This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft File: 2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft (raw, json) Hash identifier: h20cccLxQgUMmZkExHRH+YjHMhglMPHuNkO7kxORU60= Subject key identifier: A4:50:34:AC:C9:89:F9:10:AB:E5:A9:F4:0F:3B:6D:B2:D1:F6:55:C7 Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43 Certificate issuer: /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43 Certificate serial: 019B48B923C3247AD98A568853A6A356F6CC Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft Manifest number: 17A6 Signing time: Tue 23 Dec 2025 01:00:51 +0000 Manifest this update: Tue 23 Dec 2025 01:00:51 +0000 Manifest next update: Wed 24 Dec 2025 01:00:51 +0000 Files and hashes: 1: 2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl (hash: sfGYYrgB6GkKHvHv+IPNcuFJcj6sti+TOqh1tcQ0jGc=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Wed 24 Dec 2025 00:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:48:b9:23:c3:24:7a:d9:8a:56:88:53:a6:a3:56:f6:cc Signature Algorithm: sha256WithRSAEncryption Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43 Validity Not Before: Dec 23 01:00:51 2025 GMT Not After : Dec 24 01:00:51 2025 GMT Subject: CN=a45034acc989f910abe5a9f40f3b6db2d1f655c7 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ca:68:d6:98:01:4d:63:76:e0:29:aa:3e:1c:ba: 0b:03:9d:13:51:17:72:5d:8c:c2:d5:c2:8e:09:ea: 82:c6:eb:94:7c:d4:e4:17:d7:e7:bf:40:f4:06:0b: 60:56:23:8f:e3:61:df:4c:e3:76:60:08:09:83:04: db:39:93:36:41:ab:cc:ea:04:04:f3:c0:58:c0:e7: da:cd:57:db:21:b7:4c:cf:71:9c:10:97:e7:d9:56: f0:8f:55:1c:d1:c8:3f:c7:95:33:9f:3a:a9:55:95: 27:27:6f:a7:c7:25:94:4d:c0:7c:83:1d:fd:98:ad: 92:4d:03:2d:4c:5c:38:9b:6a:f6:3d:40:94:7b:d7: e2:09:82:53:36:fa:4b:60:41:87:c9:08:6c:c4:48: 35:30:d2:cd:b8:e8:07:f1:9b:06:09:42:4d:b0:74: aa:96:a1:26:bd:4a:38:be:dd:24:5a:a8:53:f6:5c: 52:cc:bd:4d:8f:b4:28:05:aa:e3:e5:e2:2b:7c:5b: 83:2d:c6:7c:0f:20:c2:81:fa:ec:33:73:d3:63:fd: f4:bc:a5:9d:0c:e2:29:e9:bb:8b:31:d6:37:8d:4c: 1c:77:bb:75:31:0f:d2:ca:89:06:cd:1e:53:5e:cb: e9:9b:24:dc:20:b3:52:4a:59:78:06:6f:79:23:18: 31:05 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A4:50:34:AC:C9:89:F9:10:AB:E5:A9:F4:0F:3B:6D:B2:D1:F6:55:C7 X509v3 Authority Key Identifier: keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 35:a8:92:88:12:21:cf:3c:65:bc:2c:a4:3a:b2:59:7d:cc:30: fa:98:2e:cb:05:1b:88:e3:f5:e7:b7:50:75:23:26:2f:73:49: f3:ef:18:25:cf:23:fa:f4:e1:9f:a1:28:61:24:4b:19:8a:b7: a5:a4:32:10:0b:34:c0:d3:cf:2b:f5:ad:23:1d:10:a5:52:0e: ee:19:de:0a:d0:a3:76:cc:fb:4e:41:71:b8:00:e0:d6:0c:74: 6e:ef:46:f1:8a:fe:f9:f2:a9:7e:fd:2b:42:82:42:dd:e7:16: 9b:a9:cc:08:05:ee:ea:ca:56:1a:0e:0a:cb:01:ef:3c:f8:c9: 72:5b:e4:fc:39:d9:fe:02:52:9c:5d:68:ce:d1:79:88:e5:60: 5a:94:6a:71:05:41:38:53:c8:f5:3e:44:e5:9a:1c:4e:d4:16: 2f:01:62:bc:ec:3e:c0:2b:47:d2:59:72:ac:be:1f:74:d9:22: c4:2d:c0:65:2a:65:f6:e0:10:a4:8b:3e:bc:a3:77:28:2a:24: d8:91:89:59:10:c8:5f:df:80:61:5f:8f:34:fc:d9:0e:24:d9: 82:e0:61:13:7c:03:86:ae:98:38:bf:38:20:3e:d7:80:a7:c9: 58:a3:d2:97:7d:e9:19:cd:df:b3:91:f0:ce:23:e8:44:d6:c1: ed:61:6d:8d -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZtIuSPDJHrZilaIU6ajVvbMMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl YmFhNDMwHhcNMjUxMjIzMDEwMDUxWhcNMjUxMjI0MDEwMDUxWjAzMTEwLwYDVQQD EyhhNDUwMzRhY2M5ODlmOTEwYWJlNWE5ZjQwZjNiNmRiMmQxZjY1NWM3MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymjWmAFNY3bgKao+HLoLA50TURdy XYzC1cKOCeqCxuuUfNTkF9fnv0D0BgtgViOP42HfTON2YAgJgwTbOZM2QavM6gQE 88BYwOfazVfbIbdMz3GcEJfn2Vbwj1Uc0cg/x5UznzqpVZUnJ2+nxyWUTcB8gx39 mK2STQMtTFw4m2r2PUCUe9fiCYJTNvpLYEGHyQhsxEg1MNLNuOgH8ZsGCUJNsHSq lqEmvUo4vt0kWqhT9lxSzL1Nj7QoBarj5eIrfFuDLcZ8DyDCgfrsM3PTY/30vKWd DOIp6buLMdY3jUwcd7t1MQ/SyokGzR5TXsvpmyTcILNSSll4Bm95IxgxBQIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFKRQNKzJifkQq+Wp9A87bbLR9lXHMB8GA1UdIwQY MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct Nzg1ZTU4ODM2NDRkLzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEANaiSiBIh zzxlvCykOrJZfcww+pguywUbiOP157dQdSMmL3NJ8+8YJc8j+vThn6EoYSRLGYq3 paQyEAs0wNPPK/WtIx0QpVIO7hneCtCjdsz7TkFxuADg1gx0bu9G8Yr++fKpfv0r QoJC3ecWm6nMCAXu6spWGg4KywHvPPjJclvk/DnZ/gJSnF1oztF5iOVgWpRqcQVB OFPI9T5E5ZocTtQWLwFivOw+wCtH0llyrL4fdNkixC3AZSpl9uAQpIs+vKN3KCok 2JGJWRDIX9+AYV+PNPzZDiTZguBhE3wDhq6YOL84ID7XgKfJWKPSl33pGc3fs5Hw ziPoRNbB7WFtjQ== -----END CERTIFICATE-----Generated at Tue Dec 23 09:06:26 2025 by rpki-client