This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/76768c-cd75-46a9-8d65-6cbb77baa02d/1/tkDbwv_PXWNFicBEAV1xdcuv8-0.mft File: tkDbwv_PXWNFicBEAV1xdcuv8-0.mft (raw, json) Hash identifier: wdBqiqit82epAPDRF7zaXiFFTa+G5w2Rj0eLncs6gOg= Subject key identifier: CC:B6:C2:A7:E5:53:40:4A:2F:D3:E3:D6:64:B5:19:A7:EE:4B:F2:49 Authority key identifier: B6:40:DB:C2:FF:CF:5D:63:45:89:C0:44:01:5D:71:75:CB:AF:F3:ED Certificate issuer: /CN=b640dbc2ffcf5d634589c044015d7175cbaff3ed Certificate serial: 019B3D234BDC45B5DDC2E302B7006554037C Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tkDbwv_PXWNFicBEAV1xdcuv8-0.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1f/76768c-cd75-46a9-8d65-6cbb77baa02d/1/tkDbwv_PXWNFicBEAV1xdcuv8-0.mft Manifest number: 1227 Signing time: Sat 20 Dec 2025 19:01:21 +0000 Manifest this update: Sat 20 Dec 2025 19:01:21 +0000 Manifest next update: Sun 21 Dec 2025 19:01:21 +0000 Files and hashes: 1: tkDbwv_PXWNFicBEAV1xdcuv8-0.crl (hash: eNZvGdJxn96ciQ4kaJpcQ1KhxUl+gc4kcuyMRZq2I3o=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/1f/76768c-cd75-46a9-8d65-6cbb77baa02d/1/tkDbwv_PXWNFicBEAV1xdcuv8-0.crl rsync://rpki.ripe.net/repository/DEFAULT/1f/76768c-cd75-46a9-8d65-6cbb77baa02d/1/tkDbwv_PXWNFicBEAV1xdcuv8-0.mft rsync://rpki.ripe.net/repository/DEFAULT/tkDbwv_PXWNFicBEAV1xdcuv8-0.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 21 Dec 2025 19:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:3d:23:4b:dc:45:b5:dd:c2:e3:02:b7:00:65:54:03:7c Signature Algorithm: sha256WithRSAEncryption Issuer: CN=b640dbc2ffcf5d634589c044015d7175cbaff3ed Validity Not Before: Dec 20 19:01:21 2025 GMT Not After : Dec 21 19:01:21 2025 GMT Subject: CN=ccb6c2a7e553404a2fd3e3d664b519a7ee4bf249 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c0:29:ab:b3:5a:92:9a:dc:a9:bc:7a:42:1c:7b: b0:d1:55:70:60:4f:ee:8e:e8:fd:29:fb:b0:f0:db: c3:ac:5a:02:66:f3:70:c3:70:26:a0:da:1b:ec:78: 68:88:be:03:74:e6:aa:6b:8b:00:35:b2:6f:15:2d: 88:38:1a:2b:8b:c8:f1:de:f1:52:52:cb:79:28:30: cf:31:00:c3:6a:c3:73:c1:74:aa:d5:98:f1:e0:7c: 01:5b:61:5a:e3:3a:1c:8a:43:3e:c6:e2:0f:cb:11: de:79:32:c6:a5:62:72:97:c7:9a:b4:90:6c:1f:99: 09:00:01:a9:57:36:92:2f:53:24:e0:30:d7:61:fd: 39:ad:13:7a:98:8d:af:4f:ca:ea:62:96:0e:c5:94: 22:3d:f9:6c:c5:f3:f7:b3:e6:a2:56:01:ad:67:f7: 9b:6e:a4:e1:af:68:f1:c9:c9:ce:66:51:e0:01:91: 90:a5:94:7b:b6:28:7b:9b:1c:77:7e:c0:6d:68:42: 2b:8b:ce:2e:25:17:99:9d:c2:ea:04:db:77:bf:43: be:e9:99:dc:64:7e:ef:7b:7b:bb:95:9a:c1:13:32: 4b:87:22:97:b1:51:1b:84:bb:67:4d:85:ea:bb:40: 26:ac:77:00:75:e1:70:eb:59:71:8b:9c:b1:16:10: cb:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CC:B6:C2:A7:E5:53:40:4A:2F:D3:E3:D6:64:B5:19:A7:EE:4B:F2:49 X509v3 Authority Key Identifier: keyid:B6:40:DB:C2:FF:CF:5D:63:45:89:C0:44:01:5D:71:75:CB:AF:F3:ED X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tkDbwv_PXWNFicBEAV1xdcuv8-0.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/76768c-cd75-46a9-8d65-6cbb77baa02d/1/tkDbwv_PXWNFicBEAV1xdcuv8-0.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/76768c-cd75-46a9-8d65-6cbb77baa02d/1/tkDbwv_PXWNFicBEAV1xdcuv8-0.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 52:1a:9b:93:ab:22:67:28:a8:e6:b1:53:cd:97:fc:de:72:21: a3:63:e0:d5:ff:7b:95:7e:8d:14:80:c2:ed:e7:b8:82:af:6f: be:0f:53:b1:f1:85:23:92:85:29:0e:6e:66:9d:2e:34:fc:69: 06:08:bf:ad:f9:02:f2:66:77:db:a8:1c:8b:a5:1f:75:67:cf: 0f:1e:42:97:98:a0:13:97:1d:2d:fb:6c:fe:cd:df:b7:e4:75: 6e:68:85:85:e8:0d:51:61:80:e7:03:90:83:a2:9a:cf:ce:57: 2d:06:e0:89:c2:f4:41:54:e9:2f:c4:29:08:bf:e5:38:e8:22: 29:32:6d:c4:95:fb:95:07:9c:7e:5e:ad:97:73:22:da:08:15: 23:92:43:5e:e2:d1:47:20:30:f9:38:bc:9b:95:c3:e3:70:b8: 9d:4c:0c:13:a9:44:82:c8:e6:78:11:f7:dc:64:bc:c5:cd:dd: dd:7c:64:74:5f:11:0a:30:a7:66:6b:94:8d:2e:14:5a:37:e7: c0:2c:8d:a1:05:b6:bc:64:cd:9e:d6:27:95:81:4b:b4:96:bf: f0:41:bc:0c:5f:72:ce:f5:08:76:24:00:7a:a8:0a:d8:99:35: 67:f7:26:31:a8:56:65:99:2c:c3:47:11:b8:47:e8:8c:11:f2: e4:7e:94:40 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZs9I0vcRbXdwuMCtwBlVAN8MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGI2NDBkYmMyZmZjZjVkNjM0NTg5YzA0NDAxNWQ3MTc1Y2Jh ZmYzZWQwHhcNMjUxMjIwMTkwMTIxWhcNMjUxMjIxMTkwMTIxWjAzMTEwLwYDVQQD EyhjY2I2YzJhN2U1NTM0MDRhMmZkM2UzZDY2NGI1MTlhN2VlNGJmMjQ5MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCmrs1qSmtypvHpCHHuw0VVwYE/u juj9Kfuw8NvDrFoCZvNww3AmoNob7HhoiL4DdOaqa4sANbJvFS2IOBori8jx3vFS Ust5KDDPMQDDasNzwXSq1Zjx4HwBW2Fa4zocikM+xuIPyxHeeTLGpWJyl8eatJBs H5kJAAGpVzaSL1Mk4DDXYf05rRN6mI2vT8rqYpYOxZQiPflsxfP3s+aiVgGtZ/eb bqThr2jxycnOZlHgAZGQpZR7tih7mxx3fsBtaEIri84uJReZncLqBNt3v0O+6Znc ZH7ve3u7lZrBEzJLhyKXsVEbhLtnTYXqu0AmrHcAdeFw61lxi5yxFhDLywIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFMy2wqflU0BKL9Pj1mS1GafuS/JJMB8GA1UdIwQY MBaAFLZA28L/z11jRYnARAFdcXXLr/PtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvdGtEYnd2X1BYV05GaWNCRUFWMXhkY3V2OC0wLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi83Njc2OGMtY2Q3NS00NmE5LThkNjUt NmNiYjc3YmFhMDJkLzEvdGtEYnd2X1BYV05GaWNCRUFWMXhkY3V2OC0wLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8xZi83Njc2OGMtY2Q3NS00NmE5LThkNjUtNmNiYjc3YmFhMDJk LzEvdGtEYnd2X1BYV05GaWNCRUFWMXhkY3V2OC0wLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAUhqbk6si Zyio5rFTzZf83nIho2Pg1f97lX6NFIDC7ee4gq9vvg9TsfGFI5KFKQ5uZp0uNPxp Bgi/rfkC8mZ326gci6UfdWfPDx5Cl5igE5cdLfts/s3ft+R1bmiFhegNUWGA5wOQ g6Kaz85XLQbgicL0QVTpL8QpCL/lOOgiKTJtxJX7lQecfl6tl3Mi2ggVI5JDXuLR RyAw+Ti8m5XD43C4nUwME6lEgsjmeBH33GS8xc3d3XxkdF8RCjCnZmuUjS4UWjfn wCyNoQW2vGTNntYnlYFLtJa/8EG8DF9yzvUIdiQAeqgK2Jk1Z/cmMahWZZksw0cR uEfojBHy5H6UQA== -----END CERTIFICATE-----Generated at Sun Dec 21 02:57:01 2025 by rpki-client