This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/c3624b-9085-4589-bf4d-fefd943f16c9/1/3cf_z32PTDOExrKNBKESsh8jeRA.mft File: 3cf_z32PTDOExrKNBKESsh8jeRA.mft (raw, json) Hash identifier: T7H0fsVrDxJorIdvFqaAew9dqL+/U8J34yibAVRRK7g= Subject key identifier: 96:0B:94:CE:F8:DE:1E:91:8C:D8:56:8C:8D:9F:79:7A:DA:94:F5:6E Authority key identifier: DD:C7:FF:CF:7D:8F:4C:33:84:C6:B2:8D:04:A1:12:B2:1F:23:79:10 Certificate issuer: /CN=ddc7ffcf7d8f4c3384c6b28d04a112b21f237910 Certificate serial: 019C1BA3E0C697E94CC77F5BC52B152D8380 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3cf_z32PTDOExrKNBKESsh8jeRA.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/c3624b-9085-4589-bf4d-fefd943f16c9/1/3cf_z32PTDOExrKNBKESsh8jeRA.mft Manifest number: 0F Signing time: Sun 01 Feb 2026 23:57:30 +0000 Manifest this update: Sun 01 Feb 2026 23:57:30 +0000 Manifest next update: Mon 02 Feb 2026 23:57:30 +0000 Files and hashes: 1: 3cf_z32PTDOExrKNBKESsh8jeRA.crl (hash: xwqY6bzsK/1uAqVZWKoj7znIFXolthhv5uvnu1G6o4U=) 2: JweZ-mZ4QpfJLNa0LLxHAZMVsUA.asa (hash: A9QHEq0pLvrlQHN3qVreUBC2I0kr1vhBAJbPWlsZCsE=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/89/c3624b-9085-4589-bf4d-fefd943f16c9/1/3cf_z32PTDOExrKNBKESsh8jeRA.crl rsync://rpki.ripe.net/repository/DEFAULT/89/c3624b-9085-4589-bf4d-fefd943f16c9/1/3cf_z32PTDOExrKNBKESsh8jeRA.mft rsync://rpki.ripe.net/repository/DEFAULT/3cf_z32PTDOExrKNBKESsh8jeRA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 02 Feb 2026 21:00:30 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9c:1b:a3:e0:c6:97:e9:4c:c7:7f:5b:c5:2b:15:2d:83:80 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=ddc7ffcf7d8f4c3384c6b28d04a112b21f237910 Validity Not Before: Feb 1 23:57:30 2026 GMT Not After : Feb 2 23:57:30 2026 GMT Subject: CN=960b94cef8de1e918cd8568c8d9f797ada94f56e Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d2:8d:22:dc:88:fb:33:ae:4d:fc:c7:f4:97:93: e1:1d:12:2e:44:cc:50:4a:7d:de:e1:c0:72:20:cc: 8d:1b:57:27:26:94:0e:77:ab:4a:36:40:14:98:91: 93:d4:a6:e4:80:ed:a1:15:df:7f:72:b8:c2:18:a3: b0:50:26:98:65:39:de:e1:da:27:01:64:4e:de:f8: 6f:9c:b0:a1:4f:20:eb:71:9b:ac:f0:c2:72:f1:7c: 5b:a8:e8:e1:5f:69:49:a2:65:7d:c6:e8:2b:3d:49: 59:41:0c:c7:56:09:bb:eb:51:48:b2:3f:90:04:5f: b9:73:64:af:89:3a:b7:1b:e1:3d:1c:20:d8:47:60: 17:c6:07:55:dc:87:25:7d:78:d7:9f:7d:20:2d:9f: e0:52:f2:84:e7:5a:dd:f3:ad:4a:a4:1c:2c:b8:cd: 54:a3:54:e3:88:65:49:f9:a8:46:4c:9a:a0:4f:fe: a1:81:d0:67:79:06:84:d2:97:1b:d5:98:5c:32:05: 4e:d8:21:81:f3:fb:1d:cb:35:ff:64:a5:b6:42:e6: 41:34:ae:fd:ae:4c:cd:b8:64:f8:8f:72:ba:9c:0c: 1b:f1:e1:25:d0:7a:04:d0:2b:2d:6a:c8:bc:91:8d: 1d:0c:84:dd:f3:30:10:55:16:b6:3c:23:c3:42:4a: f7:df Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 96:0B:94:CE:F8:DE:1E:91:8C:D8:56:8C:8D:9F:79:7A:DA:94:F5:6E X509v3 Authority Key Identifier: keyid:DD:C7:FF:CF:7D:8F:4C:33:84:C6:B2:8D:04:A1:12:B2:1F:23:79:10 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3cf_z32PTDOExrKNBKESsh8jeRA.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/c3624b-9085-4589-bf4d-fefd943f16c9/1/3cf_z32PTDOExrKNBKESsh8jeRA.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/89/c3624b-9085-4589-bf4d-fefd943f16c9/1/3cf_z32PTDOExrKNBKESsh8jeRA.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption 3a:2c:7c:3b:c6:dd:a7:ed:da:a7:7a:a0:19:07:3b:ea:30:87: ec:cf:75:56:90:63:6f:67:2e:83:ab:79:c3:b1:d9:51:95:81: 77:8c:f7:6a:51:83:43:88:9b:b9:08:54:6c:9a:d2:b4:32:35: 6a:ca:c2:58:8a:3b:d7:16:0c:a5:a5:8b:ee:20:b5:ae:68:23: c0:df:f1:c9:53:64:8a:f4:63:42:99:e1:ad:0e:31:a5:a9:ec: 63:dc:1e:a9:39:31:c2:8d:bf:fb:ca:d6:27:de:ca:95:83:af: 8c:77:de:59:03:16:dc:ed:be:20:24:e0:05:95:13:48:e4:6c: f2:d9:f5:d7:68:72:11:58:ed:61:62:84:9c:50:7a:ce:85:cf: 1b:84:3a:e9:84:e0:3a:a0:17:de:03:72:33:5c:95:11:ad:ac: cb:7d:2a:d9:62:d9:85:ad:ec:07:69:d6:97:6d:40:ae:e0:64: 44:f0:18:83:a5:ef:83:74:40:29:35:6b:9f:a2:9c:7f:ed:ea: 66:6b:e3:cc:15:41:67:45:f1:d4:44:76:5b:fe:eb:f5:f1:43: e0:bb:0d:f3:25:76:19:d4:f6:cc:34:77:30:2a:17:fd:cb:9b: 46:ad:8f:fc:b4:be:5d:e6:35:65:77:5a:f8:df:76:e3:b9:12: f5:4e:53:95 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZwbo+DGl+lMx39bxSsVLYOAMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGRkYzdmZmNmN2Q4ZjRjMzM4NGM2YjI4ZDA0YTExMmIyMWYy Mzc5MTAwHhcNMjYwMjAxMjM1NzMwWhcNMjYwMjAyMjM1NzMwWjAzMTEwLwYDVQQD Eyg5NjBiOTRjZWY4ZGUxZTkxOGNkODU2OGM4ZDlmNzk3YWRhOTRmNTZlMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0o0i3Ij7M65N/Mf0l5PhHRIuRMxQ Sn3e4cByIMyNG1cnJpQOd6tKNkAUmJGT1KbkgO2hFd9/crjCGKOwUCaYZTne4don AWRO3vhvnLChTyDrcZus8MJy8XxbqOjhX2lJomV9xugrPUlZQQzHVgm761FIsj+Q BF+5c2SviTq3G+E9HCDYR2AXxgdV3IclfXjXn30gLZ/gUvKE51rd861KpBwsuM1U o1TjiGVJ+ahGTJqgT/6hgdBneQaE0pcb1ZhcMgVO2CGB8/sdyzX/ZKW2QuZBNK79 rkzNuGT4j3K6nAwb8eEl0HoE0Cstasi8kY0dDITd8zAQVRa2PCPDQkr33wIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFJYLlM743h6RjNhWjI2feXralPVuMB8GA1UdIwQY MBaAFN3H/899j0wzhMayjQShErIfI3kQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvM2NmX3ozMlBURE9FeHJLTkJLRVNzaDhqZVJBLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9jMzYyNGItOTA4NS00NTg5LWJmNGQt ZmVmZDk0M2YxNmM5LzEvM2NmX3ozMlBURE9FeHJLTkJLRVNzaDhqZVJBLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC84OS9jMzYyNGItOTA4NS00NTg5LWJmNGQtZmVmZDk0M2YxNmM5 LzEvM2NmX3ozMlBURE9FeHJLTkJLRVNzaDhqZVJBLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAOix8O8bd p+3ap3qgGQc76jCH7M91VpBjb2cug6t5w7HZUZWBd4z3alGDQ4ibuQhUbJrStDI1 asrCWIo71xYMpaWL7iC1rmgjwN/xyVNkivRjQpnhrQ4xpansY9weqTkxwo2/+8rW J97KlYOvjHfeWQMW3O2+ICTgBZUTSORs8tn112hyEVjtYWKEnFB6zoXPG4Q66YTg OqAX3gNyM1yVEa2sy30q2WLZha3sB2nWl21AruBkRPAYg6Xvg3RAKTVrn6Kcf+3q ZmvjzBVBZ0Xx1ER2W/7r9fFD4LsN8yV2GdT2zDR3MCoX/cubRq2P/LS+XeY1ZXda +N9247kS9U5TlQ== -----END CERTIFICATE-----Generated at Mon Feb 2 08:07:50 2026 by rpki-client