Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          Qj8jUuAWKf6806aGGphIsKIwN4pyWYekSSJ6EzZMYA0=
Subject key identifier:   1E:06:07:9D:70:22:70:FB:4E:E4:98:DA:01:C7:B9:52:D7:E9:93:EF
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       01969D50C21DA951FD4D371D214AFD0D1B7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          03B0
Signing time:             Sun 04 May 2025 22:00:37 +0000
Manifest this update:     Sun 04 May 2025 22:00:37 +0000
Manifest next update:     Mon 05 May 2025 22:00:37 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: hlmUE8ZXafvldw5wGQZ8gAqZ269n6WK+qp3Kr8zKU5A=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9d:50:c2:1d:a9:51:fd:4d:37:1d:21:4a:fd:0d:1b:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: May  4 22:00:37 2025 GMT
            Not After : May  5 22:00:37 2025 GMT
        Subject: CN=1e06079d702270fb4ee498da01c7b952d7e993ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b6:2d:1f:44:38:6b:1d:7e:37:06:eb:6e:a9:
                    df:ee:84:3d:4d:8c:5e:16:fd:e1:ce:57:2a:5b:d0:
                    33:9a:5e:d3:e5:e8:c5:69:82:0d:1d:3e:82:86:17:
                    e5:83:49:98:69:46:cd:de:41:6a:4e:03:84:fe:d5:
                    4e:6b:01:f4:2b:10:6e:46:71:db:19:98:a8:2e:4b:
                    94:7f:66:65:70:a3:bc:de:a2:ee:95:ee:4f:e8:aa:
                    a9:07:0b:a5:fb:af:30:ce:c4:e7:6d:a4:44:fe:42:
                    da:6a:ce:f8:e7:ea:15:d8:08:e6:e2:38:0e:54:a7:
                    f7:c0:4e:0a:18:5a:c7:e2:fd:71:dc:0b:16:e5:c5:
                    4c:5a:7a:0c:10:3a:ab:00:57:ea:78:ed:ac:92:f1:
                    00:62:8a:2c:76:4f:56:60:1e:3a:b9:a3:1f:dd:3c:
                    48:35:86:45:2d:7b:87:af:c5:d6:f6:85:b2:d5:6a:
                    e7:8b:ad:58:5b:d8:1f:d2:15:cf:74:d5:8e:f8:14:
                    1f:2d:19:7c:2a:d8:f4:8e:c0:5f:b4:87:be:79:41:
                    f2:16:46:83:55:04:78:66:1e:20:35:d4:90:88:60:
                    4b:95:93:3d:c0:fd:25:d2:46:4e:7f:24:df:6d:8b:
                    1d:9c:2e:2b:65:f7:6e:91:cf:81:77:21:10:60:f8:
                    f3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:06:07:9D:70:22:70:FB:4E:E4:98:DA:01:C7:B9:52:D7:E9:93:EF
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         34:5c:82:59:81:15:5f:35:a2:4a:a6:93:27:2d:aa:f5:ca:fc:
         3c:52:17:97:d7:41:f4:d2:33:0e:95:86:a0:c5:4a:d3:ff:38:
         68:99:d0:9c:93:83:69:99:bf:f4:00:24:b5:60:97:5a:4d:9d:
         e1:a4:e8:d1:fc:eb:c0:00:6c:1c:41:d0:75:0b:5c:28:eb:89:
         bc:b9:d8:b5:7d:4d:20:ee:0d:4a:85:2b:0b:d7:14:dd:4d:c3:
         13:5b:cf:cb:ba:07:02:35:c6:c2:d1:27:57:a6:bd:cb:db:41:
         65:20:6f:0b:b0:e6:ec:ec:bd:2b:5a:e4:72:22:62:39:23:da:
         1a:99:d2:cb:97:73:59:f5:a6:8e:04:6f:28:f6:81:12:46:cb:
         2b:be:17:e3:61:2b:2a:9c:1d:95:03:5c:a4:90:7b:45:df:ff:
         e4:03:1d:d7:54:60:23:c3:11:51:18:d2:cc:db:21:30:ce:84:
         37:a3:e3:09:db:ec:9e:0b:67:f2:b7:23:e8:2e:a5:b2:bb:e7:
         04:70:f8:f3:2d:33:d6:97:81:f7:0d:d7:27:14:19:b0:27:70:
         3c:f4:76:5b:da:89:a1:db:ca:b1:f3:d7:d5:d2:83:a5:cb:92:
         4b:ad:32:3d:3d:dc:66:c2:44:19:e6:06:5d:c8:3f:24:e3:20:
         52:d6:26:b6
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZadUMIdqVH9TTcdIUr9DRt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwNTA0MjIwMDM3WhcNMjUwNTA1MjIwMDM3WjAzMTEwLwYDVQQD
EygxZTA2MDc5ZDcwMjI3MGZiNGVlNDk4ZGEwMWM3Yjk1MmQ3ZTk5M2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rYtH0Q4ax1+Nwbrbqnf7oQ9TYxe
Fv3hzlcqW9Azml7T5ejFaYINHT6Chhflg0mYaUbN3kFqTgOE/tVOawH0KxBuRnHb
GZioLkuUf2ZlcKO83qLule5P6KqpBwul+68wzsTnbaRE/kLaas745+oV2Ajm4jgO
VKf3wE4KGFrH4v1x3AsW5cVMWnoMEDqrAFfqeO2skvEAYoosdk9WYB46uaMf3TxI
NYZFLXuHr8XW9oWy1Wrni61YW9gf0hXPdNWO+BQfLRl8Ktj0jsBftIe+eUHyFkaD
VQR4Zh4gNdSQiGBLlZM9wP0l0kZOfyTfbYsdnC4rZfdukc+BdyEQYPjzZwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFB4GB51wInD7TuSY2gHHuVLX6ZPvMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEANFyCWYEV
XzWiSqaTJy2q9cr8PFIXl9dB9NIzDpWGoMVK0/84aJnQnJODaZm/9AAktWCXWk2d
4aTo0fzrwABsHEHQdQtcKOuJvLnYtX1NIO4NSoUrC9cU3U3DE1vPy7oHAjXGwtEn
V6a9y9tBZSBvC7Dm7Oy9K1rkciJiOSPaGpnSy5dzWfWmjgRvKPaBEkbLK74X42Er
KpwdlQNcpJB7Rd//5AMd11RgI8MRURjSzNshMM6EN6PjCdvsngtn8rcj6C6lsrvn
BHD48y0z1peB9w3XJxQZsCdwPPR2W9qJodvKsfPX1dKDpcuSS60yPT3cZsJEGeYG
Xcg/JOMgUtYmtg==
-----END CERTIFICATE-----