This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.mft File: nz-YcVNtYL90vfaQYMkNVBB9jjg.mft (raw, json) Hash identifier: YzWc2gNxXerxscQs/4CTLv8cmKcAkrQrREJFtYBOzbU= Subject key identifier: 53:6F:A0:B4:68:0C:89:21:71:30:66:2D:B7:24:26:DD:FE:E4:E4:92 Authority key identifier: 9F:3F:98:71:53:6D:60:BF:74:BD:F6:90:60:C9:0D:54:10:7D:8E:38 Certificate issuer: /CN=9f3f9871536d60bf74bdf69060c90d54107d8e38 Certificate serial: 019B3F11732E9515AE130A4B05BCD7B315FF Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nz-YcVNtYL90vfaQYMkNVBB9jjg.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.mft Manifest number: 1009 Signing time: Sun 21 Dec 2025 04:01:06 +0000 Manifest this update: Sun 21 Dec 2025 04:01:06 +0000 Manifest next update: Mon 22 Dec 2025 04:01:06 +0000 Files and hashes: 1: cZq1EWW-Cck7oNh5z2nVrTYMRQM.roa (hash: ptcOLOBEIgDro10MJyiqeVzzPTgAas0GugoUSuUsWgQ=) 2: nz-YcVNtYL90vfaQYMkNVBB9jjg.crl (hash: zajDvvnGGyD+N5W8z0VYYzPkwt6SMzAzQGs0uW3acWo=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.crl rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.mft rsync://rpki.ripe.net/repository/DEFAULT/nz-YcVNtYL90vfaQYMkNVBB9jjg.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 22 Dec 2025 00:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:3f:11:73:2e:95:15:ae:13:0a:4b:05:bc:d7:b3:15:ff Signature Algorithm: sha256WithRSAEncryption Issuer: CN=9f3f9871536d60bf74bdf69060c90d54107d8e38 Validity Not Before: Dec 21 04:01:06 2025 GMT Not After : Dec 22 04:01:06 2025 GMT Subject: CN=536fa0b4680c89217130662db72426ddfee4e492 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ef:5c:be:a3:01:56:dd:c5:fc:6a:87:11:f6:71: 85:ea:68:5f:b6:7f:7f:35:eb:23:d3:19:c3:11:fe: bf:96:f8:eb:72:4e:21:aa:d0:76:e4:c4:83:ec:52: c9:1e:63:90:f4:82:ac:0c:af:89:52:fb:07:2a:7b: c0:f5:f8:0d:76:6f:99:78:8f:31:ee:93:84:51:a6: a6:9a:50:16:8f:43:b7:ea:fa:95:28:be:e4:00:bf: a7:db:82:1f:52:12:c6:44:c5:52:fb:ee:75:12:a4: a6:08:44:f4:de:e3:33:2d:66:b7:67:ed:8d:af:fb: 6f:a0:db:e7:c0:bc:7c:83:e4:19:85:5b:d2:0f:f9: 1d:3d:91:1c:3e:57:7b:dd:45:f9:fa:b6:36:16:5b: d3:ec:e0:2e:80:76:77:c8:d6:67:eb:b0:da:7b:81: bc:84:c7:0b:1d:b5:1e:0c:ea:86:a5:c8:c5:17:31: f5:d7:97:24:da:98:cd:ea:15:03:a2:71:bf:b2:d3: c7:98:73:48:c1:d7:ca:fb:39:d2:94:f8:01:bb:ae: e7:64:34:b1:68:5c:48:44:9f:4e:ae:f3:6e:74:d3: 4e:fe:29:93:08:9a:7c:7a:50:e1:73:7c:ac:84:66: 1a:c7:f4:38:57:41:17:c3:25:09:46:dc:b7:8e:0f: cc:cb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 53:6F:A0:B4:68:0C:89:21:71:30:66:2D:B7:24:26:DD:FE:E4:E4:92 X509v3 Authority Key Identifier: keyid:9F:3F:98:71:53:6D:60:BF:74:BD:F6:90:60:C9:0D:54:10:7D:8E:38 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nz-YcVNtYL90vfaQYMkNVBB9jjg.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f6bbd3-ae27-4dc7-b669-c5263b3303b9/1/nz-YcVNtYL90vfaQYMkNVBB9jjg.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 81:c2:00:19:10:36:1f:9d:0e:1d:e2:3c:ab:7d:d8:a7:e5:a9: 39:c2:38:5a:e4:b4:22:3e:52:0f:09:99:85:4a:64:2c:22:75: f3:e6:de:b5:d3:61:2d:1e:a8:ef:da:e2:d0:81:2d:c3:ca:ae: 22:79:98:de:59:72:c0:a3:b9:42:57:70:f1:e1:36:70:42:f8: b5:33:52:15:7f:48:30:99:e9:1d:9b:cc:cb:8f:57:9f:8d:c2: c0:6c:a7:26:81:ae:8c:c6:4b:2d:ac:02:00:47:21:0b:28:96: 1f:d3:84:06:b7:2b:b8:94:58:6c:7c:f8:9c:d5:1e:27:62:40: 57:b4:e2:2e:ab:4d:01:0e:42:43:99:82:dd:be:86:5a:94:aa: 45:4f:29:1d:67:51:f0:e3:c5:ea:e9:16:62:12:8f:29:27:97: 3d:79:8a:f4:34:49:e4:74:99:fc:a0:00:9f:c3:54:21:62:51: 8d:bb:d7:5d:1c:f2:6b:59:cb:11:79:a8:f2:eb:b8:31:78:7f: 25:73:45:00:5e:f2:aa:ea:8d:65:73:37:6d:bc:8c:36:17:fb: a1:95:f5:61:19:c0:14:db:bc:80:ec:98:fe:f1:1b:84:72:bf: 6c:ce:4e:6d:73:4e:8f:c9:33:d4:0d:34:ee:d4:0b:cd:41:31: 36:43:31:02 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZs/EXMulRWuEwpLBbzXsxX/MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDlmM2Y5ODcxNTM2ZDYwYmY3NGJkZjY5MDYwYzkwZDU0MTA3 ZDhlMzgwHhcNMjUxMjIxMDQwMTA2WhcNMjUxMjIyMDQwMTA2WjAzMTEwLwYDVQQD Eyg1MzZmYTBiNDY4MGM4OTIxNzEzMDY2MmRiNzI0MjZkZGZlZTRlNDkyMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71y+owFW3cX8aocR9nGF6mhftn9/ Nesj0xnDEf6/lvjrck4hqtB25MSD7FLJHmOQ9IKsDK+JUvsHKnvA9fgNdm+ZeI8x 7pOEUaammlAWj0O36vqVKL7kAL+n24IfUhLGRMVS++51EqSmCET03uMzLWa3Z+2N r/tvoNvnwLx8g+QZhVvSD/kdPZEcPld73UX5+rY2FlvT7OAugHZ3yNZn67Dae4G8 hMcLHbUeDOqGpcjFFzH115ck2pjN6hUDonG/stPHmHNIwdfK+znSlPgBu67nZDSx aFxIRJ9OrvNudNNO/imTCJp8elDhc3yshGYax/Q4V0EXwyUJRty3jg/MywIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFFNvoLRoDIkhcTBmLbckJt3+5OSSMB8GA1UdIwQY MBaAFJ8/mHFTbWC/dL32kGDJDVQQfY44MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvbnotWWNWTnRZTDkwdmZhUVlNa05WQkI5ampnLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mNmJiZDMtYWUyNy00ZGM3LWI2Njkt YzUyNjNiMzMwM2I5LzEvbnotWWNWTnRZTDkwdmZhUVlNa05WQkI5ampnLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8yMy9mNmJiZDMtYWUyNy00ZGM3LWI2NjktYzUyNjNiMzMwM2I5 LzEvbnotWWNWTnRZTDkwdmZhUVlNa05WQkI5ampnLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAgcIAGRA2 H50OHeI8q33Yp+WpOcI4WuS0Ij5SDwmZhUpkLCJ18+betdNhLR6o79ri0IEtw8qu InmY3llywKO5Qldw8eE2cEL4tTNSFX9IMJnpHZvMy49Xn43CwGynJoGujMZLLawC AEchCyiWH9OEBrcruJRYbHz4nNUeJ2JAV7TiLqtNAQ5CQ5mC3b6GWpSqRU8pHWdR 8OPF6ukWYhKPKSeXPXmK9DRJ5HSZ/KAAn8NUIWJRjbvXXRzya1nLEXmo8uu4MXh/ JXNFAF7yquqNZXM3bbyMNhf7oZX1YRnAFNu8gOyY/vEbhHK/bM5ObXNOj8kz1A00 7tQLzUExNkMxAg== -----END CERTIFICATE-----Generated at Sun Dec 21 06:08:57 2025 by rpki-client