Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
File:                     cl3CBR5_PY1hf1UYng7m8xdNkto.mft (raw, json)
Hash identifier:          QJnz2IYc6tYgJVvw1QEd2r533A2lnjImOIZVL7J48Qw=
Subject key identifier:   8D:9B:06:C3:7D:A1:E3:E4:9B:F8:6F:76:7C:DB:CC:A4:A1:92:2E:F1
Authority key identifier: 72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA
Certificate issuer:       /CN=725dc2051e7f3d8d617f55189e0ee6f3174d92da
Certificate serial:       0199FC58CBB91DF2A0C4EC25CEB14638E7CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
Manifest number:          0407
Signing time:             Sun 19 Oct 2025 12:01:41 +0000
Manifest this update:     Sun 19 Oct 2025 12:01:41 +0000
Manifest next update:     Mon 20 Oct 2025 12:01:41 +0000
Files and hashes:         1: cl3CBR5_PY1hf1UYng7m8xdNkto.crl (hash: WuK5T/Nt9lhPExCQl6wohQZn8gAtqLFwDHWjWWiZeSg=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:58:cb:b9:1d:f2:a0:c4:ec:25:ce:b1:46:38:e7:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=725dc2051e7f3d8d617f55189e0ee6f3174d92da
        Validity
            Not Before: Oct 19 12:01:41 2025 GMT
            Not After : Oct 20 12:01:41 2025 GMT
        Subject: CN=8d9b06c37da1e3e49bf86f767cdbcca4a1922ef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:0e:03:2e:fc:79:27:29:ea:26:15:b8:d3:4c:
                    42:02:15:df:a3:cd:09:52:90:37:f1:f6:a3:4e:eb:
                    23:8e:d5:19:09:d4:a8:56:68:8b:51:eb:72:69:56:
                    07:ff:27:53:9a:46:22:8b:01:9e:28:4b:97:91:99:
                    b1:59:b3:bc:ed:f4:47:de:4c:31:1f:a0:b3:79:29:
                    03:a3:6e:5c:ba:49:36:9d:c6:06:4e:b5:c9:92:08:
                    57:84:18:49:ff:33:ff:aa:9c:5d:46:e7:8b:15:e4:
                    df:3e:98:d7:92:ab:64:55:60:e3:96:d5:55:5a:0c:
                    67:5f:92:1b:70:8a:45:73:5c:3e:53:38:70:3b:fc:
                    a7:c1:3c:16:9f:94:76:9c:83:56:06:6a:9a:63:6b:
                    0e:86:22:b0:e8:26:5b:9a:da:3c:da:29:98:4a:7c:
                    81:e2:89:a1:98:5e:7d:11:02:ef:ab:e5:02:8f:fc:
                    47:ad:15:71:21:f8:15:67:d2:23:bd:32:ce:f3:29:
                    41:3d:37:70:b1:b6:4d:79:5b:d2:06:8d:9d:84:12:
                    be:e7:3c:ec:79:be:a9:7a:b2:f6:19:1b:3d:fd:b1:
                    12:90:94:3f:86:6b:1f:51:4f:a6:93:d2:23:9a:01:
                    29:2c:9b:a2:1c:a8:e1:01:80:cd:3a:0b:2f:04:2d:
                    54:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:9B:06:C3:7D:A1:E3:E4:9B:F8:6F:76:7C:DB:CC:A4:A1:92:2E:F1
            X509v3 Authority Key Identifier:
                keyid:72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         86:25:d3:87:4f:eb:ad:9d:2b:39:bd:4f:3c:fd:d3:11:76:b5:
         cd:a0:6f:c1:1f:79:1c:50:ef:9a:6d:2e:fb:86:70:bc:c9:55:
         a2:09:3c:27:19:09:9c:65:00:1d:6e:36:e2:a2:a8:84:6b:29:
         42:54:7d:cc:32:dd:31:8b:bb:64:c2:5d:0e:29:6f:fc:1e:a2:
         c2:a1:b1:07:79:44:45:30:bf:c2:4e:38:ea:f6:ec:d9:79:f1:
         0e:ba:28:cf:8f:c1:bb:33:55:4b:b9:73:5a:45:9d:56:d4:55:
         0e:49:c0:59:5e:d1:79:0c:82:03:fe:b5:d9:86:91:d2:df:9d:
         b9:bd:6b:0d:6a:26:95:c5:c7:95:f2:2b:00:16:18:17:d6:64:
         d2:05:8c:97:3b:44:b3:7b:bb:17:6b:55:79:4b:7a:17:cd:c7:
         96:3c:96:66:4f:46:72:a9:c6:74:af:12:4a:61:e4:92:53:fb:
         bb:2c:39:38:66:b7:ab:8d:f9:1f:fd:7d:f1:4a:0f:89:a0:1e:
         e4:be:8b:bf:c6:92:28:7e:bd:c9:21:5a:b9:4a:c0:13:a5:14:
         f7:16:dd:a2:28:bf:9d:37:fc:72:38:e1:aa:b8:a5:bc:b7:3e:
         a3:d8:87:cb:d6:4d:fb:dc:10:c8:ee:43:62:de:24:79:70:79:
         2c:58:2e:79
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn8WMu5HfKgxOwlzrFGOOfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNWRjMjA1MWU3ZjNkOGQ2MTdmNTUxODllMGVlNmYzMTc0
ZDkyZGEwHhcNMjUxMDE5MTIwMTQxWhcNMjUxMDIwMTIwMTQxWjAzMTEwLwYDVQQD
Eyg4ZDliMDZjMzdkYTFlM2U0OWJmODZmNzY3Y2RiY2NhNGExOTIyZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQ4DLvx5JynqJhW400xCAhXfo80J
UpA38fajTusjjtUZCdSoVmiLUetyaVYH/ydTmkYiiwGeKEuXkZmxWbO87fRH3kwx
H6CzeSkDo25cukk2ncYGTrXJkghXhBhJ/zP/qpxdRueLFeTfPpjXkqtkVWDjltVV
WgxnX5IbcIpFc1w+UzhwO/ynwTwWn5R2nINWBmqaY2sOhiKw6CZbmto82imYSnyB
4omhmF59EQLvq+UCj/xHrRVxIfgVZ9IjvTLO8ylBPTdwsbZNeVvSBo2dhBK+5zzs
eb6perL2GRs9/bESkJQ/hmsfUU+mk9IjmgEpLJuiHKjhAYDNOgsvBC1USwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFI2bBsN9oePkm/hvdnzbzKShki7xMB8GA1UdIwQY
MBaAFHJdwgUefz2NYX9VGJ4O5vMXTZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2wzQ0JSNV9QWTFoZjFVWW5nN204eGROa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ODQxMTEtNmY3Yy00ZTY5LTk0Yzkt
ZmYwZjUyNjMzNTI3LzEvY2wzQ0JSNV9QWTFoZjFVWW5nN204eGROa3RvLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ODQxMTEtNmY3Yy00ZTY5LTk0YzktZmYwZjUyNjMzNTI3
LzEvY2wzQ0JSNV9QWTFoZjFVWW5nN204eGROa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAhiXTh0/r
rZ0rOb1PPP3TEXa1zaBvwR95HFDvmm0u+4ZwvMlVogk8JxkJnGUAHW424qKohGsp
QlR9zDLdMYu7ZMJdDilv/B6iwqGxB3lERTC/wk446vbs2XnxDrooz4/BuzNVS7lz
WkWdVtRVDknAWV7ReQyCA/612YaR0t+dub1rDWomlcXHlfIrABYYF9Zk0gWMlztE
s3u7F2tVeUt6F83HljyWZk9GcqnGdK8SSmHkklP7uyw5OGa3q435H/198UoPiaAe
5L6Lv8aSKH69ySFauUrAE6UU9xbdoii/nTf8cjjhqrilvLc+o9iHy9ZN+9wQyO5D
Yt4keXB5LFgueQ==
-----END CERTIFICATE-----