh63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwN2E0ZDEyOTI0YjUzNTdlMzAyNjdhZmUzYzVjYzczNjQy
NDExNTgwHhcNMjUxMDIwMTMwMjA5WhcNMjUxMDIxMTMwMjA5WjAzMTEwLwYDVQQD
EyhhNDUwYmY0YTljMjI5NmE5ZTA0ZTM0MTVhOTVmMDY2NTU5OTY1ZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25O9kH6d+5kM+ds9u+f1nd8jM4dg
eP4HxlB/2gMRic5/MuEBnl5c2n4LB88L2gcNfSoHxEePAJ+iqxxnLyvMPqxeu6NS
s+PJNjZXp7IdLTsQZmAIHXcsfHiX6uV3OFQZRZJA4zzXIhN0gRgMOC5/Ool/w34R
GTR7cN1DirW7u27utij387Y49vDtMkpdHDxqM6O71XFGsTmSV6GJUdDKFp2WGSCH
TMSfv/AeSMY+Up8Zg70glKzTN1ZcBVDO75yzRiDR2TTKZrhoGztOSuWxU9ui6uHO
J4z6xaLeqhdIfHlnVAin/Ka69lCXIOphIYAYGkbDaa5XCaRHGht5fym1MwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKRQv0qcIpap4E40FalfBmVZll4fMB8GA1UdIwQY
MBaAFJB6TRKSS1NX4wJnr+PFzHNkJBFYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0hwTkVwSkxVMWZqQW1ldjQ4WE1jMlFrRVZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9hZWY0NGYtY2JkZi00MTIwLTg0ZjEt
NjIxYTJiYjQwYzY2LzEva0hwTkVwSkxVMWZqQW1ldjQ4WE1jMlFrRVZnLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9hZWY0NGYtY2JkZi00MTIwLTg0ZjEtNjIxYTJiYjQwYzY2
LzEva0hwTkVwSkxVMWZqQW1ldjQ4WE1jMlFrRVZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEARN+pR2At
nsdtr+ABWWlV/M4vamXJoFMgqi/yV1JR675RUgQ1iiUCSp4EbqEoVxRkDrch+Ena
H+NwBjv8bu3Vk5oO9mW5nOEBWJ7nK26qrp0k1bC0V3ENlnC9OmScfF5y8qBIOvkg
lzM5TvQLWYigu+S+b1cIM1sPab++FlICzkbCSBvvx59wosAH0P7o75SzT+/dG4j9
p+kYLZWJJrBecseNo9jnXb/gvVnnk6+S9QZ8myFYwSem6IFGzdklGkXF6W9oPVSd
GyfF/v2xeNsinY6jJ/twU1Dz5WFiaJp/PrpyeKXYeZOQagQb62kK0zj7s48jBReQ
XZge1LeBkRiSZA==
-----END CERTIFICATE-----