This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/7f7361-b1e6-4019-ad63-2005994df471/1/G_ksKZT_tTV_jcRieb3Zm-OlbL0.mft File: G_ksKZT_tTV_jcRieb3Zm-OlbL0.mft (raw, json) Hash identifier: PO3aBcegtgGX3S81WPq3R3Y+Bi/MnMs4BinQiEymLGo= Subject key identifier: CA:89:A6:D0:9E:E6:A9:FA:4C:1E:DF:60:E0:EE:A1:2A:49:23:5B:96 Authority key identifier: 1B:F9:2C:29:94:FF:B5:35:7F:8D:C4:62:79:BD:D9:9B:E3:A5:6C:BD Certificate issuer: /CN=1bf92c2994ffb5357f8dc46279bdd99be3a56cbd Certificate serial: 019B4DDF69A5EE4784BF13CC69717A86ADAC Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G_ksKZT_tTV_jcRieb3Zm-OlbL0.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/7f7361-b1e6-4019-ad63-2005994df471/1/G_ksKZT_tTV_jcRieb3Zm-OlbL0.mft Manifest number: 0F29 Signing time: Wed 24 Dec 2025 01:00:45 +0000 Manifest this update: Wed 24 Dec 2025 01:00:45 +0000 Manifest next update: Thu 25 Dec 2025 01:00:45 +0000 Files and hashes: 1: G_ksKZT_tTV_jcRieb3Zm-OlbL0.crl (hash: fqixJ8eziLIjQ5Edm4had8tVm4NII+IodHELMw+fSbE=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/d1/7f7361-b1e6-4019-ad63-2005994df471/1/G_ksKZT_tTV_jcRieb3Zm-OlbL0.crl rsync://rpki.ripe.net/repository/DEFAULT/d1/7f7361-b1e6-4019-ad63-2005994df471/1/G_ksKZT_tTV_jcRieb3Zm-OlbL0.mft rsync://rpki.ripe.net/repository/DEFAULT/G_ksKZT_tTV_jcRieb3Zm-OlbL0.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Thu 25 Dec 2025 01:00:45 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:4d:df:69:a5:ee:47:84:bf:13:cc:69:71:7a:86:ad:ac Signature Algorithm: sha256WithRSAEncryption Issuer: CN=1bf92c2994ffb5357f8dc46279bdd99be3a56cbd Validity Not Before: Dec 24 01:00:45 2025 GMT Not After : Dec 25 01:00:45 2025 GMT Subject: CN=ca89a6d09ee6a9fa4c1edf60e0eea12a49235b96 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b9:9f:2c:dd:7d:7b:2f:2e:b1:8c:a1:45:e8:bf: 26:c2:84:7a:2d:22:00:35:cf:6e:60:25:59:69:83: 87:cd:d4:a6:4a:68:ba:10:d0:5a:2e:52:ad:bd:5d: ad:05:9a:9a:8b:5b:b2:a0:f8:34:9c:6b:b7:45:bb: 27:c6:e5:80:d4:7c:ff:e3:8d:99:d6:27:78:92:6f: e9:c9:f7:29:78:d7:72:68:9b:70:4e:9a:f7:8e:df: 2a:c9:13:51:1c:1e:ed:01:83:6d:c4:9d:64:b9:8e: 64:6d:a1:c4:01:12:30:02:dd:09:e9:e8:db:e1:a3: 83:2a:b9:09:40:da:f0:68:34:23:0c:00:e7:db:5e: 68:b7:4e:5a:52:90:f8:19:c7:63:4f:e8:67:a1:c1: e4:a9:28:55:ab:0d:be:22:7c:67:26:8f:c8:43:88: 33:7f:ac:fb:35:4b:fe:a7:93:03:61:73:2c:c7:d5: 5d:76:f3:09:79:da:46:54:13:2d:12:10:d7:dc:ea: 80:12:4f:12:dc:9a:1a:dc:9f:25:d7:d7:e9:31:2f: 96:b2:0b:3a:7b:46:c3:35:6c:07:b4:0e:2f:82:ee: c5:6f:3f:38:78:33:36:59:19:49:8d:d8:56:48:8e: 5d:f6:2f:36:8d:17:92:ee:36:58:42:6f:0f:e5:7d: fc:9f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: CA:89:A6:D0:9E:E6:A9:FA:4C:1E:DF:60:E0:EE:A1:2A:49:23:5B:96 X509v3 Authority Key Identifier: keyid:1B:F9:2C:29:94:FF:B5:35:7F:8D:C4:62:79:BD:D9:9B:E3:A5:6C:BD X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G_ksKZT_tTV_jcRieb3Zm-OlbL0.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7f7361-b1e6-4019-ad63-2005994df471/1/G_ksKZT_tTV_jcRieb3Zm-OlbL0.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/7f7361-b1e6-4019-ad63-2005994df471/1/G_ksKZT_tTV_jcRieb3Zm-OlbL0.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 14:b9:b9:10:9f:cb:43:40:2c:26:ef:0c:23:48:56:75:6f:ed: f1:a4:a0:f5:1e:38:bb:6f:c0:a1:2d:cf:65:8c:74:61:c8:32: 5f:9e:1f:f1:98:be:bd:0f:77:06:6c:75:4a:c3:88:00:d9:30: f3:0d:68:f2:c5:b9:74:9e:f8:6c:83:69:ba:fe:82:c1:ae:80: 90:55:f9:e1:67:a3:8d:85:b7:c9:21:1f:ae:c7:f3:3e:86:9f: 0f:52:bc:40:96:08:4c:88:2a:ba:21:99:5b:41:62:64:22:b6: 47:73:10:e3:98:be:38:ee:7d:ee:b4:aa:9d:0c:fa:25:7a:7b: c5:b7:b1:18:d3:fc:d4:f7:e2:fe:5c:cd:0f:4e:d5:64:11:ec: d7:30:bf:b5:c7:3a:88:24:d0:20:d2:d5:24:80:63:e8:e3:af: 30:31:5e:f4:79:a3:72:f2:5e:0d:58:0f:1a:80:ab:d0:3b:bc: 8f:c4:d9:4a:37:03:7b:26:c0:7d:60:cf:e2:1b:6c:d1:47:3a: da:fd:17:0e:d5:a6:86:1b:d5:e1:16:e4:f5:f7:55:05:d6:69: fa:41:b0:3d:0a:5a:33:d4:99:12:90:9e:c7:29:48:f0:41:ce: 12:95:b6:e0:25:ab:69:6b:86:ba:c2:f5:70:21:3e:97:f6:73: 0a:c7:00:2d -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZtN32ml7keEvxPMaXF6hq2sMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDFiZjkyYzI5OTRmZmI1MzU3ZjhkYzQ2Mjc5YmRkOTliZTNh NTZjYmQwHhcNMjUxMjI0MDEwMDQ1WhcNMjUxMjI1MDEwMDQ1WjAzMTEwLwYDVQQD EyhjYTg5YTZkMDllZTZhOWZhNGMxZWRmNjBlMGVlYTEyYTQ5MjM1Yjk2MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ8s3X17Ly6xjKFF6L8mwoR6LSIA Nc9uYCVZaYOHzdSmSmi6ENBaLlKtvV2tBZqai1uyoPg0nGu3RbsnxuWA1Hz/442Z 1id4km/pyfcpeNdyaJtwTpr3jt8qyRNRHB7tAYNtxJ1kuY5kbaHEARIwAt0J6ejb 4aODKrkJQNrwaDQjDADn215ot05aUpD4GcdjT+hnocHkqShVqw2+InxnJo/IQ4gz f6z7NUv+p5MDYXMsx9VddvMJedpGVBMtEhDX3OqAEk8S3Joa3J8l19fpMS+Wsgs6 e0bDNWwHtA4vgu7Fbz84eDM2WRlJjdhWSI5d9i82jReS7jZYQm8P5X38nwIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFMqJptCe5qn6TB7fYODuoSpJI1uWMB8GA1UdIwQY MBaAFBv5LCmU/7U1f43EYnm92ZvjpWy9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvR19rc0taVF90VFZfamNSaWViM1ptLU9sYkwwLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ZjczNjEtYjFlNi00MDE5LWFkNjMt MjAwNTk5NGRmNDcxLzEvR19rc0taVF90VFZfamNSaWViM1ptLU9sYkwwLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC9kMS83ZjczNjEtYjFlNi00MDE5LWFkNjMtMjAwNTk5NGRmNDcx LzEvR19rc0taVF90VFZfamNSaWViM1ptLU9sYkwwLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAFLm5EJ/L Q0AsJu8MI0hWdW/t8aSg9R44u2/AoS3PZYx0YcgyX54f8Zi+vQ93Bmx1SsOIANkw 8w1o8sW5dJ74bINpuv6Cwa6AkFX54WejjYW3ySEfrsfzPoafD1K8QJYITIgquiGZ W0FiZCK2R3MQ45i+OO597rSqnQz6JXp7xbexGNP81Pfi/lzND07VZBHs1zC/tcc6 iCTQINLVJIBj6OOvMDFe9HmjcvJeDVgPGoCr0Du8j8TZSjcDeybAfWDP4hts0Uc6 2v0XDtWmhhvV4Rbk9fdVBdZp+kGwPQpaM9SZEpCexylI8EHOEpW24CWraWuGusL1 cCE+l/ZzCscALQ== -----END CERTIFICATE-----Generated at Wed Dec 24 11:12:48 2025 by rpki-client