Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
File:                     OpzyvclyZDBARldYsyWap8kubhw.mft (raw, json)
Hash identifier:          BnslxxuC3/3ZtlMA5uGbGyzGCWMyEdok3F3yGUeShWg=
Subject key identifier:   1E:65:36:68:E2:3B:14:D5:F2:81:FD:A6:87:5F:D1:2A:32:B4:E3:FF
Authority key identifier: 3A:9C:F2:BD:C9:72:64:30:40:46:57:58:B3:25:9A:A7:C9:2E:6E:1C
Certificate issuer:       /CN=3a9cf2bdc972643040465758b3259aa7c92e6e1c
Certificate serial:       0196C3B9225D5099AB20C7C595DE742B58E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
Manifest number:          1532
Signing time:             Mon 12 May 2025 09:00:12 +0000
Manifest this update:     Mon 12 May 2025 09:00:12 +0000
Manifest next update:     Tue 13 May 2025 09:00:12 +0000
Files and hashes:         1: OpzyvclyZDBARldYsyWap8kubhw.crl (hash: MpFfoWfiwxWVpdLo8wFoIHxwl2mJei0XHVMZHn0uIC0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 09:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:b9:22:5d:50:99:ab:20:c7:c5:95:de:74:2b:58:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a9cf2bdc972643040465758b3259aa7c92e6e1c
        Validity
            Not Before: May 12 09:00:12 2025 GMT
            Not After : May 13 09:00:12 2025 GMT
        Subject: CN=1e653668e23b14d5f281fda6875fd12a32b4e3ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:93:8d:ba:cc:5d:aa:2e:6c:2c:68:6a:ba:d9:
                    7c:99:51:6e:b0:e3:35:79:71:71:9d:34:c5:32:90:
                    83:12:d5:85:8c:25:6f:18:e0:b8:7b:cd:15:ea:75:
                    48:bc:29:23:00:74:c4:eb:e5:c4:96:5b:0d:94:40:
                    a5:59:39:02:b8:c6:c5:74:08:cc:cc:8c:a1:3d:4c:
                    30:8a:b4:27:11:2c:d4:8a:98:bd:be:14:dd:e1:72:
                    54:75:a0:38:c6:7d:6c:23:e9:a0:f6:e8:b2:ce:ca:
                    09:00:32:b2:ee:ac:be:22:ea:29:09:0b:3b:68:3b:
                    89:ab:ed:df:16:73:72:d6:b6:86:0d:38:31:c8:00:
                    c1:a7:58:05:b8:15:eb:70:e1:9f:5a:71:2f:a1:56:
                    d1:c6:9b:f0:75:31:4b:7d:a0:4a:c8:9d:0a:27:20:
                    18:d8:ff:c4:b1:11:ef:86:01:73:7d:9c:54:f8:b1:
                    2a:ed:02:e0:ec:0f:85:9c:63:96:6b:72:b2:7e:f5:
                    1d:9a:f3:2c:40:52:30:20:5b:a8:29:36:47:d2:a8:
                    0e:47:33:9a:7b:5e:d1:55:6e:b3:10:d1:e8:93:b4:
                    fc:45:24:59:0c:be:d6:45:ac:c9:2c:5c:ee:24:04:
                    95:50:62:cb:95:ff:00:2d:7a:0f:3f:a1:c1:01:1a:
                    f8:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:65:36:68:E2:3B:14:D5:F2:81:FD:A6:87:5F:D1:2A:32:B4:E3:FF
            X509v3 Authority Key Identifier:
                keyid:3A:9C:F2:BD:C9:72:64:30:40:46:57:58:B3:25:9A:A7:C9:2E:6E:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OpzyvclyZDBARldYsyWap8kubhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/71c579-5080-41fe-8653-024f7c50f428/1/OpzyvclyZDBARldYsyWap8kubhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         73:12:e8:f3:18:58:c3:11:ec:b7:03:4f:ab:15:32:a9:75:4e:
         d0:20:36:13:6c:42:1b:74:98:44:3b:1e:cd:0b:98:ec:d7:89:
         ce:2b:03:96:5b:65:ad:0e:a5:20:46:a8:32:b6:fd:50:71:be:
         f6:e8:47:eb:8c:2d:01:77:5f:72:9b:56:74:d8:34:ac:9d:73:
         dc:2d:4f:ab:52:e0:87:6b:dc:82:4c:eb:e1:a8:f3:9a:cd:11:
         34:40:4c:df:80:d2:7b:80:0a:89:0e:1a:be:a1:97:31:2a:eb:
         cd:bb:47:e7:65:41:80:ea:84:97:da:86:ff:fe:4f:5b:df:9d:
         39:9f:23:33:9f:bb:84:63:2b:a9:1d:75:61:5a:e7:90:75:02:
         95:d0:12:dd:ae:75:48:66:31:25:0e:b0:39:4f:5e:88:87:ef:
         b0:ab:75:e3:9e:34:77:72:86:1b:ab:f4:ba:ca:50:da:5c:f0:
         86:50:53:ba:ca:72:d5:97:7c:29:15:f3:14:46:80:46:69:72:
         06:08:04:7b:aa:3d:e5:9e:99:f4:1d:8f:02:d1:fc:b8:c4:bd:
         8b:a6:6c:f9:eb:09:df:74:7a:7b:e7:30:6c:47:7d:ae:88:18:
         4f:d7:de:90:b1:23:4a:83:8b:43:8a:55:a5:1c:62:ef:d3:7d:
         82:c0:66:6c
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZbDuSJdUJmrIMfFld50K1jkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhOWNmMmJkYzk3MjY0MzA0MDQ2NTc1OGIzMjU5YWE3Yzky
ZTZlMWMwHhcNMjUwNTEyMDkwMDEyWhcNMjUwNTEzMDkwMDEyWjAzMTEwLwYDVQQD
EygxZTY1MzY2OGUyM2IxNGQ1ZjI4MWZkYTY4NzVmZDEyYTMyYjRlM2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pONusxdqi5sLGhqutl8mVFusOM1
eXFxnTTFMpCDEtWFjCVvGOC4e80V6nVIvCkjAHTE6+XEllsNlEClWTkCuMbFdAjM
zIyhPUwwirQnESzUipi9vhTd4XJUdaA4xn1sI+mg9uiyzsoJADKy7qy+IuopCQs7
aDuJq+3fFnNy1raGDTgxyADBp1gFuBXrcOGfWnEvoVbRxpvwdTFLfaBKyJ0KJyAY
2P/EsRHvhgFzfZxU+LEq7QLg7A+FnGOWa3KyfvUdmvMsQFIwIFuoKTZH0qgORzOa
e17RVW6zENHok7T8RSRZDL7WRazJLFzuJASVUGLLlf8ALXoPP6HBARr4dwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFB5lNmjiOxTV8oH9podf0SoytOP/MB8GA1UdIwQY
MBaAFDqc8r3JcmQwQEZXWLMlmqfJLm4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83MWM1NzktNTA4MC00MWZlLTg2NTMt
MDI0ZjdjNTBmNDI4LzEvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83MWM1NzktNTA4MC00MWZlLTg2NTMtMDI0ZjdjNTBmNDI4
LzEvT3B6eXZjbHlaREJBUmxkWXN5V2FwOGt1Ymh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAcxLo8xhY
wxHstwNPqxUyqXVO0CA2E2xCG3SYRDsezQuY7NeJzisDlltlrQ6lIEaoMrb9UHG+
9uhH64wtAXdfcptWdNg0rJ1z3C1Pq1Lgh2vcgkzr4ajzms0RNEBM34DSe4AKiQ4a
vqGXMSrrzbtH52VBgOqEl9qG//5PW9+dOZ8jM5+7hGMrqR11YVrnkHUCldAS3a51
SGYxJQ6wOU9eiIfvsKt14540d3KGG6v0uspQ2lzwhlBTuspy1Zd8KRXzFEaARmly
BggEe6o95Z6Z9B2PAtH8uMS9i6Zs+esJ33R6e+cwbEd9rogYT9fekLEjSoOLQ4pV
pRxi79N9gsBmbA==
-----END CERTIFICATE-----