Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/8ebec2-449f-43d7-888f-0ad8306dc355/1/3o4Hg5SzQMHO5Hn55hOh69KzaG0.mft
File:                     3o4Hg5SzQMHO5Hn55hOh69KzaG0.mft (raw, json)
Hash identifier:          w5w5gYWJacbcPXqF9+/CoJHAWwM1iysSCvLqElZhPFQ=
Subject key identifier:   44:CF:4C:4D:68:09:61:DC:CB:28:B0:81:85:12:D6:79:57:BC:FC:5B
Authority key identifier: DE:8E:07:83:94:B3:40:C1:CE:E4:79:F9:E6:13:A1:EB:D2:B3:68:6D
Certificate issuer:       /CN=de8e078394b340c1cee479f9e613a1ebd2b3686d
Certificate serial:       0199FD3451B5A7A3C53871E079EA10620108
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3o4Hg5SzQMHO5Hn55hOh69KzaG0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/8ebec2-449f-43d7-888f-0ad8306dc355/1/3o4Hg5SzQMHO5Hn55hOh69KzaG0.mft
Manifest number:          0137
Signing time:             Sun 19 Oct 2025 16:01:28 +0000
Manifest this update:     Sun 19 Oct 2025 16:01:28 +0000
Manifest next update:     Mon 20 Oct 2025 16:01:28 +0000
Files and hashes:         1: 3o4Hg5SzQMHO5Hn55hOh69KzaG0.crl (hash: oXxvPTVWUmcF+McyYPVaa2y1dFB0wxaiM5P12w8xjps=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/8ebec2-449f-43d7-888f-0ad8306dc355/1/3o4Hg5SzQMHO5Hn55hOh69KzaG0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/8ebec2-449f-43d7-888f-0ad8306dc355/1/3o4Hg5SzQMHO5Hn55hOh69KzaG0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3o4Hg5SzQMHO5Hn55hOh69KzaG0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:34:51:b5:a7:a3:c5:38:71:e0:79:ea:10:62:01:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de8e078394b340c1cee479f9e613a1ebd2b3686d
        Validity
            Not Before: Oct 19 16:01:28 2025 GMT
            Not After : Oct 20 16:01:28 2025 GMT
        Subject: CN=44cf4c4d680961dccb28b0818512d67957bcfc5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b7:a1:1a:4a:4c:c9:ac:fa:51:2f:72:50:e1:
                    fd:84:e6:a7:99:b2:73:eb:49:87:b1:e7:22:50:60:
                    8b:a6:82:8c:52:e6:c1:57:23:a6:a9:aa:14:80:0f:
                    fa:5f:e3:be:81:fb:c3:26:fe:30:3f:80:47:af:60:
                    02:86:43:10:49:67:53:72:7f:e0:72:96:49:ef:0d:
                    21:d0:c7:7a:c3:a2:b5:15:1a:37:60:c7:4c:2b:7a:
                    a4:f4:49:a2:b3:f7:3a:11:2f:dc:74:53:18:9d:18:
                    c9:26:80:82:1d:1c:16:9c:c4:e2:b8:00:03:ca:35:
                    29:f7:b6:ae:dc:dc:71:39:8d:46:7f:79:8c:c1:4c:
                    a4:cd:c0:fb:33:09:ed:70:a2:86:1e:2f:23:b7:06:
                    85:87:ae:d0:3c:09:80:9d:89:45:2b:2d:d7:09:b5:
                    4c:d3:b4:ed:ea:6f:d5:41:1f:33:5a:2e:57:4d:f1:
                    d8:51:26:e8:38:a1:9e:65:44:c6:ca:f8:85:a9:c3:
                    c6:dc:23:c6:c9:86:79:4b:bd:07:14:03:00:7c:5a:
                    19:5a:aa:f1:aa:80:46:b9:22:43:b4:90:40:9b:f0:
                    52:f9:d5:65:87:9b:6c:99:14:63:4c:c6:ab:63:2d:
                    e9:b7:fb:a7:97:66:9c:73:c0:8d:47:a1:0b:06:76:
                    0e:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:CF:4C:4D:68:09:61:DC:CB:28:B0:81:85:12:D6:79:57:BC:FC:5B
            X509v3 Authority Key Identifier:
                keyid:DE:8E:07:83:94:B3:40:C1:CE:E4:79:F9:E6:13:A1:EB:D2:B3:68:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3o4Hg5SzQMHO5Hn55hOh69KzaG0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/8ebec2-449f-43d7-888f-0ad8306dc355/1/3o4Hg5SzQMHO5Hn55hOh69KzaG0.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/8ebec2-449f-43d7-888f-0ad8306dc355/1/3o4Hg5SzQMHO5Hn55hOh69KzaG0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a2:bb:95:22:c3:83:08:4f:48:55:d7:c4:51:1f:6f:0a:03:b5:
         2d:8f:05:aa:6e:49:80:f8:8d:4a:12:32:75:cc:48:95:36:c5:
         f2:85:14:05:f8:80:ba:c4:83:fb:96:f4:f9:23:6c:90:26:33:
         4f:ae:03:56:45:a8:07:38:cd:95:44:6c:db:ac:b9:ae:f4:9c:
         f1:b4:b2:56:fc:a7:82:61:dc:fa:9a:1e:8f:a8:de:dd:bd:68:
         96:6e:13:43:f0:3c:9d:66:1b:17:7d:89:df:34:72:62:94:e5:
         7d:ce:61:71:0e:d4:65:40:a8:a7:77:eb:35:3b:39:f3:57:33:
         5f:51:18:a3:3f:28:ab:32:57:16:7b:28:5c:3d:d8:12:f9:0e:
         47:12:dc:e2:14:a9:9a:c7:2f:cb:8f:44:c4:3a:e6:99:7e:92:
         f2:80:89:d5:b5:47:b8:bf:d0:0b:e5:fe:ec:7c:11:9a:15:85:
         07:ae:db:3e:1d:f1:8a:f6:74:a7:95:16:dd:5c:01:37:4e:03:
         69:fb:58:07:e3:c1:e9:24:fa:ce:27:6f:23:ca:3c:fa:62:bb:
         40:0a:34:a6:d5:d4:b3:41:62:c8:f1:80:08:ba:cc:20:2c:97:
         45:19:4f:53:7e:d9:46:96:58:8d:74:a4:d6:d5:fe:45:9f:85:
         5a:46:70:da
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn9NFG1p6PFOHHgeeoQYgEIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlOGUwNzgzOTRiMzQwYzFjZWU0NzlmOWU2MTNhMWViZDJi
MzY4NmQwHhcNMjUxMDE5MTYwMTI4WhcNMjUxMDIwMTYwMTI4WjAzMTEwLwYDVQQD
Eyg0NGNmNGM0ZDY4MDk2MWRjY2IyOGIwODE4NTEyZDY3OTU3YmNmYzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LehGkpMyaz6US9yUOH9hOanmbJz
60mHseciUGCLpoKMUubBVyOmqaoUgA/6X+O+gfvDJv4wP4BHr2AChkMQSWdTcn/g
cpZJ7w0h0Md6w6K1FRo3YMdMK3qk9Emis/c6ES/cdFMYnRjJJoCCHRwWnMTiuAAD
yjUp97au3NxxOY1Gf3mMwUykzcD7MwntcKKGHi8jtwaFh67QPAmAnYlFKy3XCbVM
07Tt6m/VQR8zWi5XTfHYUSboOKGeZUTGyviFqcPG3CPGyYZ5S70HFAMAfFoZWqrx
qoBGuSJDtJBAm/BS+dVlh5tsmRRjTMarYy3pt/unl2acc8CNR6ELBnYO2QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFETPTE1oCWHcyyiwgYUS1nlXvPxbMB8GA1UdIwQY
MBaAFN6OB4OUs0DBzuR5+eYToevSs2htMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM280SGc1U3pRTUhPNUhuNTVoT2g2OUt6YUcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS84ZWJlYzItNDQ5Zi00M2Q3LTg4OGYt
MGFkODMwNmRjMzU1LzEvM280SGc1U3pRTUhPNUhuNTVoT2g2OUt6YUcwLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS84ZWJlYzItNDQ5Zi00M2Q3LTg4OGYtMGFkODMwNmRjMzU1
LzEvM280SGc1U3pRTUhPNUhuNTVoT2g2OUt6YUcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAoruVIsOD
CE9IVdfEUR9vCgO1LY8Fqm5JgPiNShIydcxIlTbF8oUUBfiAusSD+5b0+SNskCYz
T64DVkWoBzjNlURs26y5rvSc8bSyVvyngmHc+poej6je3b1olm4TQ/A8nWYbF32J
3zRyYpTlfc5hcQ7UZUCop3frNTs581czX1EYoz8oqzJXFnsoXD3YEvkORxLc4hSp
mscvy49ExDrmmX6S8oCJ1bVHuL/QC+X+7HwRmhWFB67bPh3xivZ0p5UW3VwBN04D
aftYB+PB6ST6zidvI8o8+mK7QAo0ptXUs0FiyPGACLrMICyXRRlPU37ZRpZYjXSk
1tX+RZ+FWkZw2g==
-----END CERTIFICATE-----