Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/3e6ea5-0d4e-434f-a6f3-eb346d9ce9e0/1/kh2gU5IfUoNniBiPgvYt1aqXP-k.mft
File:                     kh2gU5IfUoNniBiPgvYt1aqXP-k.mft (raw, json)
Hash identifier:          OR6BLr1P2jc1luVFwpmaExFMk6Fns4zTUiUgzOUwVzg=
Subject key identifier:   7D:E9:68:9A:EC:84:7A:67:F0:79:7C:59:E5:0E:8A:08:F8:41:97:E2
Authority key identifier: 92:1D:A0:53:92:1F:52:83:67:88:18:8F:82:F6:2D:D5:AA:97:3F:E9
Certificate issuer:       /CN=921da053921f52836788188f82f62dd5aa973fe9
Certificate serial:       0199FC58E3950074CAF13C414B013C0EA901
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kh2gU5IfUoNniBiPgvYt1aqXP-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/3e6ea5-0d4e-434f-a6f3-eb346d9ce9e0/1/kh2gU5IfUoNniBiPgvYt1aqXP-k.mft
Manifest number:          0FA7
Signing time:             Sun 19 Oct 2025 12:01:47 +0000
Manifest this update:     Sun 19 Oct 2025 12:01:47 +0000
Manifest next update:     Mon 20 Oct 2025 12:01:47 +0000
Files and hashes:         1: kh2gU5IfUoNniBiPgvYt1aqXP-k.crl (hash: 0Rr6YvjUOkSxJX7Yp4+0pvq1xamKBqOaQhMr0+pQ2dk=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/3e6ea5-0d4e-434f-a6f3-eb346d9ce9e0/1/kh2gU5IfUoNniBiPgvYt1aqXP-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/3e6ea5-0d4e-434f-a6f3-eb346d9ce9e0/1/kh2gU5IfUoNniBiPgvYt1aqXP-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kh2gU5IfUoNniBiPgvYt1aqXP-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:58:e3:95:00:74:ca:f1:3c:41:4b:01:3c:0e:a9:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=921da053921f52836788188f82f62dd5aa973fe9
        Validity
            Not Before: Oct 19 12:01:47 2025 GMT
            Not After : Oct 20 12:01:47 2025 GMT
        Subject: CN=7de9689aec847a67f0797c59e50e8a08f84197e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:a5:a2:76:66:e5:f0:8b:74:e6:8c:3e:9e:
                    ab:7a:8d:fd:88:57:f9:83:3e:a4:56:a0:80:e9:c1:
                    61:34:91:38:36:4e:ed:2c:9d:12:83:b7:c1:ab:fe:
                    97:a8:6a:1c:08:17:27:35:25:dd:55:af:7f:09:9f:
                    6b:ac:60:e4:02:2d:b4:8d:a5:c3:7e:33:ef:d5:5f:
                    20:4a:3a:7d:ea:ba:c9:2a:82:fc:ef:aa:d9:fa:2b:
                    f6:b9:30:ca:32:7b:2f:01:71:ac:e6:af:4e:e2:12:
                    f1:54:36:53:bd:7b:33:d7:28:89:c8:77:5c:ff:0a:
                    ea:ff:46:90:91:22:b5:e4:a0:fb:7d:35:61:aa:3e:
                    c8:72:6f:8a:a8:b4:70:de:39:51:da:6b:bf:20:ac:
                    90:01:1c:ad:5e:c2:35:a0:25:6f:7a:95:c1:58:84:
                    ab:32:5f:19:93:89:05:97:db:a4:67:07:6f:76:2a:
                    b7:72:7c:bc:a1:40:fa:c9:e6:f7:2a:b4:68:b6:28:
                    46:9b:5b:8f:ce:a2:4e:98:0b:a6:f4:7c:f5:ad:99:
                    17:1d:64:14:fe:cb:f0:aa:af:f2:9b:73:ac:f1:e1:
                    73:32:3e:81:bc:77:db:ed:56:1d:7c:6a:8d:2d:c8:
                    d3:be:80:f1:dd:7e:4b:ce:fb:c2:64:9d:98:b1:2e:
                    52:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E9:68:9A:EC:84:7A:67:F0:79:7C:59:E5:0E:8A:08:F8:41:97:E2
            X509v3 Authority Key Identifier:
                keyid:92:1D:A0:53:92:1F:52:83:67:88:18:8F:82:F6:2D:D5:AA:97:3F:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kh2gU5IfUoNniBiPgvYt1aqXP-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/3e6ea5-0d4e-434f-a6f3-eb346d9ce9e0/1/kh2gU5IfUoNniBiPgvYt1aqXP-k.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/3e6ea5-0d4e-434f-a6f3-eb346d9ce9e0/1/kh2gU5IfUoNniBiPgvYt1aqXP-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         6f:1e:f6:3b:f7:51:e3:5b:a0:38:18:2f:28:32:9b:a1:1c:2d:
         0d:12:61:4a:5d:ef:bb:3f:aa:91:49:ec:89:4f:1f:dd:f5:5c:
         12:55:cd:4b:7f:b2:45:f5:38:16:d3:82:59:2c:bd:9e:1b:a7:
         ee:37:9e:92:2f:15:b3:85:b1:07:1d:18:f0:fe:9e:69:22:ec:
         71:f6:33:08:94:03:4a:5f:27:f8:2b:4c:a7:75:0d:ab:9d:a1:
         f9:d9:e6:f7:24:92:75:c5:74:01:ca:b1:d5:ff:a6:4b:e9:b8:
         65:3e:c8:df:18:56:c1:79:5a:11:cd:0f:08:c2:ea:1a:58:f4:
         a4:23:5b:04:74:0e:2a:ca:d5:95:d7:81:32:eb:9a:a9:c7:26:
         70:c4:c6:6b:cc:c5:96:ac:a2:eb:9b:ee:b4:63:8b:f1:df:26:
         d8:5b:04:56:14:0f:2f:06:f6:5c:46:71:d3:f3:ee:b4:9f:39:
         87:0f:3e:80:e6:3f:b9:0b:af:69:76:65:ce:5b:03:5b:78:ce:
         5f:6d:30:b6:8b:77:9d:62:d8:e5:a2:90:1e:93:57:ed:ad:1d:
         24:4b:91:67:e5:2c:25:b1:d6:24:24:9c:43:ab:c4:0e:5b:82:
         81:42:00:1c:f8:be:74:3d:f4:38:66:bc:79:49:be:bf:e8:90:
         a3:8b:79:ab
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZn8WOOVAHTK8TxBSwE8DqkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMWRhMDUzOTIxZjUyODM2Nzg4MTg4ZjgyZjYyZGQ1YWE5
NzNmZTkwHhcNMjUxMDE5MTIwMTQ3WhcNMjUxMDIwMTIwMTQ3WjAzMTEwLwYDVQQD
Eyg3ZGU5Njg5YWVjODQ3YTY3ZjA3OTdjNTllNTBlOGEwOGY4NDE5N2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjelonZm5fCLdOaMPp6reo39iFf5
gz6kVqCA6cFhNJE4Nk7tLJ0Sg7fBq/6XqGocCBcnNSXdVa9/CZ9rrGDkAi20jaXD
fjPv1V8gSjp96rrJKoL876rZ+iv2uTDKMnsvAXGs5q9O4hLxVDZTvXsz1yiJyHdc
/wrq/0aQkSK15KD7fTVhqj7Icm+KqLRw3jlR2mu/IKyQARytXsI1oCVvepXBWISr
Ml8Zk4kFl9ukZwdvdiq3cny8oUD6yeb3KrRotihGm1uPzqJOmAum9Hz1rZkXHWQU
/svwqq/ym3Os8eFzMj6BvHfb7VYdfGqNLcjTvoDx3X5LzvvCZJ2YsS5SzQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFH3paJrshHpn8Hl8WeUOigj4QZfiMB8GA1UdIwQY
MBaAFJIdoFOSH1KDZ4gYj4L2LdWqlz/pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2gyZ1U1SWZVb05uaUJpUGd2WXQxYXFYUC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8zZTZlYTUtMGQ0ZS00MzRmLWE2ZjMt
ZWIzNDZkOWNlOWUwLzEva2gyZ1U1SWZVb05uaUJpUGd2WXQxYXFYUC1rLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8zZTZlYTUtMGQ0ZS00MzRmLWE2ZjMtZWIzNDZkOWNlOWUw
LzEva2gyZ1U1SWZVb05uaUJpUGd2WXQxYXFYUC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAbx72O/dR
41ugOBgvKDKboRwtDRJhSl3vuz+qkUnsiU8f3fVcElXNS3+yRfU4FtOCWSy9nhun
7jeeki8Vs4WxBx0Y8P6eaSLscfYzCJQDSl8n+CtMp3UNq52h+dnm9ySSdcV0Acqx
1f+mS+m4ZT7I3xhWwXlaEc0PCMLqGlj0pCNbBHQOKsrVldeBMuuaqccmcMTGa8zF
lqyi65vutGOL8d8m2FsEVhQPLwb2XEZx0/PutJ85hw8+gOY/uQuvaXZlzlsDW3jO
X20wtot3nWLY5aKQHpNX7a0dJEuRZ+UsJbHWJCScQ6vEDluCgUIAHPi+dD30OGa8
eUm+v+iQo4t5qw==
-----END CERTIFICATE-----
Generated at Sun Oct 19 15:14:08 2025 by rpki-client