This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.mft File: OkjgM962SsQkPHLOiZ1Tgi32mW0.mft (raw, json) Hash identifier: yjmLQgAaccX6UHPRhRGgYXnVse2nL1Vn8GRcuL/av6Q= Subject key identifier: 8E:BF:70:51:4F:5D:4D:50:41:86:A6:CA:1A:26:3A:B1:15:B5:34:5B Authority key identifier: 3A:48:E0:33:DE:B6:4A:C4:24:3C:72:CE:89:9D:53:82:2D:F6:99:6D Certificate issuer: /CN=3a48e033deb64ac4243c72ce899d53822df6996d Certificate serial: 019B20D010CDD2D89BEE25A3F41EE3EE1C08 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OkjgM962SsQkPHLOiZ1Tgi32mW0.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.mft Manifest number: 170B Signing time: Mon 15 Dec 2025 07:01:05 +0000 Manifest this update: Mon 15 Dec 2025 07:01:05 +0000 Manifest next update: Tue 16 Dec 2025 07:01:05 +0000 Files and hashes: 1: OkjgM962SsQkPHLOiZ1Tgi32mW0.crl (hash: ZG/QVoMWdNmgO6EVw5AA0VTYMLEGkk17W0ttDEv863Y=) 2: oU-Dh2GrIk6DJo0B3ckZobCZQLg.roa (hash: 3M/n9wvPmKU+uLTP2MTaGav/2cb5GDciUi4YXKv/+G0=) Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.crl rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.mft rsync://rpki.ripe.net/repository/DEFAULT/OkjgM962SsQkPHLOiZ1Tgi32mW0.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 15 Dec 2025 23:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:20:d0:10:cd:d2:d8:9b:ee:25:a3:f4:1e:e3:ee:1c:08 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=3a48e033deb64ac4243c72ce899d53822df6996d Validity Not Before: Dec 15 07:01:05 2025 GMT Not After : Dec 16 07:01:05 2025 GMT Subject: CN=8ebf70514f5d4d504186a6ca1a263ab115b5345b Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b3:e2:bd:91:dc:f2:9a:4a:ca:d4:1a:4d:5c:29: 9f:08:f6:8d:20:6d:0a:74:4a:21:0f:ae:a6:c0:3d: ab:b0:3e:90:a0:eb:30:09:8b:2a:d2:28:5a:74:81: 66:41:62:28:c3:a8:84:82:52:f5:92:14:44:ec:12: f3:26:64:e0:64:dc:b2:73:bd:0c:61:0d:bd:a7:85: 46:47:b2:62:6a:a7:6c:ae:12:ce:80:29:d0:10:ef: ff:58:4f:eb:58:9d:e9:a3:8b:70:33:55:ef:41:75: 9c:5c:0b:74:7d:86:d2:b7:a8:be:c5:8a:06:37:2e: e0:3d:d3:e7:af:f4:0d:37:05:ff:1d:4e:f1:16:ee: 85:c1:d1:96:4b:60:48:2f:a2:f4:d5:6d:e2:80:1b: eb:37:44:d9:9b:20:40:ec:07:1f:ad:f3:54:14:e7: a3:1c:4e:ac:a2:1a:0c:89:4a:33:45:9a:04:8f:f1: cc:e1:5c:f7:d2:0c:26:92:77:c7:ab:f0:f9:ee:46: cb:d7:56:fd:d8:df:fd:a4:0d:3a:40:d7:99:87:ea: 90:02:d6:72:11:71:31:c5:20:0e:56:a9:fb:8b:bd: 87:95:b0:a5:9c:44:41:8b:87:50:c5:98:76:26:ba: 7e:5d:55:a1:52:0f:e5:28:72:68:4f:15:e4:b4:73: bb:7f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 8E:BF:70:51:4F:5D:4D:50:41:86:A6:CA:1A:26:3A:B1:15:B5:34:5B X509v3 Authority Key Identifier: keyid:3A:48:E0:33:DE:B6:4A:C4:24:3C:72:CE:89:9D:53:82:2D:F6:99:6D X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OkjgM962SsQkPHLOiZ1Tgi32mW0.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.mft X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7fa7b0-ace4-492d-8e91-c5321dc9e64b/1/OkjgM962SsQkPHLOiZ1Tgi32mW0.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit Signature Algorithm: sha256WithRSAEncryption a3:d4:f1:68:95:00:99:eb:92:2c:d1:42:1c:18:66:5e:9c:d5: 50:8a:ed:64:b9:f3:76:90:f6:f3:51:19:dc:d8:89:72:2e:71: 68:45:4e:22:f7:92:a8:36:48:ea:c3:71:6c:67:5c:4a:ad:e7: 5e:54:4d:c8:22:7a:d3:42:c2:92:4f:ce:4d:fc:64:fb:e8:d4: c6:32:a8:af:f4:6d:af:e8:25:f7:cd:59:f5:a9:46:52:ce:04: 40:87:5c:ac:b7:29:b6:5d:31:5c:ee:bb:87:2c:91:16:e0:38: ce:3c:74:96:2c:84:40:ee:46:1d:44:47:cb:6c:5c:b5:46:b8: 6d:7d:2c:57:37:25:f6:c0:bd:27:8c:6e:6c:3d:2a:01:2e:dd: e2:37:b5:1d:83:d2:52:f0:30:86:b3:30:d4:93:95:55:c5:a6: 8c:b2:47:ba:6c:0c:a3:07:2d:af:76:ca:90:d8:24:87:d7:dc: 62:8f:de:9a:e7:a4:45:a2:c6:b4:e2:51:6c:46:3a:44:68:d8: f3:a3:37:5f:8e:eb:f5:08:0b:c0:e8:fd:32:f2:dc:8e:28:53: a5:fe:1f:f6:27:ac:e9:c8:f5:80:06:07:8a:f7:94:a5:ef:b7: cb:a7:64:0b:2d:75:91:df:1f:f8:67:14:29:5e:c7:dd:90:b9: a7:85:b7:72 -----BEGIN CERTIFICATE----- MIIFFjCCA/6gAwIBAgISAZsg0BDN0tib7iWj9B7j7hwIMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDNhNDhlMDMzZGViNjRhYzQyNDNjNzJjZTg5OWQ1MzgyMmRm Njk5NmQwHhcNMjUxMjE1MDcwMTA1WhcNMjUxMjE2MDcwMTA1WjAzMTEwLwYDVQQD Eyg4ZWJmNzA1MTRmNWQ0ZDUwNDE4NmE2Y2ExYTI2M2FiMTE1YjUzNDViMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+K9kdzymkrK1BpNXCmfCPaNIG0K dEohD66mwD2rsD6QoOswCYsq0ihadIFmQWIow6iEglL1khRE7BLzJmTgZNyyc70M YQ29p4VGR7JiaqdsrhLOgCnQEO//WE/rWJ3po4twM1XvQXWcXAt0fYbSt6i+xYoG Ny7gPdPnr/QNNwX/HU7xFu6FwdGWS2BIL6L01W3igBvrN0TZmyBA7AcfrfNUFOej HE6sohoMiUozRZoEj/HM4Vz30gwmknfHq/D57kbL11b92N/9pA06QNeZh+qQAtZy EXExxSAOVqn7i72HlbClnERBi4dQxZh2Jrp+XVWhUg/lKHJoTxXktHO7fwIDAQAB o4ICIjCCAh4wHQYDVR0OBBYEFI6/cFFPXU1QQYamyhomOrEVtTRbMB8GA1UdIwQY MBaAFDpI4DPetkrEJDxyzomdU4It9pltMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvT2tqZ005NjJTc1FrUEhMT2laMVRnaTMybVcwLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83ZmE3YjAtYWNlNC00OTJkLThlOTEt YzUzMjFkYzllNjRiLzEvT2tqZ005NjJTc1FrUEhMT2laMVRnaTMybVcwLm1mdDCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC9iYy83ZmE3YjAtYWNlNC00OTJkLThlOTEtYzUzMjFkYzllNjRi LzEvT2tqZ005NjJTc1FrUEhMT2laMVRnaTMybVcwLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEAo9TxaJUA meuSLNFCHBhmXpzVUIrtZLnzdpD281EZ3NiJci5xaEVOIveSqDZI6sNxbGdcSq3n XlRNyCJ600LCkk/OTfxk++jUxjKor/Rtr+gl981Z9alGUs4EQIdcrLcptl0xXO67 hyyRFuA4zjx0liyEQO5GHURHy2xctUa4bX0sVzcl9sC9J4xubD0qAS7d4je1HYPS UvAwhrMw1JOVVcWmjLJHumwMowctr3bKkNgkh9fcYo/emuekRaLGtOJRbEY6RGjY 86M3X47r9QgLwOj9MvLcjihTpf4f9ies6cj1gAYHiveUpe+3y6dkCy11kd8f+GcU KV7H3ZC5p4W3cg== -----END CERTIFICATE-----Generated at Mon Dec 15 09:35:52 2025 by rpki-client