This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/389fbf-dfb5-4a0b-b846-4328429bd374/1/kfikmw1lM9BnmVaH-u49tzqqCLE.mft File: kfikmw1lM9BnmVaH-u49tzqqCLE.mft (raw, json) Hash identifier: mau2fzRaFB1FZhcOhfGPQ4NgPvZVVqPwNeiwLqPE8mQ= Subject key identifier: 7F:44:54:F8:AD:6C:42:5A:C9:47:08:57:A4:C8:17:4C:DB:98:49:A8 Authority key identifier: 91:F8:A4:9B:0D:65:33:D0:67:99:56:87:FA:EE:3D:B7:3A:AA:08:B1 Certificate issuer: /CN=91f8a49b0d6533d067995687faee3db73aaa08b1 Certificate serial: 019B481498D521E01A34A69D858CE5005DD0 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kfikmw1lM9BnmVaH-u49tzqqCLE.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/389fbf-dfb5-4a0b-b846-4328429bd374/1/kfikmw1lM9BnmVaH-u49tzqqCLE.mft Manifest number: 06A0 Signing time: Mon 22 Dec 2025 22:01:07 +0000 Manifest this update: Mon 22 Dec 2025 22:01:07 +0000 Manifest next update: Tue 23 Dec 2025 22:01:07 +0000 Files and hashes: 1: kfikmw1lM9BnmVaH-u49tzqqCLE.crl (hash: QK82sonzfRd9PLoZPLTjkI3G/Kd71X1/bX2CLoN5jmY=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/3b/389fbf-dfb5-4a0b-b846-4328429bd374/1/kfikmw1lM9BnmVaH-u49tzqqCLE.crl rsync://rpki.ripe.net/repository/DEFAULT/3b/389fbf-dfb5-4a0b-b846-4328429bd374/1/kfikmw1lM9BnmVaH-u49tzqqCLE.mft rsync://rpki.ripe.net/repository/DEFAULT/kfikmw1lM9BnmVaH-u49tzqqCLE.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Tue 23 Dec 2025 22:01:07 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:48:14:98:d5:21:e0:1a:34:a6:9d:85:8c:e5:00:5d:d0 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=91f8a49b0d6533d067995687faee3db73aaa08b1 Validity Not Before: Dec 22 22:01:07 2025 GMT Not After : Dec 23 22:01:07 2025 GMT Subject: CN=7f4454f8ad6c425ac9470857a4c8174cdb9849a8 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a1:ab:3e:c3:6f:59:c5:94:9a:d5:96:5b:0c:b8: 78:57:b8:4f:c4:c3:d8:68:78:e0:e3:5f:85:eb:d9: 61:dd:7a:73:2b:f9:8b:aa:31:6d:f9:d3:65:ec:d6: e2:85:35:e0:c1:76:ed:a7:a5:8b:8c:f3:bb:55:a6: 15:91:3b:62:da:c3:b6:b2:10:33:43:89:b0:d4:f2: 53:4f:a2:5b:57:32:c5:2d:af:3a:74:20:0b:d8:42: f1:05:bc:c0:a1:f4:22:c1:13:b0:ad:e2:06:f0:49: a8:4a:a7:17:6e:a2:a0:89:bd:a2:63:3e:e6:11:f6: d0:86:5b:ba:de:d1:da:29:ad:c7:2e:31:64:eb:d2: 0d:e8:cb:ae:9e:c7:69:2a:76:50:83:71:e2:78:48: 50:73:21:41:c7:c0:e6:7b:db:1b:17:23:ad:fd:c4: ae:83:02:5f:df:12:97:13:8c:1c:e5:06:97:69:af: 08:4d:97:e3:de:e8:03:c5:16:0b:c4:d2:4b:98:dc: fb:bf:24:c7:54:bf:a2:08:70:0b:eb:ff:1d:27:9d: b3:80:de:38:01:45:79:4f:c6:0f:a1:6f:b1:f1:cd: 25:ad:49:b1:77:5a:ab:91:6a:7f:78:e8:89:72:52: bf:d2:ff:c3:42:d5:ea:86:79:54:31:a5:9f:3e:09: 0c:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 7F:44:54:F8:AD:6C:42:5A:C9:47:08:57:A4:C8:17:4C:DB:98:49:A8 X509v3 Authority Key Identifier: keyid:91:F8:A4:9B:0D:65:33:D0:67:99:56:87:FA:EE:3D:B7:3A:AA:08:B1 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kfikmw1lM9BnmVaH-u49tzqqCLE.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/389fbf-dfb5-4a0b-b846-4328429bd374/1/kfikmw1lM9BnmVaH-u49tzqqCLE.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/389fbf-dfb5-4a0b-b846-4328429bd374/1/kfikmw1lM9BnmVaH-u49tzqqCLE.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 22:ec:fa:86:69:f2:0d:f6:ac:86:08:c3:dc:6e:1d:64:d4:9f: 9f:6b:d2:2b:66:f0:0c:17:ec:12:d3:c2:d2:3f:67:6b:86:5d: 0e:84:ae:96:36:b3:3c:2d:9b:97:86:05:9b:78:50:6d:fc:32: 4c:38:bc:1f:c7:08:89:5c:44:a7:d6:b2:02:c9:16:bf:1f:48: f1:6e:63:7f:27:84:65:18:3b:88:d2:ab:d3:ab:0b:38:30:98: 57:81:67:69:39:4e:29:88:dc:d4:1c:25:12:f9:7a:60:78:eb: e4:03:8d:4a:a0:f5:79:2e:29:2d:59:4d:4d:e4:8c:cf:bf:17: 0e:52:6e:56:aa:e4:60:b4:20:89:4d:d0:22:3e:b5:10:b9:51: 92:29:27:29:9e:7a:df:14:0e:8c:a8:a3:d1:c9:df:cd:4f:f9: ef:45:d9:1b:45:90:a7:29:31:d4:43:ad:79:aa:8f:a3:8f:68: 0d:4d:41:61:07:82:0d:c4:3f:49:e4:e2:4e:c5:f0:67:bc:67: 53:a4:f1:70:ec:3d:5f:20:dc:2d:f9:0a:70:28:4d:54:df:5e: b9:1b:4e:bb:b4:e3:ab:cd:e3:67:03:82:53:d6:7e:33:ee:bf: ad:8d:15:dd:36:e6:54:d1:22:ac:65:da:e6:65:ee:35:bb:76: aa:51:11:04 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZtIFJjVIeAaNKadhYzlAF3QMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDkxZjhhNDliMGQ2NTMzZDA2Nzk5NTY4N2ZhZWUzZGI3M2Fh YTA4YjEwHhcNMjUxMjIyMjIwMTA3WhcNMjUxMjIzMjIwMTA3WjAzMTEwLwYDVQQD Eyg3ZjQ0NTRmOGFkNmM0MjVhYzk0NzA4NTdhNGM4MTc0Y2RiOTg0OWE4MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoas+w29ZxZSa1ZZbDLh4V7hPxMPY aHjg41+F69lh3XpzK/mLqjFt+dNl7NbihTXgwXbtp6WLjPO7VaYVkTti2sO2shAz Q4mw1PJTT6JbVzLFLa86dCAL2ELxBbzAofQiwROwreIG8EmoSqcXbqKgib2iYz7m EfbQhlu63tHaKa3HLjFk69IN6MuunsdpKnZQg3HieEhQcyFBx8Dme9sbFyOt/cSu gwJf3xKXE4wc5QaXaa8ITZfj3ugDxRYLxNJLmNz7vyTHVL+iCHAL6/8dJ52zgN44 AUV5T8YPoW+x8c0lrUmxd1qrkWp/eOiJclK/0v/DQtXqhnlUMaWfPgkM6QIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFH9EVPitbEJayUcIV6TIF0zbmEmoMB8GA1UdIwQY MBaAFJH4pJsNZTPQZ5lWh/ruPbc6qgixMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQva2Zpa213MWxNOUJubVZhSC11NDl0enFxQ0xFLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zODlmYmYtZGZiNS00YTBiLWI4NDYt NDMyODQyOWJkMzc0LzEva2Zpa213MWxNOUJubVZhSC11NDl0enFxQ0xFLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8zYi8zODlmYmYtZGZiNS00YTBiLWI4NDYtNDMyODQyOWJkMzc0 LzEva2Zpa213MWxNOUJubVZhSC11NDl0enFxQ0xFLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAIuz6hmny DfashgjD3G4dZNSfn2vSK2bwDBfsEtPC0j9na4ZdDoSuljazPC2bl4YFm3hQbfwy TDi8H8cIiVxEp9ayAskWvx9I8W5jfyeEZRg7iNKr06sLODCYV4FnaTlOKYjc1Bwl Evl6YHjr5AONSqD1eS4pLVlNTeSMz78XDlJuVqrkYLQgiU3QIj61ELlRkiknKZ56 3xQOjKij0cnfzU/570XZG0WQpykx1EOteaqPo49oDU1BYQeCDcQ/SeTiTsXwZ7xn U6TxcOw9XyDcLfkKcChNVN9euRtOu7Tjq83jZwOCU9Z+M+6/rY0V3TbmVNEirGXa 5mXuNbt2qlERBA== -----END CERTIFICATE-----Generated at Tue Dec 23 07:54:32 2025 by rpki-client