This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.mft File: rKcX8QfgYizkyz71KwFU-n-baS0.mft (raw, json) Hash identifier: ztf2jq41slIPEmIBbdWL/GTuAQVT2Qz1eUHPw4Y1MaY= Subject key identifier: CD:9D:F2:57:48:03:DB:1F:02:24:07:23:F2:84:9B:D2:A4:FF:00:A0 Authority key identifier: AC:A7:17:F1:07:E0:62:2C:E4:CB:3E:F5:2B:01:54:FA:7F:9B:69:2D Certificate issuer: /CN=aca717f107e0622ce4cb3ef52b0154fa7f9b692d Certificate serial: 019B53ABBE5FDD37AC2F56DDF43530CA8418 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKcX8QfgYizkyz71KwFU-n-baS0.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.mft Manifest number: 1312 Signing time: Thu 25 Dec 2025 04:02:02 +0000 Manifest this update: Thu 25 Dec 2025 04:02:02 +0000 Manifest next update: Fri 26 Dec 2025 04:02:02 +0000 Files and hashes: 1: rKcX8QfgYizkyz71KwFU-n-baS0.crl (hash: 9Zx955bnM5z1j7emB28CKLRXRbl8VswiHEYgU1XCS9c=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.crl rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.mft rsync://rpki.ripe.net/repository/DEFAULT/rKcX8QfgYizkyz71KwFU-n-baS0.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Fri 26 Dec 2025 03:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:53:ab:be:5f:dd:37:ac:2f:56:dd:f4:35:30:ca:84:18 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=aca717f107e0622ce4cb3ef52b0154fa7f9b692d Validity Not Before: Dec 25 04:02:02 2025 GMT Not After : Dec 26 04:02:02 2025 GMT Subject: CN=cd9df2574803db1f02240723f2849bd2a4ff00a0 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c8:89:89:23:0b:dd:3c:dc:73:19:43:f6:d0:b4: 29:7d:f2:14:3e:04:2e:f5:2f:40:af:02:d1:15:26: 1c:b4:36:fb:b9:7a:ea:98:c2:3f:58:f9:4c:12:2e: 50:53:14:ae:fb:44:d3:17:e3:63:f9:31:2f:0c:27: 78:0c:2e:41:ca:3a:78:09:1a:65:01:50:00:ff:47: 01:cd:c8:b8:e6:63:64:b5:ba:5d:b6:09:a5:1d:d9: 5d:89:9f:98:42:47:3a:47:62:df:01:f4:60:0f:9f: 68:a0:7b:53:05:82:1c:2a:0e:5b:16:04:e3:26:7f: 93:8e:ee:32:7c:c1:83:9b:ad:ca:87:39:a5:c4:62: 7c:64:57:55:c0:ac:0b:06:b6:93:a6:5c:16:0f:5d: 82:33:fe:3a:e9:87:53:5b:f3:8c:92:eb:fe:65:dd: 19:35:e3:df:f3:f2:df:b9:9d:a5:2c:34:cb:29:7b: e2:71:f2:e5:55:7a:47:74:3d:f6:2c:c9:e8:cb:8c: 9a:2c:3e:26:2a:e1:64:e8:26:f7:bc:aa:2a:93:5e: 65:81:9f:ed:ad:ea:2b:b8:e2:c5:ad:60:35:81:d8: 08:e5:c3:14:ef:5b:7e:84:a9:85:4c:39:55:53:ca: ea:f7:f9:b8:ec:a1:b5:f2:cf:e5:59:9b:2d:d3:0b: 60:d5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CD:9D:F2:57:48:03:DB:1F:02:24:07:23:F2:84:9B:D2:A4:FF:00:A0 X509v3 Authority Key Identifier: keyid:AC:A7:17:F1:07:E0:62:2C:E4:CB:3E:F5:2B:01:54:FA:7F:9B:69:2D X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKcX8QfgYizkyz71KwFU-n-baS0.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0942ec-2e9f-4172-8c53-c4946b8e630d/1/rKcX8QfgYizkyz71KwFU-n-baS0.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 97:5e:e8:9d:0e:17:22:2b:3c:0c:d7:66:90:4b:42:dd:91:ee: 62:48:84:9f:3b:98:cf:6c:20:5f:2b:dd:75:ff:c6:9f:9a:5e: 8f:06:de:6c:0a:3f:0d:7b:95:06:d6:1a:e0:98:4f:f6:15:4b: 80:c1:35:32:b8:d6:79:ce:fe:e9:92:35:5f:f2:65:b0:5a:42: ba:f9:c4:32:5d:70:3d:3e:71:62:0b:af:b9:03:7c:d1:f4:c2: 86:9f:09:29:83:b7:ff:74:a2:e8:62:aa:bb:ff:8c:c5:02:3e: 00:37:23:f3:65:91:d0:f4:32:2c:a3:62:6c:22:df:43:4f:14: a0:ab:66:84:28:97:44:79:40:a0:c5:c4:50:f1:a3:01:dc:8e: 2b:d3:23:a2:18:ca:db:a0:4e:79:55:31:ae:5f:cc:d2:8a:b8: a5:3a:4b:c9:66:2d:47:96:71:ac:bb:d4:0c:89:60:aa:dd:2f: d5:11:24:b7:30:2a:2c:04:a2:fd:43:5e:a0:a0:8c:b0:fe:41: 54:91:07:f6:86:2e:8b:3f:a1:8a:b5:95:c9:91:27:ac:2a:76: e9:30:80:c1:f0:81:86:ec:45:c0:b7:5b:85:0c:65:d7:2a:5d: 1c:97:dc:5d:f0:62:8c:d5:7c:ff:9e:c8:e8:ca:fe:67:a8:f2: 84:8f:00:a7 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZtTq75f3TesL1bd9DUwyoQYMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGFjYTcxN2YxMDdlMDYyMmNlNGNiM2VmNTJiMDE1NGZhN2Y5 YjY5MmQwHhcNMjUxMjI1MDQwMjAyWhcNMjUxMjI2MDQwMjAyWjAzMTEwLwYDVQQD EyhjZDlkZjI1NzQ4MDNkYjFmMDIyNDA3MjNmMjg0OWJkMmE0ZmYwMGEwMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyImJIwvdPNxzGUP20LQpffIUPgQu 9S9ArwLRFSYctDb7uXrqmMI/WPlMEi5QUxSu+0TTF+Nj+TEvDCd4DC5Byjp4CRpl AVAA/0cBzci45mNktbpdtgmlHdldiZ+YQkc6R2LfAfRgD59ooHtTBYIcKg5bFgTj Jn+Tju4yfMGDm63KhzmlxGJ8ZFdVwKwLBraTplwWD12CM/466YdTW/OMkuv+Zd0Z NePf8/LfuZ2lLDTLKXvicfLlVXpHdD32LMnoy4yaLD4mKuFk6Cb3vKoqk15lgZ/t reoruOLFrWA1gdgI5cMU71t+hKmFTDlVU8rq9/m47KG18s/lWZst0wtg1QIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFM2d8ldIA9sfAiQHI/KEm9Kk/wCgMB8GA1UdIwQY MBaAFKynF/EH4GIs5Ms+9SsBVPp/m2ktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvcktjWDhRZmdZaXpreXo3MUt3RlUtbi1iYVMwLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wOTQyZWMtMmU5Zi00MTcyLThjNTMt YzQ5NDZiOGU2MzBkLzEvcktjWDhRZmdZaXpreXo3MUt3RlUtbi1iYVMwLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC9jNS8wOTQyZWMtMmU5Zi00MTcyLThjNTMtYzQ5NDZiOGU2MzBk LzEvcktjWDhRZmdZaXpreXo3MUt3RlUtbi1iYVMwLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAl17onQ4X Iis8DNdmkEtC3ZHuYkiEnzuYz2wgXyvddf/Gn5pejwbebAo/DXuVBtYa4JhP9hVL gME1MrjWec7+6ZI1X/JlsFpCuvnEMl1wPT5xYguvuQN80fTChp8JKYO3/3Si6GKq u/+MxQI+ADcj82WR0PQyLKNibCLfQ08UoKtmhCiXRHlAoMXEUPGjAdyOK9MjohjK 26BOeVUxrl/M0oq4pTpLyWYtR5ZxrLvUDIlgqt0v1REktzAqLASi/UNeoKCMsP5B VJEH9oYuiz+hirWVyZEnrCp26TCAwfCBhuxFwLdbhQxl1ypdHJfcXfBijNV8/57I 6Mr+Z6jyhI8Apw== -----END CERTIFICATE-----Generated at Thu Dec 25 11:19:49 2025 by rpki-client