Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
File:                     QHsur7H0zNuzzWzU10srM5eKC3A.mft (raw, json)
Hash identifier:          aJDuiJ3+DRdmQZwceJUlGawU7JZbv9U4ruH15PQEzCg=
Subject key identifier:   0B:2D:66:71:77:7E:34:27:D2:1E:89:BC:33:CA:6C:A9:31:8F:F0:4F
Authority key identifier: 40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70
Certificate issuer:       /CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
Certificate serial:       0199FFC8707B2752BDF2DA84501859D8C3D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
Manifest number:          16E2
Signing time:             Mon 20 Oct 2025 04:02:29 +0000
Manifest this update:     Mon 20 Oct 2025 04:02:29 +0000
Manifest next update:     Tue 21 Oct 2025 04:02:29 +0000
Files and hashes:         1: QHsur7H0zNuzzWzU10srM5eKC3A.crl (hash: qxwnUyuUgoTLQoCiQbMwsA0kbCqzy+w7bLvXEJmLA7w=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:02:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ff:c8:70:7b:27:52:bd:f2:da:84:50:18:59:d8:c3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
        Validity
            Not Before: Oct 20 04:02:29 2025 GMT
            Not After : Oct 21 04:02:29 2025 GMT
        Subject: CN=0b2d6671777e3427d21e89bc33ca6ca9318ff04f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:ab:d2:61:03:80:0d:5c:e7:e0:62:cd:b7:98:
                    5c:05:dc:1e:25:9c:48:a5:8f:fa:9b:de:0a:46:54:
                    0d:33:6c:92:7a:30:d7:dc:6c:26:6a:de:79:10:5a:
                    e4:47:76:68:c8:70:70:45:21:66:66:97:e4:91:88:
                    67:44:cb:3d:a5:1b:85:22:c7:e7:d1:c7:a4:a0:ec:
                    81:01:ff:c4:78:73:2a:c1:98:e8:c8:cb:cf:34:b5:
                    17:20:b6:3b:c9:8b:f8:f7:6d:d1:b5:38:46:20:7b:
                    6f:c4:11:ba:cf:41:38:19:26:2c:87:2b:3b:a3:77:
                    1f:e0:93:48:ce:06:d6:a0:8d:38:ef:a7:42:5b:81:
                    c9:de:87:20:4a:e9:7c:26:62:db:46:de:96:ce:2c:
                    ef:23:f0:19:80:d2:6b:3e:2c:d6:22:f0:41:2b:35:
                    d3:10:4f:fe:87:4e:fe:c0:e5:e0:69:9d:53:e5:57:
                    01:d4:90:53:e1:55:bc:a4:d5:3f:14:3a:f3:f1:6a:
                    04:b8:e2:81:84:66:83:23:dd:08:d3:21:f6:57:56:
                    96:05:05:7f:a7:47:ae:8d:76:a3:70:09:49:86:16:
                    b9:56:c6:03:aa:db:7a:44:e2:44:8f:23:20:fa:78:
                    5b:8f:58:17:ae:b7:b2:59:1a:9c:1f:fb:ec:81:c3:
                    5b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2D:66:71:77:7E:34:27:D2:1E:89:BC:33:CA:6C:A9:31:8F:F0:4F
            X509v3 Authority Key Identifier:
                keyid:40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         86:7f:0b:e8:78:16:5c:1b:a4:62:03:bf:94:23:aa:6a:23:6b:
         59:2c:b8:a2:2f:1e:15:97:04:ca:8c:2e:e2:f4:fa:cf:09:d7:
         b3:41:48:c8:b0:e7:94:93:f5:2d:11:91:c7:dc:04:c9:d8:2f:
         9f:ea:6e:6f:7d:b4:dd:79:27:84:d6:a1:a6:eb:73:22:17:34:
         6e:30:29:b7:19:13:c7:ce:ce:6d:b7:f8:9e:3f:35:26:60:db:
         de:32:29:6e:a6:f7:f8:05:92:43:73:8e:4c:7a:26:a3:91:5f:
         61:b3:87:b1:7a:fd:db:3a:2c:47:46:c0:ba:e3:86:f3:1c:fa:
         01:c3:31:d6:a6:bd:9a:f9:c0:7f:0e:7e:f2:ff:2a:67:b6:02:
         3d:02:8f:e5:91:57:24:24:3b:5a:df:6a:fa:d5:b4:11:4d:0f:
         19:35:0b:e3:35:d1:a1:45:a8:30:6f:08:74:1e:fb:0d:aa:ea:
         24:47:50:ab:75:9b:3f:f8:2e:23:38:01:df:f0:7e:e6:c9:d3:
         cd:08:d6:75:2c:2d:c2:80:75:2e:8a:1a:6f:fb:fe:f1:86:da:
         43:e0:5a:ef:54:95:1f:f5:a3:f8:37:d4:a2:51:35:2e:7c:53:
         6a:7a:af:61:97:57:1b:73:bd:b3:f1:62:fd:cc:d2:af:77:3f:
         9b:17:ec:fb
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn/yHB7J1K98tqEUBhZ2MPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2IyZWFmYjFmNGNjZGJiM2NkNmNkNGQ3NGIyYjMzOTc4
YTBiNzAwHhcNMjUxMDIwMDQwMjI5WhcNMjUxMDIxMDQwMjI5WjAzMTEwLwYDVQQD
EygwYjJkNjY3MTc3N2UzNDI3ZDIxZTg5YmMzM2NhNmNhOTMxOGZmMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qvSYQOADVzn4GLNt5hcBdweJZxI
pY/6m94KRlQNM2ySejDX3Gwmat55EFrkR3ZoyHBwRSFmZpfkkYhnRMs9pRuFIsfn
0cekoOyBAf/EeHMqwZjoyMvPNLUXILY7yYv4923RtThGIHtvxBG6z0E4GSYshys7
o3cf4JNIzgbWoI0476dCW4HJ3ocgSul8JmLbRt6WzizvI/AZgNJrPizWIvBBKzXT
EE/+h07+wOXgaZ1T5VcB1JBT4VW8pNU/FDrz8WoEuOKBhGaDI90I0yH2V1aWBQV/
p0eujXajcAlJhha5VsYDqtt6ROJEjyMg+nhbj1gXrreyWRqcH/vsgcNbjQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFAstZnF3fjQn0h6JvDPKbKkxj/BPMB8GA1UdIwQY
MBaAFEB7Lq+x9Mzbs81s1NdLKzOXigtwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgt
YzJlNjY4YzE5NzI3LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgtYzJlNjY4YzE5NzI3
LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAhn8L6HgW
XBukYgO/lCOqaiNrWSy4oi8eFZcEyowu4vT6zwnXs0FIyLDnlJP1LRGRx9wEydgv
n+pub3203XknhNahputzIhc0bjAptxkTx87Obbf4nj81JmDb3jIpbqb3+AWSQ3OO
THomo5FfYbOHsXr92zosR0bAuuOG8xz6AcMx1qa9mvnAfw5+8v8qZ7YCPQKP5ZFX
JCQ7Wt9q+tW0EU0PGTUL4zXRoUWoMG8IdB77DarqJEdQq3WbP/guIzgB3/B+5snT
zQjWdSwtwoB1Looab/v+8YbaQ+Ba71SVH/Wj+DfUolE1LnxTanqvYZdXG3O9s/Fi
/czSr3c/mxfs+w==
-----END CERTIFICATE-----