Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/4239e9-e670-44f1-868e-f3f581dfc648/1/TQ8lfzOc-54nVLbMJDZPDxKQWNs.mft
File:                     TQ8lfzOc-54nVLbMJDZPDxKQWNs.mft (raw, json)
Hash identifier:          cO0t38r51ksg90nV3dTGMP3zKdCfTGubtrAePzDKo24=
Subject key identifier:   29:DA:B2:76:42:4B:3C:9F:C6:76:74:13:F4:C3:B7:E5:98:0E:64:A5
Authority key identifier: 4D:0F:25:7F:33:9C:FB:9E:27:54:B6:CC:24:36:4F:0F:12:90:58:DB
Certificate issuer:       /CN=4d0f257f339cfb9e2754b6cc24364f0f129058db
Certificate serial:       01969F082BCA4952A12EAC6AD2E7290D2A09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQ8lfzOc-54nVLbMJDZPDxKQWNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/4239e9-e670-44f1-868e-f3f581dfc648/1/TQ8lfzOc-54nVLbMJDZPDxKQWNs.mft
Manifest number:          135D
Signing time:             Mon 05 May 2025 06:00:34 +0000
Manifest this update:     Mon 05 May 2025 06:00:34 +0000
Manifest next update:     Tue 06 May 2025 06:00:34 +0000
Files and hashes:         1: TQ8lfzOc-54nVLbMJDZPDxKQWNs.crl (hash: 5bMrxA20kQh0R3HguzxyUN3thgHzKOQzO0b6XU6w03s=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/4239e9-e670-44f1-868e-f3f581dfc648/1/TQ8lfzOc-54nVLbMJDZPDxKQWNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/4239e9-e670-44f1-868e-f3f581dfc648/1/TQ8lfzOc-54nVLbMJDZPDxKQWNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQ8lfzOc-54nVLbMJDZPDxKQWNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 06:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:08:2b:ca:49:52:a1:2e:ac:6a:d2:e7:29:0d:2a:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d0f257f339cfb9e2754b6cc24364f0f129058db
        Validity
            Not Before: May  5 06:00:34 2025 GMT
            Not After : May  6 06:00:34 2025 GMT
        Subject: CN=29dab276424b3c9fc6767413f4c3b7e5980e64a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:31:8f:d1:3d:bd:7e:68:f0:72:fc:d0:3d:36:
                    18:f6:b1:4e:fc:ba:e5:c5:10:ac:9c:e4:c3:d0:c6:
                    11:66:fa:7c:e9:a1:74:6d:77:f4:6a:6a:e3:63:1d:
                    ac:81:01:92:75:39:e1:ad:42:57:f0:5d:34:88:c0:
                    70:f3:fc:ca:f3:bf:da:9e:c4:0d:1a:61:33:b0:7b:
                    21:30:7a:b5:7f:f1:70:c5:51:81:54:fd:90:a3:a9:
                    71:b0:df:ad:75:f5:34:27:7e:72:d7:fd:c1:55:05:
                    b3:df:b4:48:21:11:68:32:fc:ff:e9:66:30:cf:d2:
                    f5:d9:32:94:58:f6:1b:27:b0:95:4e:0f:e6:2a:db:
                    5d:04:e6:72:0b:d3:b0:81:f6:c7:9e:d4:5d:20:33:
                    eb:cf:63:50:93:7d:51:dc:e6:57:9f:ef:47:5c:50:
                    18:1c:ee:18:03:6b:c7:50:fe:fc:b5:cc:b2:31:11:
                    e4:ea:de:40:88:51:d9:b8:5f:74:ad:f7:8f:b9:bb:
                    5b:3b:20:11:58:94:f7:93:1f:f7:8d:a1:fc:f6:19:
                    63:c1:d5:83:3c:e0:00:27:df:63:2f:2f:3d:63:c3:
                    89:73:31:93:b0:47:51:df:84:d1:52:60:17:22:3f:
                    59:fb:94:30:f6:2b:b1:59:eb:3b:a4:bd:d9:a4:25:
                    72:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:DA:B2:76:42:4B:3C:9F:C6:76:74:13:F4:C3:B7:E5:98:0E:64:A5
            X509v3 Authority Key Identifier:
                keyid:4D:0F:25:7F:33:9C:FB:9E:27:54:B6:CC:24:36:4F:0F:12:90:58:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQ8lfzOc-54nVLbMJDZPDxKQWNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/4239e9-e670-44f1-868e-f3f581dfc648/1/TQ8lfzOc-54nVLbMJDZPDxKQWNs.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/4239e9-e670-44f1-868e-f3f581dfc648/1/TQ8lfzOc-54nVLbMJDZPDxKQWNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         24:56:83:05:21:86:d9:d7:a8:91:8b:3e:38:19:a9:f2:2b:51:
         e8:1f:89:a6:71:b5:c9:69:77:e2:5e:cd:ab:f1:4b:aa:8c:c4:
         10:f5:e8:43:17:b7:b4:eb:da:a9:27:34:39:fa:96:55:be:7f:
         1c:8e:a1:ef:2d:6e:eb:e4:d1:b7:e9:c0:17:cb:8c:07:2c:de:
         21:fb:8a:9d:56:31:7f:f4:9d:db:9e:9f:bc:bd:9c:40:07:3c:
         b9:05:0f:75:cb:cf:d5:df:37:2f:53:36:25:e3:e5:5f:e2:87:
         df:f9:0f:1c:c8:7a:f7:1c:2e:71:4c:9c:4d:1e:f3:c4:6b:66:
         d6:65:14:c8:32:65:ca:b9:df:38:00:4f:f9:9d:67:a6:81:0e:
         41:50:e4:df:8a:40:5e:f6:71:a4:a2:03:84:1a:9c:af:20:60:
         6e:c7:8e:46:93:79:ea:1a:55:ae:d9:5b:dd:f5:df:26:3b:2d:
         e9:c1:9d:47:77:a3:57:ec:b0:c4:6e:5d:bb:b1:a2:41:4b:2d:
         4a:5e:94:98:5b:a3:ca:9d:f8:84:23:e8:ec:24:08:16:ce:99:
         f2:9e:42:4f:76:be:92:9f:d1:77:36:a5:4b:6e:43:68:59:2d:
         f5:53:05:b9:fb:83:af:41:0b:fc:f0:5b:7b:be:18:17:4c:76:
         dc:6e:06:95
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZafCCvKSVKhLqxq0ucpDSoJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMGYyNTdmMzM5Y2ZiOWUyNzU0YjZjYzI0MzY0ZjBmMTI5
MDU4ZGIwHhcNMjUwNTA1MDYwMDM0WhcNMjUwNTA2MDYwMDM0WjAzMTEwLwYDVQQD
EygyOWRhYjI3NjQyNGIzYzlmYzY3Njc0MTNmNGMzYjdlNTk4MGU2NGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9DGP0T29fmjwcvzQPTYY9rFO/Lrl
xRCsnOTD0MYRZvp86aF0bXf0amrjYx2sgQGSdTnhrUJX8F00iMBw8/zK87/ansQN
GmEzsHshMHq1f/FwxVGBVP2Qo6lxsN+tdfU0J35y1/3BVQWz37RIIRFoMvz/6WYw
z9L12TKUWPYbJ7CVTg/mKttdBOZyC9OwgfbHntRdIDPrz2NQk31R3OZXn+9HXFAY
HO4YA2vHUP78tcyyMRHk6t5AiFHZuF90rfePubtbOyARWJT3kx/3jaH89hljwdWD
POAAJ99jLy89Y8OJczGTsEdR34TRUmAXIj9Z+5Qw9iuxWes7pL3ZpCVyRwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFCnasnZCSzyfxnZ0E/TDt+WYDmSlMB8GA1UdIwQY
MBaAFE0PJX8znPueJ1S2zCQ2Tw8SkFjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFE4bGZ6T2MtNTRuVkxiTUpEWlBEeEtRV05zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC80MjM5ZTktZTY3MC00NGYxLTg2OGUt
ZjNmNTgxZGZjNjQ4LzEvVFE4bGZ6T2MtNTRuVkxiTUpEWlBEeEtRV05zLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC80MjM5ZTktZTY3MC00NGYxLTg2OGUtZjNmNTgxZGZjNjQ4
LzEvVFE4bGZ6T2MtNTRuVkxiTUpEWlBEeEtRV05zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAJFaDBSGG
2deokYs+OBmp8itR6B+JpnG1yWl34l7Nq/FLqozEEPXoQxe3tOvaqSc0OfqWVb5/
HI6h7y1u6+TRt+nAF8uMByzeIfuKnVYxf/Sd256fvL2cQAc8uQUPdcvP1d83L1M2
JePlX+KH3/kPHMh69xwucUycTR7zxGtm1mUUyDJlyrnfOABP+Z1npoEOQVDk34pA
XvZxpKIDhBqcryBgbseORpN56hpVrtlb3fXfJjst6cGdR3ejV+ywxG5du7GiQUst
Sl6UmFujyp34hCPo7CQIFs6Z8p5CT3a+kp/RdzalS25DaFkt9VMFufuDr0EL/PBb
e74YF0x23G4GlQ==
-----END CERTIFICATE-----