This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/a1f0a0-439d-4266-a3db-e6b1e986f95f/1/iqR9CPyFIT30_aLPlWG45ovCc9w.mft File: iqR9CPyFIT30_aLPlWG45ovCc9w.mft (raw, json) Hash identifier: eNh7V5ALt7JBL9TKYaLmORA854F+0hqu9U62wbxmN2I= Subject key identifier: BA:5C:DF:BF:46:6D:8F:06:81:67:0F:39:27:89:98:35:51:95:03:FA Authority key identifier: 8A:A4:7D:08:FC:85:21:3D:F4:FD:A2:CF:95:61:B8:E6:8B:C2:73:DC Certificate issuer: /CN=8aa47d08fc85213df4fda2cf9561b8e68bc273dc Certificate serial: 019B3CB526C9C6ED395D1F834C18F55915FA Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iqR9CPyFIT30_aLPlWG45ovCc9w.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/a1f0a0-439d-4266-a3db-e6b1e986f95f/1/iqR9CPyFIT30_aLPlWG45ovCc9w.mft Manifest number: 0C18 Signing time: Sat 20 Dec 2025 17:01:03 +0000 Manifest this update: Sat 20 Dec 2025 17:01:03 +0000 Manifest next update: Sun 21 Dec 2025 17:01:03 +0000 Files and hashes: 1: iqR9CPyFIT30_aLPlWG45ovCc9w.crl (hash: jIyy4K8KKm0oVB1lECFyU+i1mcLJPbrav2viFIUxdzE=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/0b/a1f0a0-439d-4266-a3db-e6b1e986f95f/1/iqR9CPyFIT30_aLPlWG45ovCc9w.crl rsync://rpki.ripe.net/repository/DEFAULT/0b/a1f0a0-439d-4266-a3db-e6b1e986f95f/1/iqR9CPyFIT30_aLPlWG45ovCc9w.mft rsync://rpki.ripe.net/repository/DEFAULT/iqR9CPyFIT30_aLPlWG45ovCc9w.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 21 Dec 2025 15:46:05 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:3c:b5:26:c9:c6:ed:39:5d:1f:83:4c:18:f5:59:15:fa Signature Algorithm: sha256WithRSAEncryption Issuer: CN=8aa47d08fc85213df4fda2cf9561b8e68bc273dc Validity Not Before: Dec 20 17:01:03 2025 GMT Not After : Dec 21 17:01:03 2025 GMT Subject: CN=ba5cdfbf466d8f0681670f3927899835519503fa Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d7:81:56:e1:ed:68:01:05:e3:c2:5f:f2:e6:00: 90:76:54:6c:05:f9:32:f8:7c:5d:dd:95:51:06:cc: 37:ae:1d:2f:ed:d0:03:3e:cf:be:c2:39:3d:54:30: e2:b5:a0:70:e2:83:38:21:16:f1:b4:ae:fd:c0:01: 8e:b7:a0:91:07:6d:e2:ad:69:8e:a0:2d:01:38:17: ae:04:27:64:45:fe:2d:6c:8c:2d:42:2a:aa:48:08: 67:dd:c2:9d:56:b3:22:17:1a:61:66:39:e4:66:89: c9:58:79:18:ea:cd:34:85:f6:b9:74:e7:22:48:a6: a6:5c:7f:c8:ba:d7:52:72:cb:a0:01:cf:4c:89:5d: 62:5a:11:1d:81:b6:2e:61:c8:d2:87:b5:b1:f4:33: 65:a9:05:74:ca:39:2c:50:e4:95:39:fc:f9:ef:ed: 7f:cc:a8:a2:15:b2:83:ae:38:8e:dc:51:b5:be:a3: b7:a7:41:fd:1c:60:e9:47:f3:44:4a:c8:9b:43:3a: 12:c8:90:a3:29:e5:e9:ad:ea:87:1d:f2:2b:6c:1e: bd:9d:2b:bc:48:af:1e:e0:b8:93:ce:7f:11:bf:df: 75:ab:5b:94:0f:8a:e2:44:ea:25:58:ab:22:dc:84: 30:bc:a4:d5:45:59:a4:eb:d7:35:dc:36:bc:3b:36: 8f:6f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: BA:5C:DF:BF:46:6D:8F:06:81:67:0F:39:27:89:98:35:51:95:03:FA X509v3 Authority Key Identifier: keyid:8A:A4:7D:08:FC:85:21:3D:F4:FD:A2:CF:95:61:B8:E6:8B:C2:73:DC X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqR9CPyFIT30_aLPlWG45ovCc9w.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a1f0a0-439d-4266-a3db-e6b1e986f95f/1/iqR9CPyFIT30_aLPlWG45ovCc9w.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a1f0a0-439d-4266-a3db-e6b1e986f95f/1/iqR9CPyFIT30_aLPlWG45ovCc9w.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 73:0d:c2:b8:36:b1:2b:4b:96:74:69:7f:18:45:f1:80:76:36: 3f:39:b1:07:a5:f8:17:cf:da:f6:df:2b:5d:ff:76:88:5c:f5: f4:0a:8c:91:8c:c1:f6:01:0c:bc:44:9a:7d:66:3f:3f:92:bb: bc:80:79:7c:56:4e:16:a4:de:96:ef:35:bd:4f:87:d2:66:65: 80:76:aa:1c:ce:88:9d:54:95:1f:ee:e3:a9:bc:04:5c:c9:db: 00:32:b4:a7:be:bf:19:94:f7:24:e9:27:37:7e:64:f2:8d:93: fb:b6:fd:3c:7d:ef:54:48:83:b6:04:1f:52:ed:b4:55:99:32: 88:41:f2:80:ce:4a:77:21:37:a9:1a:ab:42:40:33:d7:9c:8c: 34:b0:83:ec:a8:60:68:c6:8a:85:4a:f9:f7:a5:2a:b8:08:fb: b7:13:ab:ee:9c:bd:80:bc:7c:20:b4:63:7b:07:4a:19:db:69: cc:86:be:95:da:e8:09:38:7a:9b:31:81:46:e6:3f:cd:29:0a: ef:4b:a7:37:c2:65:50:5c:49:a2:3b:0e:bc:d2:39:63:dc:b1: 62:64:5c:bc:e5:7c:41:34:51:bf:e3:f2:7c:16:50:52:5d:67: d8:fe:04:99:0d:53:0f:40:cd:91:d3:b2:3e:67:25:40:0b:a7: 78:ce:56:ca -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZs8tSbJxu05XR+DTBj1WRX6MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDhhYTQ3ZDA4ZmM4NTIxM2RmNGZkYTJjZjk1NjFiOGU2OGJj MjczZGMwHhcNMjUxMjIwMTcwMTAzWhcNMjUxMjIxMTcwMTAzWjAzMTEwLwYDVQQD EyhiYTVjZGZiZjQ2NmQ4ZjA2ODE2NzBmMzkyNzg5OTgzNTUxOTUwM2ZhMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14FW4e1oAQXjwl/y5gCQdlRsBfky +Hxd3ZVRBsw3rh0v7dADPs++wjk9VDDitaBw4oM4IRbxtK79wAGOt6CRB23irWmO oC0BOBeuBCdkRf4tbIwtQiqqSAhn3cKdVrMiFxphZjnkZonJWHkY6s00hfa5dOci SKamXH/IutdScsugAc9MiV1iWhEdgbYuYcjSh7Wx9DNlqQV0yjksUOSVOfz57+1/ zKiiFbKDrjiO3FG1vqO3p0H9HGDpR/NESsibQzoSyJCjKeXpreqHHfIrbB69nSu8 SK8e4LiTzn8Rv991q1uUD4riROolWKsi3IQwvKTVRVmk69c13Da8OzaPbwIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFLpc379GbY8GgWcPOSeJmDVRlQP6MB8GA1UdIwQY MBaAFIqkfQj8hSE99P2iz5VhuOaLwnPcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvaXFSOUNQeUZJVDMwX2FMUGxXRzQ1b3ZDYzl3LmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9hMWYwYTAtNDM5ZC00MjY2LWEzZGIt ZTZiMWU5ODZmOTVmLzEvaXFSOUNQeUZJVDMwX2FMUGxXRzQ1b3ZDYzl3Lm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8wYi9hMWYwYTAtNDM5ZC00MjY2LWEzZGItZTZiMWU5ODZmOTVm LzEvaXFSOUNQeUZJVDMwX2FMUGxXRzQ1b3ZDYzl3LmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAcw3CuDax K0uWdGl/GEXxgHY2PzmxB6X4F8/a9t8rXf92iFz19AqMkYzB9gEMvESafWY/P5K7 vIB5fFZOFqTelu81vU+H0mZlgHaqHM6InVSVH+7jqbwEXMnbADK0p76/GZT3JOkn N35k8o2T+7b9PH3vVEiDtgQfUu20VZkyiEHygM5KdyE3qRqrQkAz15yMNLCD7Khg aMaKhUr596UquAj7txOr7py9gLx8ILRjewdKGdtpzIa+ldroCTh6mzGBRuY/zSkK 70unN8JlUFxJojsOvNI5Y9yxYmRcvOV8QTRRv+PyfBZQUl1n2P4EmQ1TD0DNkdOy PmclQAuneM5Wyg== -----END CERTIFICATE-----Generated at Sun Dec 21 00:10:49 2025 by rpki-client