Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4e44c4-1a11-4b89-ada0-242c25c72012/1/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.mft
File:                     3hf9Zld7PtNYs4YqfdmAlEqF1Qc.mft (raw, json)
Hash identifier:          nGtF9meFdmwMRpe1dqSB5muJ3L9S9QvFr7IXFw971do=
Subject key identifier:   9E:7A:9A:E8:83:81:C0:73:6A:A4:E5:3A:57:F6:E3:FC:42:39:16:53
Authority key identifier: DE:17:FD:66:57:7B:3E:D3:58:B3:86:2A:7D:D9:80:94:4A:85:D5:07
Certificate issuer:       /CN=de17fd66577b3ed358b3862a7dd980944a85d507
Certificate serial:       0199FEEBEEF3CAF3959749C61B44FCE5D72C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4e44c4-1a11-4b89-ada0-242c25c72012/1/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.mft
Manifest number:          02A2
Signing time:             Mon 20 Oct 2025 00:01:38 +0000
Manifest this update:     Mon 20 Oct 2025 00:01:38 +0000
Manifest next update:     Tue 21 Oct 2025 00:01:38 +0000
Files and hashes:         1: 3hf9Zld7PtNYs4YqfdmAlEqF1Qc.crl (hash: Dsas9WGgtkr05jwXouYhjiwysNVaR3PoxjY9j3e5eOI=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4e44c4-1a11-4b89-ada0-242c25c72012/1/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4e44c4-1a11-4b89-ada0-242c25c72012/1/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fe:eb:ee:f3:ca:f3:95:97:49:c6:1b:44:fc:e5:d7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de17fd66577b3ed358b3862a7dd980944a85d507
        Validity
            Not Before: Oct 20 00:01:38 2025 GMT
            Not After : Oct 21 00:01:38 2025 GMT
        Subject: CN=9e7a9ae88381c0736aa4e53a57f6e3fc42391653
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:0b:21:f4:dc:c4:52:62:b0:25:e7:f9:c9:5d:
                    3e:67:2f:8c:b7:6a:e6:6d:20:d9:f3:43:74:2b:5d:
                    48:a5:fb:b9:02:cc:81:54:91:98:4e:19:76:f1:cf:
                    c5:01:99:c1:03:15:72:98:e2:2f:35:c3:9d:fd:16:
                    c4:65:57:d3:a2:b8:62:b1:fc:91:79:27:70:94:85:
                    32:d4:a6:a9:f3:d9:78:3a:66:b3:88:48:e3:c8:9c:
                    30:d8:30:e2:5d:8d:f9:d9:2d:13:73:a8:0c:a2:2d:
                    46:c5:29:fd:ff:df:5f:d7:e6:6f:37:6d:ab:7f:de:
                    bd:8d:d2:d5:87:34:48:3c:de:e6:ac:c3:7a:ff:b8:
                    d5:03:22:a8:a5:71:1f:27:b9:55:e3:4b:16:45:b2:
                    e0:f3:27:96:30:88:ed:66:03:8b:b2:6d:96:33:56:
                    02:9c:29:40:0d:b7:4e:aa:ee:d0:ad:5d:79:02:b0:
                    49:17:fd:f6:63:cf:a9:9d:84:03:79:a7:9a:82:45:
                    0f:0d:c7:93:57:11:fb:2b:d8:74:05:00:5e:2b:a9:
                    60:3b:9f:12:60:cd:fd:d5:d8:d2:7c:06:57:14:13:
                    04:cb:1a:bb:57:bc:dc:5e:d8:6b:e3:ab:41:39:5b:
                    e8:23:7c:b5:97:12:a2:e5:ff:15:a0:e8:0a:57:96:
                    ba:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:7A:9A:E8:83:81:C0:73:6A:A4:E5:3A:57:F6:E3:FC:42:39:16:53
            X509v3 Authority Key Identifier:
                keyid:DE:17:FD:66:57:7B:3E:D3:58:B3:86:2A:7D:D9:80:94:4A:85:D5:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4e44c4-1a11-4b89-ada0-242c25c72012/1/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4e44c4-1a11-4b89-ada0-242c25c72012/1/3hf9Zld7PtNYs4YqfdmAlEqF1Qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         3b:3f:e0:89:5b:76:76:ab:0b:47:84:7e:30:f6:e7:9a:20:18:
         4b:68:66:57:76:aa:33:99:4f:33:50:3d:f4:af:b2:3d:75:03:
         a0:6c:31:60:16:a4:f0:00:60:8f:34:17:27:a9:e4:9a:1e:0e:
         9c:1a:c8:96:99:27:38:48:6c:10:03:3f:48:12:f3:58:19:5d:
         38:7b:9b:5e:c5:63:18:4c:a5:be:30:43:38:80:fa:28:38:07:
         c0:72:2a:fb:99:ee:02:08:2e:d0:cc:42:26:c0:66:8c:b4:f5:
         7b:20:9f:bc:ac:90:de:c2:37:1e:14:3f:26:6f:eb:a7:19:fc:
         cd:af:a4:b5:05:09:76:c0:32:20:de:21:ad:6e:5c:8c:98:79:
         2b:51:6d:70:14:a4:2d:9a:99:7c:a7:03:66:42:56:d6:2e:19:
         bf:28:10:ed:21:d4:1e:31:4f:8f:fc:78:ca:ff:a0:64:13:50:
         2e:3a:93:dd:b0:84:79:60:f6:d3:35:68:f0:f5:8c:1a:dc:a2:
         c2:39:e6:60:62:0b:82:00:8d:c1:d8:0e:f7:2e:4c:0b:0c:27:
         9a:0a:b3:59:1f:f1:83:c5:db:31:7e:f1:31:bc:38:64:c4:76:
         40:01:32:98:82:2d:0a:97:2f:74:4c:14:e8:6f:12:12:1c:39:
         fc:a5:14:b0
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn+6+7zyvOVl0nGG0T85dcsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMTdmZDY2NTc3YjNlZDM1OGIzODYyYTdkZDk4MDk0NGE4
NWQ1MDcwHhcNMjUxMDIwMDAwMTM4WhcNMjUxMDIxMDAwMTM4WjAzMTEwLwYDVQQD
Eyg5ZTdhOWFlODgzODFjMDczNmFhNGU1M2E1N2Y2ZTNmYzQyMzkxNjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngsh9NzEUmKwJef5yV0+Zy+Mt2rm
bSDZ80N0K11Ipfu5AsyBVJGYThl28c/FAZnBAxVymOIvNcOd/RbEZVfTorhisfyR
eSdwlIUy1Kap89l4OmaziEjjyJww2DDiXY352S0Tc6gMoi1GxSn9/99f1+ZvN22r
f969jdLVhzRIPN7mrMN6/7jVAyKopXEfJ7lV40sWRbLg8yeWMIjtZgOLsm2WM1YC
nClADbdOqu7QrV15ArBJF/32Y8+pnYQDeaeagkUPDceTVxH7K9h0BQBeK6lgO58S
YM391djSfAZXFBMEyxq7V7zcXthr46tBOVvoI3y1lxKi5f8VoOgKV5a6XwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFJ56muiDgcBzaqTlOlf24/xCORZTMB8GA1UdIwQY
MBaAFN4X/WZXez7TWLOGKn3ZgJRKhdUHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2hmOVpsZDdQdE5ZczRZcWZkbUFsRXFGMVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80ZTQ0YzQtMWExMS00Yjg5LWFkYTAt
MjQyYzI1YzcyMDEyLzEvM2hmOVpsZDdQdE5ZczRZcWZkbUFsRXFGMVFjLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80ZTQ0YzQtMWExMS00Yjg5LWFkYTAtMjQyYzI1YzcyMDEy
LzEvM2hmOVpsZDdQdE5ZczRZcWZkbUFsRXFGMVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAOz/giVt2
dqsLR4R+MPbnmiAYS2hmV3aqM5lPM1A99K+yPXUDoGwxYBak8ABgjzQXJ6nkmh4O
nBrIlpknOEhsEAM/SBLzWBldOHubXsVjGEylvjBDOID6KDgHwHIq+5nuAggu0MxC
JsBmjLT1eyCfvKyQ3sI3HhQ/Jm/rpxn8za+ktQUJdsAyIN4hrW5cjJh5K1FtcBSk
LZqZfKcDZkJW1i4ZvygQ7SHUHjFPj/x4yv+gZBNQLjqT3bCEeWD20zVo8PWMGtyi
wjnmYGILggCNwdgO9y5MCwwnmgqzWR/xg8XbMX7xMbw4ZMR2QAEymIItCpcvdEwU
6G8SEhw5/KUUsA==
-----END CERTIFICATE-----