Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
File:                     QHsur7H0zNuzzWzU10srM5eKC3A.mft (raw, json)
Hash identifier:          g2fKhGzeiqwzg5XIXgvlrNi/u3k7iM5jl0fPILKCa4Y=
Subject key identifier:   AD:5F:46:DE:B0:6D:B3:F7:7B:17:4D:96:20:92:AC:9D:AD:F7:24:8E
Authority key identifier: 40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70
Certificate issuer:       /CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
Certificate serial:       0196A088879EB9D157C69A36A344A7497337
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
Manifest number:          1523
Signing time:             Mon 05 May 2025 13:00:24 +0000
Manifest this update:     Mon 05 May 2025 13:00:24 +0000
Manifest next update:     Tue 06 May 2025 13:00:24 +0000
Files and hashes:         1: QHsur7H0zNuzzWzU10srM5eKC3A.crl (hash: tZv5X8AU60RIkk+3ijPENE5aR3+hC076W3x6fSeUlXs=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 13:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a0:88:87:9e:b9:d1:57:c6:9a:36:a3:44:a7:49:73:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=407b2eafb1f4ccdbb3cd6cd4d74b2b33978a0b70
        Validity
            Not Before: May  5 13:00:24 2025 GMT
            Not After : May  6 13:00:24 2025 GMT
        Subject: CN=ad5f46deb06db3f77b174d962092ac9dadf7248e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b2:a4:34:5e:6b:49:49:cd:8f:d2:66:38:20:
                    bb:e8:02:06:ea:4b:99:30:72:ff:2e:5a:91:6b:83:
                    4d:8c:6d:3e:e6:14:a7:e1:f3:ab:49:dc:74:23:6a:
                    e0:be:01:7e:d9:7e:f9:95:e9:25:d5:1f:08:74:7d:
                    28:12:34:cc:c6:cb:e7:d4:ec:ab:93:64:b0:c2:e7:
                    af:97:67:04:64:de:c2:2f:75:9c:5c:14:75:7c:7f:
                    62:8f:e7:56:3f:72:c1:00:a6:31:bb:a1:59:c9:96:
                    53:d3:2d:85:e4:d7:3c:78:76:6a:28:b8:03:20:bf:
                    e3:48:e6:2c:64:5f:73:ec:c1:f6:61:76:9f:44:19:
                    b9:05:76:44:89:ba:e1:bc:4b:35:44:81:6c:0f:f1:
                    5d:b0:d0:f2:34:ff:3f:1a:57:8d:e3:d1:9e:17:6c:
                    87:0b:46:38:76:3b:ea:64:99:8e:86:64:09:74:1f:
                    e0:3e:0e:a1:38:11:5a:08:fd:17:dd:cb:7b:7d:c3:
                    53:49:ff:71:09:82:d5:fe:27:b7:9d:fe:79:06:76:
                    6e:c7:0d:57:7b:9d:b7:54:95:46:b9:d0:19:fb:c3:
                    ae:09:8b:8b:86:8e:66:ad:e3:bc:48:41:35:c6:ec:
                    7f:37:eb:58:c8:20:b4:cd:d8:0b:93:59:f8:ce:79:
                    a3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:5F:46:DE:B0:6D:B3:F7:7B:17:4D:96:20:92:AC:9D:AD:F7:24:8E
            X509v3 Authority Key Identifier:
                keyid:40:7B:2E:AF:B1:F4:CC:DB:B3:CD:6C:D4:D7:4B:2B:33:97:8A:0B:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QHsur7H0zNuzzWzU10srM5eKC3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6aecc5-b85c-418b-afc8-c2e668c19727/1/QHsur7H0zNuzzWzU10srM5eKC3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         1a:e3:c2:43:19:30:d0:26:76:e4:d4:00:b9:ed:18:58:be:b4:
         b6:02:3e:f2:75:74:e9:ef:bb:dc:ab:4a:45:d9:4f:6d:f9:dc:
         87:72:b2:76:92:74:2b:21:fa:40:44:79:d3:ec:f6:2c:0e:bf:
         81:2f:69:7b:60:75:72:6a:c7:48:0e:ca:4b:64:59:dd:12:38:
         3b:6b:d4:cb:f1:a9:1e:94:9b:d6:10:a0:0c:1f:51:f0:6c:22:
         d3:85:e0:cb:51:4c:a9:6c:67:2c:53:5c:fa:73:83:80:45:9a:
         9a:00:4b:12:3d:0a:a2:1e:a6:f5:98:2a:fb:09:9d:20:71:10:
         cd:a8:52:80:79:e0:c6:70:57:23:9e:f9:24:9b:e4:e9:05:fa:
         db:86:c1:82:a2:f2:60:58:50:06:dc:ab:dc:a3:5b:5b:30:63:
         81:ed:5c:34:41:3e:4d:53:90:24:b6:2c:c1:6e:15:ac:b0:43:
         af:34:a8:9b:1e:89:11:bf:b4:77:55:d6:10:c7:ee:50:e7:f8:
         65:6c:dd:bd:8b:c8:93:ff:81:e9:84:aa:d2:70:5e:a2:80:22:
         2f:96:0d:fe:5e:65:22:17:16:00:37:ac:40:17:79:94:59:5f:
         40:8e:b2:fe:da:72:53:4f:c5:5e:e2:9e:37:fe:1e:a4:c5:94:
         7a:2c:ab:f0
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZagiIeeudFXxpo2o0SnSXM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwN2IyZWFmYjFmNGNjZGJiM2NkNmNkNGQ3NGIyYjMzOTc4
YTBiNzAwHhcNMjUwNTA1MTMwMDI0WhcNMjUwNTA2MTMwMDI0WjAzMTEwLwYDVQQD
EyhhZDVmNDZkZWIwNmRiM2Y3N2IxNzRkOTYyMDkyYWM5ZGFkZjcyNDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7KkNF5rSUnNj9JmOCC76AIG6kuZ
MHL/LlqRa4NNjG0+5hSn4fOrSdx0I2rgvgF+2X75lekl1R8IdH0oEjTMxsvn1Oyr
k2Swwuevl2cEZN7CL3WcXBR1fH9ij+dWP3LBAKYxu6FZyZZT0y2F5Nc8eHZqKLgD
IL/jSOYsZF9z7MH2YXafRBm5BXZEibrhvEs1RIFsD/FdsNDyNP8/GleN49GeF2yH
C0Y4djvqZJmOhmQJdB/gPg6hOBFaCP0X3ct7fcNTSf9xCYLV/ie3nf55BnZuxw1X
e523VJVGudAZ+8OuCYuLho5mreO8SEE1xux/N+tYyCC0zdgLk1n4znmjFQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFK1fRt6wbbP3exdNliCSrJ2t9ySOMB8GA1UdIwQY
MBaAFEB7Lq+x9Mzbs81s1NdLKzOXigtwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgt
YzJlNjY4YzE5NzI3LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82YWVjYzUtYjg1Yy00MThiLWFmYzgtYzJlNjY4YzE5NzI3
LzEvUUhzdXI3SDB6TnV6eld6VTEwc3JNNWVLQzNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAGuPCQxkw
0CZ25NQAue0YWL60tgI+8nV06e+73KtKRdlPbfnch3KydpJ0KyH6QER50+z2LA6/
gS9pe2B1cmrHSA7KS2RZ3RI4O2vUy/GpHpSb1hCgDB9R8Gwi04Xgy1FMqWxnLFNc
+nODgEWamgBLEj0Koh6m9Zgq+wmdIHEQzahSgHngxnBXI575JJvk6QX624bBgqLy
YFhQBtyr3KNbWzBjge1cNEE+TVOQJLYswW4VrLBDrzSomx6JEb+0d1XWEMfuUOf4
ZWzdvYvIk/+B6YSq0nBeooAiL5YN/l5lIhcWADesQBd5lFlfQI6y/tpyU0/FXuKe
N/4epMWUeiyr8A==
-----END CERTIFICATE-----