Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
File:                     ONY8X84e8J5L8s_JS7JQn9X_UJw.mft (raw, json)
Hash identifier:          z74PNoE9ErzkvQirZD9ItHQH/l69KHcRxOpRSFw4Da0=
Subject key identifier:   04:70:6E:33:22:3C:18:74:76:BA:48:71:66:60:E2:DE:0A:2B:A4:F0
Authority key identifier: 38:D6:3C:5F:CE:1E:F0:9E:4B:F2:CF:C9:4B:B2:50:9F:D5:FF:50:9C
Certificate issuer:       /CN=38d63c5fce1ef09e4bf2cfc94bb2509fd5ff509c
Certificate serial:       019A00D9FAFDA58E7D307395FFFA61EE6EB7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
Manifest number:          0517
Signing time:             Mon 20 Oct 2025 09:01:16 +0000
Manifest this update:     Mon 20 Oct 2025 09:01:16 +0000
Manifest next update:     Tue 21 Oct 2025 09:01:16 +0000
Files and hashes:         1: ONY8X84e8J5L8s_JS7JQn9X_UJw.crl (hash: 0hAJHtYBF9l0mH+OC6qU+ewgRxpsZs8BS9di7KjuZB4=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:d9:fa:fd:a5:8e:7d:30:73:95:ff:fa:61:ee:6e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38d63c5fce1ef09e4bf2cfc94bb2509fd5ff509c
        Validity
            Not Before: Oct 20 09:01:16 2025 GMT
            Not After : Oct 21 09:01:16 2025 GMT
        Subject: CN=04706e33223c187476ba48716660e2de0a2ba4f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:58:0d:d6:96:fa:cb:3c:32:a2:e8:2c:64:c5:
                    65:c6:f1:fd:5c:1e:26:67:82:38:e4:fd:c8:a8:b1:
                    18:db:70:e0:ed:73:06:3e:59:f8:8f:63:2a:3a:97:
                    d1:af:e2:11:eb:84:20:51:da:21:64:c3:1a:cc:46:
                    6c:c5:26:11:0b:ef:5b:ba:b0:6a:61:7c:53:c4:11:
                    fa:bd:4c:41:d8:c7:af:f9:30:e0:6a:40:23:89:f3:
                    a7:23:47:bd:2b:1c:fd:9b:55:f2:b8:9d:d9:1b:b7:
                    00:0c:ab:2a:4c:e8:51:25:98:7d:0e:08:27:94:3b:
                    c1:6e:3c:bb:2a:6c:54:3b:61:c0:21:7d:ef:0e:0f:
                    01:cd:30:b6:25:1f:c6:88:c6:79:d5:0a:c8:24:ab:
                    92:af:c1:f9:f1:7e:85:9e:77:17:d4:30:fb:fb:a8:
                    17:ff:04:94:bc:6a:6f:9b:d6:9e:28:9b:2d:0d:d1:
                    89:73:db:c8:40:0e:63:1d:bb:0e:f3:79:df:6e:83:
                    53:b1:31:4b:17:13:4a:13:6a:58:0f:66:90:95:f0:
                    15:17:74:9e:72:22:b0:ec:09:63:44:dc:1d:42:dc:
                    4c:43:43:ac:43:43:ae:23:9f:a6:50:53:bb:c7:4b:
                    fb:7a:98:00:19:85:c6:15:80:a7:ce:7d:a9:d7:eb:
                    22:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:70:6E:33:22:3C:18:74:76:BA:48:71:66:60:E2:DE:0A:2B:A4:F0
            X509v3 Authority Key Identifier:
                keyid:38:D6:3C:5F:CE:1E:F0:9E:4B:F2:CF:C9:4B:B2:50:9F:D5:FF:50:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ONY8X84e8J5L8s_JS7JQn9X_UJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ee3d73-9729-4da4-8bc7-67c442d6a850/1/ONY8X84e8J5L8s_JS7JQn9X_UJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         04:e5:0f:f5:72:94:e7:76:cc:de:07:c0:18:8f:8f:98:9b:29:
         ef:0f:dc:ad:f5:d8:db:bb:e4:56:a3:d5:26:e9:31:f2:79:97:
         b4:bd:36:65:80:2b:36:77:02:be:fc:77:93:01:3d:e4:78:9d:
         f4:98:b7:24:d4:7a:8b:fb:f1:c1:c2:b7:59:ae:01:53:d9:95:
         1e:df:ef:39:98:06:3b:3a:c1:e1:1d:8c:9f:e8:e3:af:fc:f5:
         3d:ac:84:d1:3c:01:87:0f:03:35:cc:44:24:33:92:1d:2b:fc:
         12:1f:84:4b:7a:2f:27:68:6d:fa:fb:fa:c3:72:56:d6:a3:88:
         6b:1d:16:a9:74:86:d7:2c:cd:fb:7b:b8:4b:d1:91:9e:49:e0:
         84:04:d3:7f:c2:03:79:af:ed:57:42:44:cf:ef:eb:c3:8a:9a:
         ab:e3:85:8c:e7:19:f4:00:70:71:3d:91:df:67:16:a4:94:13:
         be:61:45:ab:8d:6f:7d:e1:f1:e8:10:40:e0:b4:79:77:11:c4:
         3c:d4:fa:cd:58:a9:97:09:3f:c9:51:62:67:d7:ef:0a:4d:c4:
         24:ce:b2:f0:94:f4:0e:52:ce:3e:ca:59:71:17:6b:44:2f:a0:
         b4:26:d9:0a:86:6d:9a:5b:ce:bc:a7:69:e9:eb:d9:0b:78:58:
         4d:47:67:14
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZoA2fr9pY59MHOV//ph7m63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZDYzYzVmY2UxZWYwOWU0YmYyY2ZjOTRiYjI1MDlmZDVm
ZjUwOWMwHhcNMjUxMDIwMDkwMTE2WhcNMjUxMDIxMDkwMTE2WjAzMTEwLwYDVQQD
EygwNDcwNmUzMzIyM2MxODc0NzZiYTQ4NzE2NjYwZTJkZTBhMmJhNGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVgN1pb6yzwyougsZMVlxvH9XB4m
Z4I45P3IqLEY23Dg7XMGPln4j2MqOpfRr+IR64QgUdohZMMazEZsxSYRC+9burBq
YXxTxBH6vUxB2Mev+TDgakAjifOnI0e9Kxz9m1XyuJ3ZG7cADKsqTOhRJZh9Dggn
lDvBbjy7KmxUO2HAIX3vDg8BzTC2JR/GiMZ51QrIJKuSr8H58X6FnncX1DD7+6gX
/wSUvGpvm9aeKJstDdGJc9vIQA5jHbsO83nfboNTsTFLFxNKE2pYD2aQlfAVF3Se
ciKw7AljRNwdQtxMQ0OsQ0OuI5+mUFO7x0v7epgAGYXGFYCnzn2p1+siSQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFARwbjMiPBh0drpIcWZg4t4KK6TwMB8GA1UdIwQY
MBaAFDjWPF/OHvCeS/LPyUuyUJ/V/1CcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9lZTNkNzMtOTcyOS00ZGE0LThiYzct
NjdjNDQyZDZhODUwLzEvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3Lm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9lZTNkNzMtOTcyOS00ZGE0LThiYzctNjdjNDQyZDZhODUw
LzEvT05ZOFg4NGU4SjVMOHNfSlM3SlFuOVhfVUp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEABOUP9XKU
53bM3gfAGI+PmJsp7w/crfXY27vkVqPVJukx8nmXtL02ZYArNncCvvx3kwE95Hid
9Ji3JNR6i/vxwcK3Wa4BU9mVHt/vOZgGOzrB4R2Mn+jjr/z1PayE0TwBhw8DNcxE
JDOSHSv8Eh+ES3ovJ2ht+vv6w3JW1qOIax0WqXSG1yzN+3u4S9GRnknghATTf8ID
ea/tV0JEz+/rw4qaq+OFjOcZ9ABwcT2R32cWpJQTvmFFq41vfeHx6BBA4LR5dxHE
PNT6zViplwk/yVFiZ9fvCk3EJM6y8JT0DlLOPspZcRdrRC+gtCbZCoZtmlvOvKdp
6evZC3hYTUdnFA==
-----END CERTIFICATE-----