Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
File:                     hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft (raw, json)
Hash identifier:          bxCBQOnH06qckBDaN+UnYFvYiqkYItHcamp68g83L00=
Subject key identifier:   31:41:DB:59:2D:B9:FC:B5:FD:E7:D2:CC:AF:CF:34:9B:3A:A6:D4:5C
Authority key identifier: 85:FB:BE:85:49:4A:0A:F0:CC:1E:82:12:FB:84:10:E4:F6:70:B2:66
Certificate issuer:       /CN=85fbbe85494a0af0cc1e8212fb8410e4f670b266
Certificate serial:       0199FDD9FB5D4DC3A79818C0FE648DB8F32F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
Manifest number:          10DD
Signing time:             Sun 19 Oct 2025 19:02:24 +0000
Manifest this update:     Sun 19 Oct 2025 19:02:24 +0000
Manifest next update:     Mon 20 Oct 2025 19:02:24 +0000
Files and hashes:         1: hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl (hash: oRDwRqWNS1lnkOl+HIFasoSRbAAV6GJj9ZU0luLbipU=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:d9:fb:5d:4d:c3:a7:98:18:c0:fe:64:8d:b8:f3:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85fbbe85494a0af0cc1e8212fb8410e4f670b266
        Validity
            Not Before: Oct 19 19:02:24 2025 GMT
            Not After : Oct 20 19:02:24 2025 GMT
        Subject: CN=3141db592db9fcb5fde7d2ccafcf349b3aa6d45c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:80:84:63:1e:67:f2:0d:7e:5e:0c:3c:c9:85:
                    9f:fa:bf:a8:df:51:73:84:72:74:75:82:73:81:74:
                    56:fc:24:3b:2d:64:91:08:30:e5:77:2e:62:11:69:
                    f8:9e:59:ce:2c:11:d6:2c:42:ea:d7:f4:75:31:29:
                    94:31:10:a4:08:45:0b:bd:78:79:10:10:4e:03:2a:
                    a9:b3:ab:d7:fc:3a:e9:af:e8:f9:16:79:ee:e2:da:
                    3e:9f:4f:b8:03:13:3f:b8:2e:1c:3e:44:0b:ca:69:
                    ee:08:66:1b:15:08:1e:f8:ee:62:14:01:75:49:7c:
                    06:ba:02:08:f1:3b:19:4e:a0:2c:28:47:32:9f:ad:
                    e4:0e:e4:03:0e:1d:92:4e:04:03:fc:44:92:b7:65:
                    6f:e2:23:18:79:3d:c4:8c:c3:86:a6:e3:48:61:45:
                    10:73:60:c7:27:80:2a:0d:7a:ff:80:59:6a:de:b1:
                    ff:55:05:20:97:db:ab:4f:4b:4c:3e:32:23:9f:e7:
                    1d:14:21:f3:cd:59:f8:b1:4b:48:6a:de:3b:69:b8:
                    01:46:10:43:fa:71:47:b2:36:37:37:e2:37:b3:89:
                    cb:44:c5:46:e9:82:e5:8b:91:0b:6f:95:d8:6e:95:
                    9b:dc:e2:42:ff:e7:a3:4e:68:3a:a3:fb:c5:cc:4d:
                    af:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:41:DB:59:2D:B9:FC:B5:FD:E7:D2:CC:AF:CF:34:9B:3A:A6:D4:5C
            X509v3 Authority Key Identifier:
                keyid:85:FB:BE:85:49:4A:0A:F0:CC:1E:82:12:FB:84:10:E4:F6:70:B2:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/b12a35-05c1-40b9-b651-236883b2cf97/1/hfu-hUlKCvDMHoIS-4QQ5PZwsmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         93:c5:6f:ee:91:e5:39:5a:25:ab:13:3a:75:e1:7d:f6:6a:78:
         09:2d:9b:ee:d1:74:0a:8b:e3:58:2a:bf:1e:61:dc:0b:fc:33:
         49:a6:cd:51:06:10:0e:ad:64:1d:bf:91:33:46:32:03:b1:94:
         99:64:0b:65:84:d1:08:33:5d:6c:d4:40:f4:a0:f5:09:69:eb:
         d5:37:f6:5d:94:21:38:44:fb:ab:1f:71:4f:3c:d7:11:e2:1c:
         cb:92:81:fe:47:5f:42:4a:25:c5:fc:e5:fc:2b:5c:21:b9:bf:
         e3:8f:e9:94:a1:f3:03:cc:b8:c9:91:bd:07:b8:8b:58:be:52:
         4c:de:4a:be:31:85:90:21:67:7c:e2:a6:00:e1:4e:26:77:3c:
         7c:59:d3:cd:d5:c2:29:f7:06:12:57:ee:c9:05:a5:bb:2a:9c:
         73:1c:c7:92:79:26:52:47:60:f4:6a:92:f7:af:47:07:00:9c:
         18:ec:c6:db:f1:37:63:ae:5b:46:85:1f:5a:96:68:7c:be:f8:
         ef:5b:ca:27:23:f6:c1:ae:5e:ee:22:cb:98:08:a8:6f:cb:7c:
         1c:08:99:b5:53:3f:e6:45:0f:65:4d:00:f6:d2:9f:5c:91:03:
         7d:7c:d6:d8:05:f7:3e:58:0d:02:85:fc:69:9b:9e:ac:f1:b9:
         7e:36:af:fc
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn92ftdTcOnmBjA/mSNuPMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZmJiZTg1NDk0YTBhZjBjYzFlODIxMmZiODQxMGU0ZjY3
MGIyNjYwHhcNMjUxMDE5MTkwMjI0WhcNMjUxMDIwMTkwMjI0WjAzMTEwLwYDVQQD
EygzMTQxZGI1OTJkYjlmY2I1ZmRlN2QyY2NhZmNmMzQ5YjNhYTZkNDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4CEYx5n8g1+Xgw8yYWf+r+o31Fz
hHJ0dYJzgXRW/CQ7LWSRCDDldy5iEWn4nlnOLBHWLELq1/R1MSmUMRCkCEULvXh5
EBBOAyqps6vX/Drpr+j5Fnnu4to+n0+4AxM/uC4cPkQLymnuCGYbFQge+O5iFAF1
SXwGugII8TsZTqAsKEcyn63kDuQDDh2STgQD/ESSt2Vv4iMYeT3EjMOGpuNIYUUQ
c2DHJ4AqDXr/gFlq3rH/VQUgl9urT0tMPjIjn+cdFCHzzVn4sUtIat47abgBRhBD
+nFHsjY3N+I3s4nLRMVG6YLli5ELb5XYbpWb3OJC/+ejTmg6o/vFzE2v6QIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFDFB21ktufy1/efSzK/PNJs6ptRcMB8GA1UdIwQY
MBaAFIX7voVJSgrwzB6CEvuEEOT2cLJmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9iMTJhMzUtMDVjMS00MGI5LWI2NTEt
MjM2ODgzYjJjZjk3LzEvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9iMTJhMzUtMDVjMS00MGI5LWI2NTEtMjM2ODgzYjJjZjk3
LzEvaGZ1LWhVbEtDdkRNSG9JUy00UVE1UFp3c21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAk8Vv7pHl
OVolqxM6deF99mp4CS2b7tF0CovjWCq/HmHcC/wzSabNUQYQDq1kHb+RM0YyA7GU
mWQLZYTRCDNdbNRA9KD1CWnr1Tf2XZQhOET7qx9xTzzXEeIcy5KB/kdfQkolxfzl
/CtcIbm/44/plKHzA8y4yZG9B7iLWL5STN5KvjGFkCFnfOKmAOFOJnc8fFnTzdXC
KfcGElfuyQWluyqccxzHknkmUkdg9GqS969HBwCcGOzG2/E3Y65bRoUfWpZofL74
71vKJyP2wa5e7iLLmAiob8t8HAiZtVM/5kUPZU0A9tKfXJEDfXzW2AX3PlgNAoX8
aZuerPG5fjav/A==
-----END CERTIFICATE-----