This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/ba94f4-8a20-4d10-927f-a882da6c0cfc/1/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.mft File: QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.mft (raw, json) Hash identifier: Q6OR81rP/F99M969B83Av+ZxvKlyRxw3dbq53Wf1z9w= Subject key identifier: 58:E0:CC:84:09:FA:BD:15:9A:E2:19:81:A4:BD:A5:32:41:08:F5:E0 Authority key identifier: 41:2D:AD:82:06:99:F1:53:A3:1A:66:ED:67:83:A1:DE:4E:0F:8C:F5 Certificate issuer: /CN=412dad820699f153a31a66ed6783a1de4e0f8cf5 Certificate serial: 019B51BD8F7025D6915E712814B90B585BD1 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/ba94f4-8a20-4d10-927f-a882da6c0cfc/1/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.mft Manifest number: 0D7F Signing time: Wed 24 Dec 2025 19:02:16 +0000 Manifest this update: Wed 24 Dec 2025 19:02:16 +0000 Manifest next update: Thu 25 Dec 2025 19:02:16 +0000 Files and hashes: 1: QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.crl (hash: MSIVYtmAcH1xBvE6Qx+ddL5+dS4AWNDeUF9sYXuTXeQ=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/f8/ba94f4-8a20-4d10-927f-a882da6c0cfc/1/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.crl rsync://rpki.ripe.net/repository/DEFAULT/f8/ba94f4-8a20-4d10-927f-a882da6c0cfc/1/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.mft rsync://rpki.ripe.net/repository/DEFAULT/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Thu 25 Dec 2025 18:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:51:bd:8f:70:25:d6:91:5e:71:28:14:b9:0b:58:5b:d1 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=412dad820699f153a31a66ed6783a1de4e0f8cf5 Validity Not Before: Dec 24 19:02:16 2025 GMT Not After : Dec 25 19:02:16 2025 GMT Subject: CN=58e0cc8409fabd159ae21981a4bda5324108f5e0 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:82:59:ee:68:82:00:ef:5c:9f:bb:e8:91:2f:f4: ce:25:30:68:4b:a6:98:06:83:02:41:f2:33:8e:45: 2b:62:dc:87:18:c2:ff:d3:98:f4:51:54:67:cf:ef: 74:f3:ff:96:72:61:d0:21:f9:f0:0f:80:f4:a7:e0: d8:7c:28:96:8a:85:6a:fd:a0:ad:2b:a1:29:c2:98: 83:e4:f3:b1:5c:4f:d5:c8:c1:3a:f8:a5:e2:19:fe: 53:20:44:cd:d4:2c:7b:cf:0e:e1:fd:51:1d:87:1e: a8:bd:28:ba:37:60:15:71:ba:88:8d:5e:c4:21:da: 85:c0:d0:ed:b0:ee:68:7e:89:92:8f:40:09:a0:b6: 71:1f:7c:65:6b:c5:8d:52:f6:64:00:8d:1d:81:da: a6:fb:44:53:80:eb:9b:c1:ee:61:27:4a:0e:05:d4: 0a:dc:c1:b4:49:9c:9d:19:28:49:07:bf:19:40:4b: 46:6d:a1:45:ca:0c:36:63:6d:be:97:7f:16:f7:b1: 5e:06:87:c8:bf:4b:8f:b3:b4:85:0d:55:d4:a7:10: b7:27:45:e6:3e:a8:0b:9a:c7:ca:bf:1b:5f:61:61: a2:ce:21:1b:c1:28:7c:9d:f9:aa:b4:8a:4d:73:fd: 68:42:ba:ec:fc:3d:1b:86:05:c8:ee:1f:12:99:c8: 54:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 58:E0:CC:84:09:FA:BD:15:9A:E2:19:81:A4:BD:A5:32:41:08:F5:E0 X509v3 Authority Key Identifier: keyid:41:2D:AD:82:06:99:F1:53:A3:1A:66:ED:67:83:A1:DE:4E:0F:8C:F5 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/ba94f4-8a20-4d10-927f-a882da6c0cfc/1/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/ba94f4-8a20-4d10-927f-a882da6c0cfc/1/QS2tggaZ8VOjGmbtZ4Oh3k4PjPU.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption b7:fd:ac:b1:75:16:f2:d7:31:37:a3:03:6c:f7:b8:90:1c:f3: 12:74:af:79:fa:a8:2b:22:73:dd:e0:3d:0e:3a:3e:c2:a1:85: 54:19:a3:2d:eb:63:51:38:de:44:05:a8:a7:50:4d:67:1e:73: 38:bd:e5:ef:3a:46:e9:aa:bd:76:7b:7c:ec:64:9d:77:40:ea: ab:f5:f8:ca:0a:86:93:21:3d:2a:9e:cf:e5:f4:7b:01:42:73: e5:18:89:25:ba:fa:e3:d5:5d:8f:ea:43:a3:ac:5c:31:b5:8c: 2a:42:c2:e0:a0:b4:d0:e6:42:83:3c:a9:09:b0:d9:34:f9:ea: 43:ca:fa:50:51:fa:6a:5e:c1:3a:58:a2:32:65:ac:cb:4a:3a: 47:45:d4:b2:20:82:8f:c1:ad:12:56:75:a1:42:11:2e:1a:88: 00:b2:17:45:3e:26:49:86:73:5a:d6:ff:8a:20:3a:d1:4a:b7: e0:b4:2c:db:ee:20:08:ed:ac:0e:e0:61:9c:46:83:35:bc:6d: 01:49:a3:8e:e4:c8:87:cf:b4:37:92:bc:a7:fe:17:6c:a4:37: 30:2a:6e:5e:aa:6e:59:99:dd:86:67:25:d2:74:03:db:3b:31: 84:56:2f:79:e4:31:d7:39:9c:41:7b:50:97:77:b4:d7:a7:7e: f3:56:a3:74 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZtRvY9wJdaRXnEoFLkLWFvRMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDQxMmRhZDgyMDY5OWYxNTNhMzFhNjZlZDY3ODNhMWRlNGUw ZjhjZjUwHhcNMjUxMjI0MTkwMjE2WhcNMjUxMjI1MTkwMjE2WjAzMTEwLwYDVQQD Eyg1OGUwY2M4NDA5ZmFiZDE1OWFlMjE5ODFhNGJkYTUzMjQxMDhmNWUwMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglnuaIIA71yfu+iRL/TOJTBoS6aY BoMCQfIzjkUrYtyHGML/05j0UVRnz+908/+WcmHQIfnwD4D0p+DYfCiWioVq/aCt K6EpwpiD5POxXE/VyME6+KXiGf5TIETN1Cx7zw7h/VEdhx6ovSi6N2AVcbqIjV7E IdqFwNDtsO5ofomSj0AJoLZxH3xla8WNUvZkAI0dgdqm+0RTgOubwe5hJ0oOBdQK 3MG0SZydGShJB78ZQEtGbaFFygw2Y22+l38W97FeBofIv0uPs7SFDVXUpxC3J0Xm PqgLmsfKvxtfYWGiziEbwSh8nfmqtIpNc/1oQrrs/D0bhgXI7h8SmchUmwIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFFjgzIQJ+r0VmuIZgaS9pTJBCPXgMB8GA1UdIwQY MBaAFEEtrYIGmfFToxpm7WeDod5OD4z1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvUVMydGdnYVo4Vk9qR21idFo0T2gzazRQalBVLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iYTk0ZjQtOGEyMC00ZDEwLTkyN2Yt YTg4MmRhNmMwY2ZjLzEvUVMydGdnYVo4Vk9qR21idFo0T2gzazRQalBVLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC9mOC9iYTk0ZjQtOGEyMC00ZDEwLTkyN2YtYTg4MmRhNmMwY2Zj LzEvUVMydGdnYVo4Vk9qR21idFo0T2gzazRQalBVLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAt/2ssXUW 8tcxN6MDbPe4kBzzEnSvefqoKyJz3eA9Djo+wqGFVBmjLetjUTjeRAWop1BNZx5z OL3l7zpG6aq9dnt87GSdd0Dqq/X4ygqGkyE9Kp7P5fR7AUJz5RiJJbr649Vdj+pD o6xcMbWMKkLC4KC00OZCgzypCbDZNPnqQ8r6UFH6al7BOliiMmWsy0o6R0XUsiCC j8GtElZ1oUIRLhqIALIXRT4mSYZzWtb/iiA60Uq34LQs2+4gCO2sDuBhnEaDNbxt AUmjjuTIh8+0N5K8p/4XbKQ3MCpuXqpuWZndhmcl0nQD2zsxhFYveeQx1zmcQXtQ l3e016d+81ajdA== -----END CERTIFICATE-----Generated at Thu Dec 25 00:55:49 2025 by rpki-client