Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          KumGEK6HQFeoN6hGDbeqEAvlwfQQVWAlQFgv2LCf6ss=
Subject key identifier:   BF:CE:6B:7A:17:F1:F5:B5:95:D4:EA:B7:31:95:6F:55:4C:0D:37:07
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       0198D515B6D94ED86237B66376E9F3A8AF60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          04D6
Signing time:             Sat 23 Aug 2025 04:00:26 +0000
Manifest this update:     Sat 23 Aug 2025 04:00:26 +0000
Manifest next update:     Sun 24 Aug 2025 04:00:26 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: aK/3Ff3iKL6iLg7ClXuiXQ0I+w5CDv1NBkMOP6BsF6E=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d5:15:b6:d9:4e:d8:62:37:b6:63:76:e9:f3:a8:af:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Aug 23 04:00:26 2025 GMT
            Not After : Aug 24 04:00:26 2025 GMT
        Subject: CN=bfce6b7a17f1f5b595d4eab731956f554c0d3707
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:0c:ea:dc:db:32:bb:c9:84:f6:36:44:d2:ed:
                    2c:3a:98:a1:e2:31:6a:b6:89:90:54:ae:d8:cf:db:
                    f2:4c:65:a8:92:c0:df:f5:dd:f2:b3:b7:82:15:49:
                    44:a4:79:5c:79:ee:d3:d8:df:fd:6a:94:84:e9:5f:
                    b5:cd:13:04:62:7e:d6:db:f3:23:ab:64:9a:c1:37:
                    9b:c7:22:a0:8f:f0:c3:97:1c:e7:38:1f:bd:d5:aa:
                    ef:65:0c:65:42:5b:b3:4a:db:cb:bd:62:55:3f:56:
                    cc:63:60:ce:0a:0d:d0:3f:45:3e:d2:a6:48:b5:77:
                    24:d7:7d:67:f7:79:e0:65:2a:88:51:1a:43:74:89:
                    1a:be:3a:e6:6e:f6:9e:43:a1:c4:ef:9e:cc:9b:51:
                    33:dd:86:62:4e:e7:ea:ce:f6:06:fc:7b:a3:03:d5:
                    81:46:02:c4:c9:14:ee:4e:54:6c:fb:a1:c6:f5:39:
                    a0:4d:7d:11:10:0a:2b:2d:fc:75:f0:ae:12:6b:05:
                    d6:22:dd:84:fe:cf:5d:5f:f2:1d:52:52:0d:6b:b4:
                    a1:a9:ca:06:8b:ce:58:6a:7a:56:b6:9c:e6:f4:b3:
                    fc:a8:76:2a:43:93:76:89:f2:17:8f:8f:38:bd:3a:
                    14:22:40:e2:58:b2:36:46:6c:c2:6d:7c:9b:00:2e:
                    0b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:CE:6B:7A:17:F1:F5:B5:95:D4:EA:B7:31:95:6F:55:4C:0D:37:07
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         a0:7a:e1:7f:fc:67:98:5e:03:56:d5:51:88:c6:b7:7a:8e:06:
         ef:b2:85:90:67:58:c1:72:3f:15:87:24:64:5b:4f:21:08:e9:
         d9:88:a6:6c:b7:13:b1:49:16:ec:d9:a6:ab:60:0b:d0:c6:15:
         86:ae:b0:ef:ca:d6:88:40:67:f8:61:7c:c0:5a:31:b2:93:24:
         19:7f:63:a7:27:19:9c:1c:b5:d3:ea:7d:26:04:69:36:00:89:
         4f:59:69:38:09:9c:c3:78:df:62:7e:b2:db:88:d3:1d:b1:9f:
         d4:85:bb:f0:f1:87:56:2f:9b:2d:76:5f:43:3a:c9:53:5a:25:
         c0:8b:4e:07:87:e0:82:70:db:ad:5b:59:9d:f5:b8:6d:07:dd:
         59:90:a0:71:2d:9d:84:6e:0d:8d:89:c8:5c:8a:04:2a:3c:2d:
         31:9e:5e:39:c1:c5:72:5c:50:b4:f4:42:62:59:f8:2c:2d:3b:
         45:ac:9d:1b:09:ee:5b:b5:06:97:9f:9a:b3:6f:7b:52:3c:8b:
         0f:23:db:a1:cd:16:c5:c5:e5:b8:97:a2:17:1a:a0:21:cd:f0:
         99:7e:07:f2:59:c7:67:68:3c:82:05:4f:ff:73:f4:9c:72:1a:
         55:65:1d:05:79:07:8d:7e:89:79:65:ea:a9:81:2b:d7:bd:b6:
         53:85:31:f5
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZjVFbbZTthiN7ZjdunzqK9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwODIzMDQwMDI2WhcNMjUwODI0MDQwMDI2WjAzMTEwLwYDVQQD
EyhiZmNlNmI3YTE3ZjFmNWI1OTVkNGVhYjczMTk1NmY1NTRjMGQzNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Azq3Nsyu8mE9jZE0u0sOpih4jFq
tomQVK7Yz9vyTGWoksDf9d3ys7eCFUlEpHlcee7T2N/9apSE6V+1zRMEYn7W2/Mj
q2SawTebxyKgj/DDlxznOB+91arvZQxlQluzStvLvWJVP1bMY2DOCg3QP0U+0qZI
tXck131n93ngZSqIURpDdIkavjrmbvaeQ6HE757Mm1Ez3YZiTufqzvYG/HujA9WB
RgLEyRTuTlRs+6HG9TmgTX0REAorLfx18K4SawXWIt2E/s9dX/IdUlINa7ShqcoG
i85YanpWtpzm9LP8qHYqQ5N2ifIXj484vToUIkDiWLI2RmzCbXybAC4LNwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFL/Oa3oX8fW1ldTqtzGVb1VMDTcHMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAoHrhf/xn
mF4DVtVRiMa3eo4G77KFkGdYwXI/FYckZFtPIQjp2YimbLcTsUkW7Nmmq2AL0MYV
hq6w78rWiEBn+GF8wFoxspMkGX9jpycZnBy10+p9JgRpNgCJT1lpOAmcw3jfYn6y
24jTHbGf1IW78PGHVi+bLXZfQzrJU1olwItOB4fggnDbrVtZnfW4bQfdWZCgcS2d
hG4NjYnIXIoEKjwtMZ5eOcHFclxQtPRCYln4LC07RaydGwnuW7UGl5+as297UjyL
DyPboc0WxcXluJeiFxqgIc3wmX4H8lnHZ2g8ggVP/3P0nHIaVWUdBXkHjX6JeWXq
qYEr1722U4Ux9Q==
-----END CERTIFICATE-----