This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft File: NDLzVG3kPONceHHFVLizDvY1wlE.mft (raw, json) Hash identifier: wwRyrvwNYn0DP1WMXjmfzALmSyuixiYXyRypiu+7Txc= Subject key identifier: 67:59:1A:F6:DA:A3:18:9E:0F:5A:F3:7B:D5:F3:B3:91:A6:68:81:E3 Authority key identifier: 34:32:F3:54:6D:E4:3C:E3:5C:78:71:C5:54:B8:B3:0E:F6:35:C2:51 Certificate issuer: /CN=3432f3546de43ce35c7871c554b8b30ef635c251 Certificate serial: 019B44A5DFD825972936434DF5134618FA1F Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NDLzVG3kPONceHHFVLizDvY1wlE.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft Manifest number: 0333 Signing time: Mon 22 Dec 2025 06:01:19 +0000 Manifest this update: Mon 22 Dec 2025 06:01:19 +0000 Manifest next update: Tue 23 Dec 2025 06:01:19 +0000 Files and hashes: 1: NDLzVG3kPONceHHFVLizDvY1wlE.crl (hash: efcvvFgMpQ7BO+pOcLp19kVdRbvQpr2KsAzzCfKAvAo=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.crl rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft rsync://rpki.ripe.net/repository/DEFAULT/NDLzVG3kPONceHHFVLizDvY1wlE.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Tue 23 Dec 2025 06:01:19 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:44:a5:df:d8:25:97:29:36:43:4d:f5:13:46:18:fa:1f Signature Algorithm: sha256WithRSAEncryption Issuer: CN=3432f3546de43ce35c7871c554b8b30ef635c251 Validity Not Before: Dec 22 06:01:19 2025 GMT Not After : Dec 23 06:01:19 2025 GMT Subject: CN=67591af6daa3189e0f5af37bd5f3b391a66881e3 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:9f:d6:40:07:2c:cd:c6:57:49:78:1b:f8:80:52: 42:12:7a:89:47:78:e2:59:28:b5:43:d4:34:e1:02: 00:79:9e:f4:7f:fe:dc:17:be:b2:37:4c:ab:8c:f7: 49:ee:65:08:dd:95:c9:7c:9c:ca:be:f3:13:26:8b: e2:eb:7b:6e:27:63:ca:8a:2b:bf:f6:71:20:29:2f: 31:b3:b4:50:fb:fc:05:54:4f:4e:ec:7a:3e:f7:dd: d2:f8:d0:b3:d0:d6:eb:4a:7d:f6:1b:26:30:02:ac: 28:60:5d:b8:01:61:61:26:e8:28:8e:b7:4d:68:ee: f4:a6:80:ca:41:29:92:b1:30:c7:3a:88:51:5d:34: a9:a8:58:fe:43:7c:e3:98:39:c0:bc:5b:9a:c7:f0: c3:0e:54:89:0f:76:06:ec:44:f9:07:98:0a:34:09: 6c:eb:2f:0f:7d:e9:3a:09:a0:22:c9:fb:41:57:f1: 91:50:91:ee:9e:7b:eb:13:f0:ee:2f:f5:d8:df:88: 06:c9:45:c1:40:8d:62:7c:00:45:1e:1d:29:d8:48: 71:1e:6c:52:e2:1a:6c:b6:9a:cc:ee:6d:77:9f:e0: 22:23:6b:02:ab:5f:54:4d:2e:b5:2b:dd:04:a3:08: 31:4a:69:eb:97:1c:f8:26:0b:74:b1:df:bd:86:0c: 4e:c5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 67:59:1A:F6:DA:A3:18:9E:0F:5A:F3:7B:D5:F3:B3:91:A6:68:81:E3 X509v3 Authority Key Identifier: keyid:34:32:F3:54:6D:E4:3C:E3:5C:78:71:C5:54:B8:B3:0E:F6:35:C2:51 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDLzVG3kPONceHHFVLizDvY1wlE.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/18/de77ae-29e3-4a04-a027-6638c3eb4027/1/NDLzVG3kPONceHHFVLizDvY1wlE.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 7e:7a:ac:3e:8b:56:9f:7a:d7:33:d3:4a:13:a9:ba:89:14:9b: 89:5d:cb:da:ba:c4:e2:c9:c0:b7:79:d0:b2:d8:ad:1a:2b:ad: f8:55:8f:3a:64:ac:c1:99:d6:06:e6:d0:85:72:72:82:6a:73: b5:f1:b2:5d:f7:83:10:29:90:b6:99:e1:e6:7e:60:5b:99:51: b2:45:a2:79:22:59:93:c7:d3:e4:36:39:74:58:f6:a3:77:20: e9:88:bb:e9:73:c9:ef:d7:75:7f:13:79:e9:dd:b6:e3:98:c9: 90:e5:23:ff:95:0f:8b:99:0b:76:2a:5e:ae:0e:85:4d:e7:1a: 8b:b8:7a:47:d0:b7:5c:3a:ab:ff:22:cd:92:dc:75:07:9d:72: de:46:7a:a6:25:76:cc:e4:d9:69:4d:9f:3c:78:e4:a9:55:e2: 4f:3f:b0:34:5d:55:04:e4:a2:52:9c:74:ae:fb:2c:f9:1a:4e: 2d:11:66:50:ae:c2:04:4b:8f:40:e5:3c:6d:8b:23:67:b2:76: dc:d0:21:bf:e9:cd:f9:6c:58:90:70:7d:0e:6e:08:32:1e:33: 12:b6:88:32:49:e4:a4:b0:a7:fd:cb:85:42:b8:15:eb:45:ae: 7a:92:9b:bd:3b:85:85:92:8a:db:81:b8:ac:fb:97:cf:9b:07: 2d:91:b3:68 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZtEpd/YJZcpNkNN9RNGGPofMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDM0MzJmMzU0NmRlNDNjZTM1Yzc4NzFjNTU0YjhiMzBlZjYz NWMyNTEwHhcNMjUxMjIyMDYwMTE5WhcNMjUxMjIzMDYwMTE5WjAzMTEwLwYDVQQD Eyg2NzU5MWFmNmRhYTMxODllMGY1YWYzN2JkNWYzYjM5MWE2Njg4MWUzMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9ZAByzNxldJeBv4gFJCEnqJR3ji WSi1Q9Q04QIAeZ70f/7cF76yN0yrjPdJ7mUI3ZXJfJzKvvMTJovi63tuJ2PKiiu/ 9nEgKS8xs7RQ+/wFVE9O7Ho+993S+NCz0NbrSn32GyYwAqwoYF24AWFhJugojrdN aO70poDKQSmSsTDHOohRXTSpqFj+Q3zjmDnAvFuax/DDDlSJD3YG7ET5B5gKNAls 6y8Pfek6CaAiyftBV/GRUJHunnvrE/DuL/XY34gGyUXBQI1ifABFHh0p2EhxHmxS 4hpstprM7m13n+AiI2sCq19UTS61K90EowgxSmnrlxz4Jgt0sd+9hgxOxQIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFGdZGvbaoxieD1rze9Xzs5GmaIHjMB8GA1UdIwQY MBaAFDQy81Rt5DzjXHhxxVS4sw72NcJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvTkRMelZHM2tQT05jZUhIRlZMaXpEdlkxd2xFLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9kZTc3YWUtMjllMy00YTA0LWEwMjct NjYzOGMzZWI0MDI3LzEvTkRMelZHM2tQT05jZUhIRlZMaXpEdlkxd2xFLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8xOC9kZTc3YWUtMjllMy00YTA0LWEwMjctNjYzOGMzZWI0MDI3 LzEvTkRMelZHM2tQT05jZUhIRlZMaXpEdlkxd2xFLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAfnqsPotW n3rXM9NKE6m6iRSbiV3L2rrE4snAt3nQstitGiut+FWPOmSswZnWBubQhXJygmpz tfGyXfeDECmQtpnh5n5gW5lRskWieSJZk8fT5DY5dFj2o3cg6Yi76XPJ79d1fxN5 6d2245jJkOUj/5UPi5kLdiperg6FTecai7h6R9C3XDqr/yLNktx1B51y3kZ6piV2 zOTZaU2fPHjkqVXiTz+wNF1VBOSiUpx0rvss+RpOLRFmUK7CBEuPQOU8bYsjZ7J2 3NAhv+nN+WxYkHB9Dm4IMh4zEraIMknkpLCn/cuFQrgV60WuepKbvTuFhZKK24G4 rPuXz5sHLZGzaA== -----END CERTIFICATE-----Generated at Mon Dec 22 12:15:19 2025 by rpki-client