This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/19877d-3932-472e-9e64-c45e8924c54a/1/sd_KrmUzbQycpCWFpG2Yyawk9eU.mft File: sd_KrmUzbQycpCWFpG2Yyawk9eU.mft (raw, json) Hash identifier: J0l1/H+Ee265R6O/3YrOaTl4JXGIxm8iRXldOZijBmw= Subject key identifier: BB:2B:22:F4:0C:AB:31:61:52:A2:4C:AB:99:02:74:B2:C2:9E:8A:3B Authority key identifier: B1:DF:CA:AE:65:33:6D:0C:9C:A4:25:85:A4:6D:98:C9:AC:24:F5:E5 Certificate issuer: /CN=b1dfcaae65336d0c9ca42585a46d98c9ac24f5e5 Certificate serial: 019B49274D1DBE015A4C6095C3DE9EC983B5 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sd_KrmUzbQycpCWFpG2Yyawk9eU.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/19877d-3932-472e-9e64-c45e8924c54a/1/sd_KrmUzbQycpCWFpG2Yyawk9eU.mft Manifest number: 03D5 Signing time: Tue 23 Dec 2025 03:01:10 +0000 Manifest this update: Tue 23 Dec 2025 03:01:10 +0000 Manifest next update: Wed 24 Dec 2025 03:01:10 +0000 Files and hashes: 1: sd_KrmUzbQycpCWFpG2Yyawk9eU.crl (hash: ub3lGV5KLtWPjMmx3Yi2nVx+VTjL6FsNjq1HuN+fDD8=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/20/19877d-3932-472e-9e64-c45e8924c54a/1/sd_KrmUzbQycpCWFpG2Yyawk9eU.crl rsync://rpki.ripe.net/repository/DEFAULT/20/19877d-3932-472e-9e64-c45e8924c54a/1/sd_KrmUzbQycpCWFpG2Yyawk9eU.mft rsync://rpki.ripe.net/repository/DEFAULT/sd_KrmUzbQycpCWFpG2Yyawk9eU.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Wed 24 Dec 2025 03:01:10 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:49:27:4d:1d:be:01:5a:4c:60:95:c3:de:9e:c9:83:b5 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=b1dfcaae65336d0c9ca42585a46d98c9ac24f5e5 Validity Not Before: Dec 23 03:01:10 2025 GMT Not After : Dec 24 03:01:10 2025 GMT Subject: CN=bb2b22f40cab316152a24cab990274b2c29e8a3b Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b7:0e:6c:6b:7b:97:97:61:ff:c8:f8:89:79:57: d5:8b:eb:8f:ca:b9:6e:65:23:a4:af:22:39:fb:d1: 48:81:43:f8:b8:05:99:8d:8d:05:6c:d5:96:89:3c: 10:81:1e:f9:24:66:5f:a5:ec:3d:6c:0c:11:28:23: e3:50:01:cf:0b:47:8d:63:4f:f8:9b:61:df:86:59: 75:92:d2:5e:08:cb:31:3a:2b:0b:8b:50:14:d3:d5: 0c:b2:84:ab:5c:f5:d4:05:64:81:ee:7d:d2:85:b4: fc:a3:1d:b7:4f:8e:ce:eb:c8:e4:f7:2e:53:47:e0: 59:90:db:f8:31:f2:4b:1c:a0:45:5b:da:f8:69:1d: c1:9a:11:ca:6f:1e:03:66:69:53:1e:bc:f6:e3:ab: 0e:61:2f:99:84:0b:a3:4c:ea:cb:93:d1:bb:42:24: c6:3f:3c:ca:20:71:86:7c:a9:8f:89:56:b0:f7:13: 2d:28:61:c1:94:4e:62:d7:3f:16:84:02:c1:7d:dd: 00:f7:b0:13:67:b7:ed:2d:dd:cc:67:7c:b7:cc:a7: e0:ac:2e:9b:55:6d:bc:9d:ff:2c:ba:63:c4:20:a3: bf:95:4d:56:49:5c:6d:9c:be:c0:88:7b:78:28:68: 31:d0:ff:42:9b:cd:2c:7b:19:2f:5e:ed:c1:a1:60: 3e:bd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: BB:2B:22:F4:0C:AB:31:61:52:A2:4C:AB:99:02:74:B2:C2:9E:8A:3B X509v3 Authority Key Identifier: keyid:B1:DF:CA:AE:65:33:6D:0C:9C:A4:25:85:A4:6D:98:C9:AC:24:F5:E5 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sd_KrmUzbQycpCWFpG2Yyawk9eU.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/19877d-3932-472e-9e64-c45e8924c54a/1/sd_KrmUzbQycpCWFpG2Yyawk9eU.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/20/19877d-3932-472e-9e64-c45e8924c54a/1/sd_KrmUzbQycpCWFpG2Yyawk9eU.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 0f:a3:d1:1f:cf:d5:22:68:ed:b6:1a:e5:90:ad:d5:aa:d8:4f: 92:6d:62:bf:02:0b:61:6d:f9:38:7a:de:c6:97:3d:34:45:19: c5:fd:b9:39:ee:91:b7:33:33:00:41:47:ad:e2:d0:0c:d7:e5: c1:5f:65:00:a9:ff:d4:4c:d3:57:e0:d2:63:3f:48:1c:81:23: 09:d7:b8:72:94:9a:ea:29:3d:75:36:91:fe:8f:95:b1:d5:a4: c7:84:dc:0c:be:49:22:1b:cc:cc:7a:d9:27:b3:0f:a6:bf:41: 58:ad:52:c7:b5:ce:e9:02:f7:42:35:7e:a0:2b:6a:89:86:32: c2:5d:28:7c:75:55:6f:4f:5c:21:26:7a:96:10:66:32:fb:5a: 6d:41:ba:a9:46:d6:82:c5:ed:87:36:b0:5e:16:ae:cf:72:29: 8a:b7:00:6f:77:28:dd:70:d6:35:85:d5:57:95:a7:ea:40:0f: 5e:8b:bf:8f:34:b4:e2:81:fd:b7:fe:2d:e4:9b:d6:45:80:2d: 84:c0:f2:fb:df:54:14:d6:a3:10:dd:94:7a:40:53:7b:61:c7: b6:fd:04:1a:a4:2f:5b:2b:3a:1e:6c:0e:17:84:61:09:c9:74: 6d:30:b5:75:71:78:5a:80:5c:62:d1:0e:9b:25:fc:d5:fe:e4: 78:b3:e6:cb -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZtJJ00dvgFaTGCVw96eyYO1MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGIxZGZjYWFlNjUzMzZkMGM5Y2E0MjU4NWE0NmQ5OGM5YWMy NGY1ZTUwHhcNMjUxMjIzMDMwMTEwWhcNMjUxMjI0MDMwMTEwWjAzMTEwLwYDVQQD EyhiYjJiMjJmNDBjYWIzMTYxNTJhMjRjYWI5OTAyNzRiMmMyOWU4YTNiMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtw5sa3uXl2H/yPiJeVfVi+uPyrlu ZSOkryI5+9FIgUP4uAWZjY0FbNWWiTwQgR75JGZfpew9bAwRKCPjUAHPC0eNY0/4 m2Hfhll1ktJeCMsxOisLi1AU09UMsoSrXPXUBWSB7n3ShbT8ox23T47O68jk9y5T R+BZkNv4MfJLHKBFW9r4aR3BmhHKbx4DZmlTHrz246sOYS+ZhAujTOrLk9G7QiTG PzzKIHGGfKmPiVaw9xMtKGHBlE5i1z8WhALBfd0A97ATZ7ftLd3MZ3y3zKfgrC6b VW28nf8sumPEIKO/lU1WSVxtnL7AiHt4KGgx0P9Cm80sexkvXu3BoWA+vQIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFLsrIvQMqzFhUqJMq5kCdLLCnoo7MB8GA1UdIwQY MBaAFLHfyq5lM20MnKQlhaRtmMmsJPXlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvc2RfS3JtVXpiUXljcENXRnBHMll5YXdrOWVVLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8xOTg3N2QtMzkzMi00NzJlLTllNjQt YzQ1ZTg5MjRjNTRhLzEvc2RfS3JtVXpiUXljcENXRnBHMll5YXdrOWVVLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8yMC8xOTg3N2QtMzkzMi00NzJlLTllNjQtYzQ1ZTg5MjRjNTRh LzEvc2RfS3JtVXpiUXljcENXRnBHMll5YXdrOWVVLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAD6PRH8/V ImjtthrlkK3VqthPkm1ivwILYW35OHrexpc9NEUZxf25Oe6RtzMzAEFHreLQDNfl wV9lAKn/1EzTV+DSYz9IHIEjCde4cpSa6ik9dTaR/o+VsdWkx4TcDL5JIhvMzHrZ J7MPpr9BWK1Sx7XO6QL3QjV+oCtqiYYywl0ofHVVb09cISZ6lhBmMvtabUG6qUbW gsXthzawXhauz3IpircAb3co3XDWNYXVV5Wn6kAPXou/jzS04oH9t/4t5JvWRYAt hMDy+99UFNajEN2UekBTe2HHtv0EGqQvWys6HmwOF4RhCcl0bTC1dXF4WoBcYtEO myX81f7keLPmyw== -----END CERTIFICATE-----Generated at Tue Dec 23 10:47:34 2025 by rpki-client