This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft File: KLwbPQy41cqsOntK0XlF--9QWKU.mft (raw, json) Hash identifier: 7ZNqONd6wxMGa9hlLkP5+dtbyxkzgQ1o4a5HFsD0JZc= Subject key identifier: 41:AF:A9:2D:CC:5C:B2:0E:3C:51:33:08:EF:7A:C8:C6:D2:E7:48:73 Authority key identifier: 28:BC:1B:3D:0C:B8:D5:CA:AC:3A:7B:4A:D1:79:45:FB:EF:50:58:A5 Certificate issuer: /CN=28bc1b3d0cb8d5caac3a7b4ad17945fbef5058a5 Certificate serial: 019BAEDDD199C7D269710D879FF034D55FCF Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KLwbPQy41cqsOntK0XlF--9QWKU.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft Manifest number: 03D2 Signing time: Sun 11 Jan 2026 21:02:11 +0000 Manifest this update: Sun 11 Jan 2026 21:02:11 +0000 Manifest next update: Mon 12 Jan 2026 21:02:11 +0000 Files and hashes: 1: KLwbPQy41cqsOntK0XlF--9QWKU.crl (hash: wNmSBSW93LdBC9SLjbkUeFKb2XKshf7X1fwpgdPYbM0=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.crl rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft rsync://rpki.ripe.net/repository/DEFAULT/KLwbPQy41cqsOntK0XlF--9QWKU.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 12 Jan 2026 21:02:11 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:ae:dd:d1:99:c7:d2:69:71:0d:87:9f:f0:34:d5:5f:cf Signature Algorithm: sha256WithRSAEncryption Issuer: CN=28bc1b3d0cb8d5caac3a7b4ad17945fbef5058a5 Validity Not Before: Jan 11 21:02:11 2026 GMT Not After : Jan 12 21:02:11 2026 GMT Subject: CN=41afa92dcc5cb20e3c513308ef7ac8c6d2e74873 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a0:ee:c7:db:a1:19:b6:91:13:28:f3:65:cc:32: 60:b7:2b:03:79:3b:94:5d:62:20:ba:6a:19:6a:64: 67:58:ea:30:8b:53:76:93:a4:1f:2e:1a:1d:f7:c3: c6:a9:42:fd:cc:11:0b:e1:32:c2:2e:b7:cb:1e:27: fd:d0:26:74:11:d0:24:d4:95:0d:80:15:3c:37:a6: 6e:90:a4:7a:96:d8:ba:74:93:bd:4b:68:2f:76:26: eb:21:ad:43:eb:e0:e8:8c:b4:f8:58:9f:60:b7:7a: 00:12:83:e0:fd:13:51:66:62:89:31:58:12:85:41: 83:67:9f:2a:13:53:be:98:ce:34:1b:7f:95:db:b1: 0f:b5:cc:f8:25:64:ca:1e:d1:32:fa:60:d2:01:d7: d9:e8:71:6f:31:90:7b:12:57:49:dc:50:4d:b7:4c: 6d:64:33:c1:01:f8:89:e8:da:4e:2d:47:5e:93:7a: 09:72:d5:65:56:b8:d0:78:1e:9f:4c:46:a2:5c:7d: 57:14:b1:82:74:6b:d2:c9:8d:72:4b:98:58:b2:fa: a2:17:37:b2:2b:6b:1c:35:0f:ab:7f:53:d4:f5:dd: 03:b9:09:79:58:18:85:ed:ef:2d:3e:16:14:bc:a4: 58:74:a6:08:8e:39:e5:b4:0b:bc:18:01:f1:b2:2d: 5c:47 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 41:AF:A9:2D:CC:5C:B2:0E:3C:51:33:08:EF:7A:C8:C6:D2:E7:48:73 X509v3 Authority Key Identifier: keyid:28:BC:1B:3D:0C:B8:D5:CA:AC:3A:7B:4A:D1:79:45:FB:EF:50:58:A5 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLwbPQy41cqsOntK0XlF--9QWKU.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/49/7a1b60-3aec-44dd-9662-365985409bfa/1/KLwbPQy41cqsOntK0XlF--9QWKU.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 38:0d:d3:1a:21:e1:88:67:bc:8d:fa:28:80:0d:47:cb:80:37: d9:d8:c2:b5:25:13:0f:1b:1b:84:00:66:df:7c:24:4e:7e:41: b7:86:6a:68:b9:4b:f3:7c:71:89:14:0e:97:e4:fd:6f:1e:11: c6:ba:28:79:76:5c:54:11:a3:96:67:76:4a:ec:22:c6:47:69: 1c:d9:bf:49:a9:7f:67:ea:7b:e3:aa:80:88:40:7e:33:90:b0: 47:a1:7a:95:dd:dd:71:4c:0e:20:c7:f3:c1:41:bf:4b:c2:a4: 16:d6:ae:97:d2:6e:f0:45:55:ba:b3:d6:94:0e:5f:58:cb:b0: cd:fa:88:a2:10:c0:d8:73:12:7f:b1:11:3b:84:fb:89:73:80: e1:02:cd:76:19:dd:4b:57:19:ba:98:42:f4:d4:45:c4:33:68: f4:dc:91:11:b3:ae:92:f8:ae:07:ef:29:54:67:fd:1f:51:ba: 49:68:c8:a5:81:95:a0:68:e3:e4:ce:1f:94:8a:7e:90:d2:a7: ae:ef:d4:89:c5:d6:70:78:83:8f:d1:95:a3:be:d1:a3:1a:f5: bd:18:49:3b:9d:83:53:73:1a:9c:76:13:07:b6:44:23:9b:15: 3e:0c:c1:5b:88:ce:d4:0d:25:1f:be:88:e9:45:39:64:7c:bc: b4:0c:11:dd -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZuu3dGZx9JpcQ2Hn/A01V/PMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDI4YmMxYjNkMGNiOGQ1Y2FhYzNhN2I0YWQxNzk0NWZiZWY1 MDU4YTUwHhcNMjYwMTExMjEwMjExWhcNMjYwMTEyMjEwMjExWjAzMTEwLwYDVQQD Eyg0MWFmYTkyZGNjNWNiMjBlM2M1MTMzMDhlZjdhYzhjNmQyZTc0ODczMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7H26EZtpETKPNlzDJgtysDeTuU XWIgumoZamRnWOowi1N2k6QfLhod98PGqUL9zBEL4TLCLrfLHif90CZ0EdAk1JUN gBU8N6ZukKR6lti6dJO9S2gvdibrIa1D6+DojLT4WJ9gt3oAEoPg/RNRZmKJMVgS hUGDZ58qE1O+mM40G3+V27EPtcz4JWTKHtEy+mDSAdfZ6HFvMZB7EldJ3FBNt0xt ZDPBAfiJ6NpOLUdek3oJctVlVrjQeB6fTEaiXH1XFLGCdGvSyY1yS5hYsvqiFzey K2scNQ+rf1PU9d0DuQl5WBiF7e8tPhYUvKRYdKYIjjnltAu8GAHxsi1cRwIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFEGvqS3MXLIOPFEzCO96yMbS50hzMB8GA1UdIwQY MBaAFCi8Gz0MuNXKrDp7StF5RfvvUFilMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvS0x3YlBReTQxY3FzT250SzBYbEYtLTlRV0tVLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83YTFiNjAtM2FlYy00NGRkLTk2NjIt MzY1OTg1NDA5YmZhLzEvS0x3YlBReTQxY3FzT250SzBYbEYtLTlRV0tVLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC80OS83YTFiNjAtM2FlYy00NGRkLTk2NjItMzY1OTg1NDA5YmZh LzEvS0x3YlBReTQxY3FzT250SzBYbEYtLTlRV0tVLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAOA3TGiHh iGe8jfoogA1Hy4A32djCtSUTDxsbhABm33wkTn5Bt4ZqaLlL83xxiRQOl+T9bx4R xrooeXZcVBGjlmd2SuwixkdpHNm/Sal/Z+p746qAiEB+M5CwR6F6ld3dcUwOIMfz wUG/S8KkFtaul9Ju8EVVurPWlA5fWMuwzfqIohDA2HMSf7ERO4T7iXOA4QLNdhnd S1cZuphC9NRFxDNo9NyREbOukviuB+8pVGf9H1G6SWjIpYGVoGjj5M4flIp+kNKn ru/UicXWcHiDj9GVo77Roxr1vRhJO52DU3ManHYTB7ZEI5sVPgzBW4jO1A0lH76I 6UU5ZHy8tAwR3Q== -----END CERTIFICATE-----Generated at Mon Jan 12 05:55:18 2026 by rpki-client