Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
File:                     OpzyvclyZDBARldYsyWap8kubhw.mft (raw, json)
Hash identifier:          hTI3U+m72FMuz7kdRv+WdthGPyeTB7hUWpqhk0t6HM8=
Subject key identifier:   95:92:98:F8:06:18:61:1C:85:CE:5F:BF:E1:2F:4F:31:4E:C6:01:95
Authority key identifier: 3A:9C:F2:BD:C9:72:64:30:40:46:57:58:B3:25:9A:A7:C9:2E:6E:1C
Certificate issuer:       /CN=3a9cf2bdc972643040465758b3259aa7c92e6e1c
Certificate serial:       019A0411F94FD6EBEAA3E2EDC78DFF5F679E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
Manifest number:          16E1
Signing time:             Tue 21 Oct 2025 00:01:18 +0000
Manifest this update:     Tue 21 Oct 2025 00:01:18 +0000
Manifest next update:     Wed 22 Oct 2025 00:01:18 +0000
Files and hashes:         1: OpzyvclyZDBARldYsyWap8kubhw.crl (hash: JeCF8yV7GgGyu6iCvzlp28TSG/BdMXGMOYpjI90x8uo=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 00:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:04:11:f9:4f:d6:eb:ea:a3:e2:ed:c7:8d:ff:5f:67:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a9cf2bdc972643040465758b3259aa7c92e6e1c
        Validity
            Not Before: Oct 21 00:01:18 2025 GMT
            Not After : Oct 22 00:01:18 2025 GMT
        Subject: CN=959298f80618611c85ce5fbfe12f4f314ec60195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c6:f7:b7:be:42:7d:60:88:0a:3b:dc:fe:37:
                    40:2e:b8:df:a3:73:c4:c8:96:2d:85:d1:53:b4:c4:
                    45:34:61:29:f5:ea:ff:ec:60:eb:a7:5a:0b:5e:81:
                    f4:59:2d:1d:e9:c2:6e:61:69:a8:9c:dd:a6:ed:c6:
                    29:b4:d9:9b:4b:6d:d6:04:48:f0:80:52:8c:6d:7b:
                    bd:c0:e9:75:89:01:50:c8:cc:65:01:bb:c1:fe:66:
                    8f:5d:55:be:b4:8b:ee:63:d0:36:87:65:c1:85:ff:
                    a2:8c:a6:9d:99:ce:e5:c2:a8:35:d1:49:90:ae:34:
                    b1:29:8c:7a:42:c0:bd:75:2c:6d:b7:36:89:66:8b:
                    0f:ce:0e:2e:04:cc:12:63:21:a6:41:f2:72:65:b8:
                    21:1a:25:79:e2:1b:1a:67:45:6a:ab:79:c1:b6:9f:
                    13:9b:da:14:ac:f4:6a:de:9c:41:a6:39:a6:86:ac:
                    5d:90:9e:d8:ad:61:df:23:a2:fe:e6:6f:0e:7e:90:
                    d2:da:fd:a1:3f:84:4e:25:cd:16:5e:a2:77:0e:cf:
                    f5:79:29:3d:9f:47:19:67:41:41:ce:b2:9d:7f:a0:
                    3c:c2:4e:33:d4:d0:d4:04:6b:d2:e9:ab:3c:e3:9e:
                    b3:75:48:c0:ec:0e:29:b6:28:94:16:7b:13:ab:fd:
                    51:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:92:98:F8:06:18:61:1C:85:CE:5F:BF:E1:2F:4F:31:4E:C6:01:95
            X509v3 Authority Key Identifier:
                keyid:3A:9C:F2:BD:C9:72:64:30:40:46:57:58:B3:25:9A:A7:C9:2E:6E:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         86:28:e5:0c:b0:da:71:a0:45:15:f6:f2:26:9f:f6:78:d9:0f:
         27:9f:4c:db:0c:86:11:1e:81:a4:69:a3:22:f7:ae:8a:d8:b6:
         d6:79:f7:a1:67:28:db:95:a7:13:f4:07:4b:96:25:fc:b0:c9:
         48:19:d5:5a:80:a4:69:48:dd:2b:2e:12:d4:56:1f:92:5f:ea:
         36:d9:40:6e:82:e2:60:2b:c6:92:27:93:9c:fb:ca:03:f2:21:
         fd:7f:e2:14:77:7c:a0:a3:29:df:f5:8c:69:5e:9f:b5:72:86:
         ef:9f:7a:3d:6b:7b:00:f2:d6:af:11:b0:60:48:95:e8:5e:05:
         93:e1:63:10:06:62:ec:04:e2:3f:d4:f3:97:8a:dd:25:95:d8:
         76:4f:ec:1c:9d:6f:ae:1b:fb:28:e4:b9:ef:4b:c4:6a:f8:11:
         e5:5e:0c:19:59:fa:9e:ab:be:5b:15:70:fd:82:21:51:86:bc:
         5a:69:98:65:e1:d3:ce:56:8a:f6:70:c8:3c:f5:e9:1d:97:a0:
         f2:0e:ad:d7:7e:79:64:7d:a0:de:31:a3:2b:ba:f2:a3:14:76:
         af:d1:7b:73:83:12:65:88:f0:d0:c2:70:52:5c:43:b4:b5:d6:
         b0:68:51:cc:82:70:65:76:ad:93:72:90:0b:3e:aa:9b:0e:ef:
         96:d5:7f:4c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZoEEflP1uvqo+Ltx43/X2eeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhOWNmMmJkYzk3MjY0MzA0MDQ2NTc1OGIzMjU5YWE3Yzky
ZTZlMWMwHhcNMjUxMDIxMDAwMTE4WhcNMjUxMDIyMDAwMTE4WjAzMTEwLwYDVQQD
Eyg5NTkyOThmODA2MTg2MTFjODVjZTVmYmZlMTJmNGYzMTRlYzYwMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cb3t75CfWCICjvc/jdALrjfo3PE
yJYthdFTtMRFNGEp9er/7GDrp1oLXoH0WS0d6cJuYWmonN2m7cYptNmbS23WBEjw
gFKMbXu9wOl1iQFQyMxlAbvB/maPXVW+tIvuY9A2h2XBhf+ijKadmc7lwqg10UmQ
rjSxKYx6QsC9dSxttzaJZosPzg4uBMwSYyGmQfJyZbghGiV54hsaZ0Vqq3nBtp8T
m9oUrPRq3pxBpjmmhqxdkJ7YrWHfI6L+5m8OfpDS2v2hP4ROJc0WXqJ3Ds/1eSk9
n0cZZ0FBzrKdf6A8wk4z1NDUBGvS6as8456zdUjA7A4ptiiUFnsTq/1RGwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJWSmPgGGGEchc5fv+EvTzFOxgGVMB8GA1UdIwQY
MBaAFDqc8r3JcmQwQEZXWLMlmqfJLm4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83MWM1NzktNTA4MC00MWZlLTg2NTMt
MDI0ZjdjNTBmNDI4LzEvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83MWM1NzktNTA4MC00MWZlLTg2NTMtMDI0ZjdjNTBmNDI4
LzEvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAhijlDLDa
caBFFfbyJp/2eNkPJ59M2wyGER6BpGmjIveuiti21nn3oWco25WnE/QHS5Yl/LDJ
SBnVWoCkaUjdKy4S1FYfkl/qNtlAboLiYCvGkieTnPvKA/Ih/X/iFHd8oKMp3/WM
aV6ftXKG7596PWt7APLWrxGwYEiV6F4Fk+FjEAZi7ATiP9Tzl4rdJZXYdk/sHJ1v
rhv7KOS570vEavgR5V4MGVn6nqu+WxVw/YIhUYa8WmmYZeHTzlaK9nDIPPXpHZeg
8g6t1355ZH2g3jGjK7ryoxR2r9F7c4MSZYjw0MJwUlxDtLXWsGhRzIJwZXatk3KQ
Cz6qmw7vltV/TA==
-----END CERTIFICATE-----