Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/9f46c0-90be-41cc-ad5d-4add393a723e/1/IhQgnik48W3KWTVwH6aG2Q_De54.mft
File:                     IhQgnik48W3KWTVwH6aG2Q_De54.mft (raw, json)
Hash identifier:          fHAC0vJMTz6ItJi9ddnfbtC6J2rtqpHGJRFk3gNqBcc=
Subject key identifier:   9C:DD:43:4F:1F:62:7A:1E:A5:D8:95:81:1A:2F:A7:76:3C:F9:BE:32
Authority key identifier: 22:14:20:9E:29:38:F1:6D:CA:59:35:70:1F:A6:86:D9:0F:C3:7B:9E
Certificate issuer:       /CN=2214209e2938f16dca5935701fa686d90fc37b9e
Certificate serial:       0196BF6F82A91418A86E3C3F245F50704788
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IhQgnik48W3KWTVwH6aG2Q_De54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/9f46c0-90be-41cc-ad5d-4add393a723e/1/IhQgnik48W3KWTVwH6aG2Q_De54.mft
Manifest number:          03C1
Signing time:             Sun 11 May 2025 13:01:18 +0000
Manifest this update:     Sun 11 May 2025 13:01:18 +0000
Manifest next update:     Mon 12 May 2025 13:01:18 +0000
Files and hashes:         1: IhQgnik48W3KWTVwH6aG2Q_De54.crl (hash: NrQUlA/AewAIiDFv15Qo7RC0cdk40qpyutnF6exeSao=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/9f46c0-90be-41cc-ad5d-4add393a723e/1/IhQgnik48W3KWTVwH6aG2Q_De54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/9f46c0-90be-41cc-ad5d-4add393a723e/1/IhQgnik48W3KWTVwH6aG2Q_De54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IhQgnik48W3KWTVwH6aG2Q_De54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:bf:6f:82:a9:14:18:a8:6e:3c:3f:24:5f:50:70:47:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2214209e2938f16dca5935701fa686d90fc37b9e
        Validity
            Not Before: May 11 13:01:18 2025 GMT
            Not After : May 12 13:01:18 2025 GMT
        Subject: CN=9cdd434f1f627a1ea5d895811a2fa7763cf9be32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f0:cb:57:32:c8:ea:c5:39:3c:3b:42:9a:d3:
                    f7:f7:07:2d:1e:4b:f0:89:d3:84:ec:ba:84:74:c7:
                    db:51:19:e0:1a:9c:d1:c5:4c:69:c5:72:d8:93:16:
                    d3:de:5e:8a:70:de:a1:71:f5:15:9c:4c:fb:76:9f:
                    ac:3d:b0:75:16:a6:d6:89:4a:15:5d:2e:a1:59:6d:
                    94:1a:c0:f0:fc:bf:f5:54:69:5d:e3:c9:99:e8:a8:
                    cb:5c:25:d6:f5:df:00:dc:e4:f4:b6:2a:ab:c7:1f:
                    ed:68:9b:18:30:e5:4a:0a:9c:a3:7a:83:1a:0b:24:
                    e5:d7:93:a6:ac:bb:04:1e:ad:d6:72:a1:eb:ed:9d:
                    29:ff:21:25:1d:da:1c:1f:34:c0:a2:7a:08:28:f4:
                    ef:87:87:92:ed:ee:44:7f:c2:e6:80:c2:52:44:e8:
                    68:77:ab:22:bc:b3:58:65:a3:5a:a2:df:c2:9a:ee:
                    12:fe:36:15:a5:2a:2b:a6:6f:8d:e2:66:fe:4d:39:
                    68:f5:97:4d:82:91:45:3c:16:7f:bd:f3:2b:50:99:
                    88:a6:87:da:41:ed:a8:30:5c:a3:a5:a4:56:3a:38:
                    c0:08:02:be:fa:ad:8e:40:25:ef:93:35:f1:78:5b:
                    29:0c:e4:28:1d:2a:2b:8f:c1:2b:3e:83:ae:ae:f6:
                    71:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DD:43:4F:1F:62:7A:1E:A5:D8:95:81:1A:2F:A7:76:3C:F9:BE:32
            X509v3 Authority Key Identifier:
                keyid:22:14:20:9E:29:38:F1:6D:CA:59:35:70:1F:A6:86:D9:0F:C3:7B:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IhQgnik48W3KWTVwH6aG2Q_De54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9f46c0-90be-41cc-ad5d-4add393a723e/1/IhQgnik48W3KWTVwH6aG2Q_De54.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/9f46c0-90be-41cc-ad5d-4add393a723e/1/IhQgnik48W3KWTVwH6aG2Q_De54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         3b:9b:92:44:e3:a2:bf:9c:7a:a4:87:75:ca:63:7c:86:8a:4c:
         1b:4a:a5:92:c0:f4:8f:88:f7:8a:0c:41:63:e7:a1:44:fa:2b:
         4e:32:29:bc:5b:32:c1:a1:0b:b7:72:05:ce:e3:ab:c7:e8:8d:
         3e:d1:44:b9:d4:63:62:7b:bf:a4:13:8a:f6:9e:04:ab:f4:9b:
         f2:5a:da:28:49:eb:70:81:68:63:5d:8e:92:04:38:64:f8:7b:
         98:6b:bf:d7:6c:e4:c3:28:d2:fc:6e:6d:d1:fa:a1:55:6f:b6:
         86:17:5b:92:73:e3:4f:0a:f8:11:b6:0d:77:82:02:c0:19:61:
         ed:51:cf:bd:75:a3:42:90:fa:fb:a0:4e:2d:ec:47:44:04:4a:
         c4:6b:74:ec:ca:07:29:5b:d7:12:2e:df:7f:fd:ad:d4:5f:ca:
         dd:3e:18:96:11:f7:e9:49:12:34:ee:01:4a:7e:5a:82:7d:fb:
         88:82:1b:e1:6e:94:73:ab:74:72:a1:41:01:c1:5c:68:84:14:
         ca:30:63:5f:c1:38:8a:18:f9:5e:07:8f:e8:ff:32:ba:df:65:
         b1:8d:85:8c:89:c0:1b:49:d9:94:75:c1:06:f3:14:a9:76:b5:
         13:0e:b5:50:ac:3c:ba:8c:52:4f:9c:bc:a9:31:21:e4:ab:f5:
         1d:cd:4e:ab
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZa/b4KpFBiobjw/JF9QcEeIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMTQyMDllMjkzOGYxNmRjYTU5MzU3MDFmYTY4NmQ5MGZj
MzdiOWUwHhcNMjUwNTExMTMwMTE4WhcNMjUwNTEyMTMwMTE4WjAzMTEwLwYDVQQD
Eyg5Y2RkNDM0ZjFmNjI3YTFlYTVkODk1ODExYTJmYTc3NjNjZjliZTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/DLVzLI6sU5PDtCmtP39wctHkvw
idOE7LqEdMfbURngGpzRxUxpxXLYkxbT3l6KcN6hcfUVnEz7dp+sPbB1FqbWiUoV
XS6hWW2UGsDw/L/1VGld48mZ6KjLXCXW9d8A3OT0tiqrxx/taJsYMOVKCpyjeoMa
CyTl15OmrLsEHq3WcqHr7Z0p/yElHdocHzTAonoIKPTvh4eS7e5Ef8LmgMJSROho
d6sivLNYZaNaot/Cmu4S/jYVpSorpm+N4mb+TTlo9ZdNgpFFPBZ/vfMrUJmIpofa
Qe2oMFyjpaRWOjjACAK++q2OQCXvkzXxeFspDOQoHSorj8ErPoOurvZxWwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJzdQ08fYnoepdiVgRovp3Y8+b4yMB8GA1UdIwQY
MBaAFCIUIJ4pOPFtylk1cB+mhtkPw3ueMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWhRZ25pazQ4VzNLV1RWd0g2YUcyUV9EZTU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi85ZjQ2YzAtOTBiZS00MWNjLWFkNWQt
NGFkZDM5M2E3MjNlLzEvSWhRZ25pazQ4VzNLV1RWd0g2YUcyUV9EZTU0Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi85ZjQ2YzAtOTBiZS00MWNjLWFkNWQtNGFkZDM5M2E3MjNl
LzEvSWhRZ25pazQ4VzNLV1RWd0g2YUcyUV9EZTU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAO5uSROOi
v5x6pId1ymN8hopMG0qlksD0j4j3igxBY+ehRPorTjIpvFsywaELt3IFzuOrx+iN
PtFEudRjYnu/pBOK9p4Eq/Sb8lraKEnrcIFoY12OkgQ4ZPh7mGu/12zkwyjS/G5t
0fqhVW+2hhdbknPjTwr4EbYNd4ICwBlh7VHPvXWjQpD6+6BOLexHRARKxGt07MoH
KVvXEi7ff/2t1F/K3T4YlhH36UkSNO4BSn5agn37iIIb4W6Uc6t0cqFBAcFcaIQU
yjBjX8E4ihj5XgeP6P8yut9lsY2FjInAG0nZlHXBBvMUqXa1Ew61UKw8uoxST5y8
qTEh5Kv1Hc1Oqw==
-----END CERTIFICATE-----