This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft File: hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json) Hash identifier: 5sOxRgK7Ovqzqqyqj1QXK/Lp5nXi6FA3wVKfO65DW3c= Subject key identifier: 1A:BD:FD:5E:2D:03:CA:8A:14:62:11:BA:D0:F7:FE:BE:D1:BF:59:99 Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0 Certificate issuer: /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0 Certificate serial: 019AF1D1BB9BABC0DBF954505B8FCAB35482 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft Manifest number: 05EE Signing time: Sat 06 Dec 2025 04:00:45 +0000 Manifest this update: Sat 06 Dec 2025 04:00:45 +0000 Manifest next update: Sun 07 Dec 2025 04:00:45 +0000 Files and hashes: 1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: dA/F1hBGpC6d+zsXLmBdtk8ujQRSsb7v/a0r80ULL1s=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 07 Dec 2025 02:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9a:f1:d1:bb:9b:ab:c0:db:f9:54:50:5b:8f:ca:b3:54:82 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0 Validity Not Before: Dec 6 04:00:45 2025 GMT Not After : Dec 7 04:00:45 2025 GMT Subject: CN=1abdfd5e2d03ca8a146211bad0f7febed1bf5999 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:be:cc:06:55:83:c7:d0:83:c0:4d:14:fe:0e:8e: 9a:39:81:bc:ca:38:ea:86:49:a0:55:ad:f6:88:d8: e6:7d:fb:55:29:f8:54:6f:68:54:71:d0:20:1a:c3: 80:5e:76:19:8c:4a:c7:12:b7:65:28:17:4a:e5:b4: 9a:80:35:1d:e1:8c:b3:b8:f5:f8:7f:fd:a1:48:17: 6f:c3:76:84:87:b8:f4:23:3a:80:7a:da:8c:78:4a: 60:23:08:7f:a2:ee:67:4e:10:fa:fc:30:6e:fa:0c: 9d:72:de:25:c5:5e:33:52:d3:9c:79:49:6b:a1:2c: 53:6d:00:f4:34:ef:08:df:1b:46:0b:5b:9c:ab:00: a0:c7:74:2a:f6:ba:cc:90:42:15:26:63:68:27:da: f1:e6:5a:f2:d5:f4:d4:11:e3:80:2c:38:ba:e3:e6: e7:91:4e:3d:ac:c6:56:4f:7b:83:93:5e:db:24:bd: 47:68:50:8a:0b:ae:3c:ac:25:76:b6:39:45:84:bd: 73:4e:91:45:a9:81:d7:21:28:f7:5d:7f:2f:b7:01: c4:48:a9:ba:7b:26:51:da:ed:da:46:99:aa:83:26: 16:fc:15:80:b1:d6:18:9f:a1:76:e0:d6:2b:44:90: 3f:c8:d2:8c:66:7a:51:c5:45:ff:1b:49:b9:97:19: 22:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 1A:BD:FD:5E:2D:03:CA:8A:14:62:11:BA:D0:F7:FE:BE:D1:BF:59:99 X509v3 Authority Key Identifier: keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 90:b3:58:70:0f:96:dd:85:f6:f7:a8:0d:9c:68:1e:6c:d3:9b: c8:f7:c8:c7:a7:7c:7d:41:25:47:dd:d6:a0:7d:f0:41:55:87: a8:72:71:92:7e:a3:63:3c:73:47:a1:f5:ad:f2:ca:f7:d8:c6: 01:e0:5f:12:54:0c:c5:5b:06:85:b3:dc:48:e2:5e:6e:7b:34: 6e:fe:77:e3:10:dd:81:40:53:98:df:35:ca:2b:a1:1f:90:2a: 59:fb:2a:e5:db:d1:76:c1:77:8b:5a:e7:6f:1b:30:cf:9b:de: cd:23:16:86:ff:ad:75:81:18:b2:6c:23:b6:11:a5:e5:73:0e: a4:c7:b0:14:da:bd:19:24:fb:99:26:bc:cd:22:bd:aa:ac:55: 1f:f2:a2:9b:a8:e7:5f:a0:24:9d:c6:f9:7a:db:1b:9d:db:2d: 6a:ca:ed:7d:e2:a8:5e:ee:f9:60:7f:fd:64:76:47:38:53:52: 25:d2:2e:b5:38:a0:92:d9:72:a2:f1:ee:12:28:42:a0:67:a6: 42:48:d5:53:20:ec:dc:2a:8f:a4:be:bc:e6:f1:06:ec:c5:da: 46:72:79:a1:12:28:0a:64:82:d6:99:92:eb:bc:11:89:1d:85: 2c:1a:db:5e:86:b6:58:28:30:4b:da:5a:d9:e6:c3:df:43:93: 11:ac:9e:5e -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZrx0bubq8Db+VRQW4/Ks1SCMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl OTAzYjAwHhcNMjUxMjA2MDQwMDQ1WhcNMjUxMjA3MDQwMDQ1WjAzMTEwLwYDVQQD EygxYWJkZmQ1ZTJkMDNjYThhMTQ2MjExYmFkMGY3ZmViZWQxYmY1OTk5MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvswGVYPH0IPATRT+Do6aOYG8yjjq hkmgVa32iNjmfftVKfhUb2hUcdAgGsOAXnYZjErHErdlKBdK5bSagDUd4YyzuPX4 f/2hSBdvw3aEh7j0IzqAetqMeEpgIwh/ou5nThD6/DBu+gydct4lxV4zUtOceUlr oSxTbQD0NO8I3xtGC1ucqwCgx3Qq9rrMkEIVJmNoJ9rx5lry1fTUEeOALDi64+bn kU49rMZWT3uDk17bJL1HaFCKC648rCV2tjlFhL1zTpFFqYHXISj3XX8vtwHESKm6 eyZR2u3aRpmqgyYW/BWAsdYYn6F24NYrRJA/yNKMZnpRxUX/G0m5lxki9QIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFBq9/V4tA8qKFGIRutD3/r7Rv1mZMB8GA1UdIwQY MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0 LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAkLNYcA+W 3YX296gNnGgebNObyPfIx6d8fUElR93WoH3wQVWHqHJxkn6jYzxzR6H1rfLK99jG AeBfElQMxVsGhbPcSOJebns0bv534xDdgUBTmN81yiuhH5AqWfsq5dvRdsF3i1rn bxswz5vezSMWhv+tdYEYsmwjthGl5XMOpMewFNq9GST7mSa8zSK9qqxVH/Kim6jn X6Akncb5etsbndstasrtfeKoXu75YH/9ZHZHOFNSJdIutTigktlyovHuEihCoGem QkjVUyDs3CqPpL685vEG7MXaRnJ5oRIoCmSC1pmS67wRiR2FLBrbXoa2WCgwS9pa 2ebD30OTEayeXg== -----END CERTIFICATE-----Generated at Sat Dec 6 08:18:20 2025 by rpki-client