Manifest

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1587/LeFPKsfwI4E3BS6qMVxb1kMTQCI.mft
File:                     LeFPKsfwI4E3BS6qMVxb1kMTQCI.mft (raw, json)
Hash identifier:          gtnTtEXHCoYPLMVYMjnd7hB2sGOvaigzsvGgxDdZTo4=
Subject key identifier:   3B:F1:B4:C4:CC:5F:75:AE:31:36:9F:EA:60:3F:5A:F1:FE:7C:27:BB
Authority key identifier: 2D:E1:4F:2A:C7:F0:23:81:37:05:2E:AA:31:5C:5B:D6:43:13:40:22
Certificate issuer:       /CN=2DE14F2AC7F0238137052EAA315C5BD643134022
Certificate serial:       1D67
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LeFPKsfwI4E3BS6qMVxb1kMTQCI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1587/LeFPKsfwI4E3BS6qMVxb1kMTQCI.mft
Manifest number:          1D43
Signing time:             Sat 29 Mar 2025 08:29:24 +0000
Manifest this update:     Sat 29 Mar 2025 08:29:24 +0000
Manifest next update:     Sat 29 Mar 2025 14:29:24 +0000
Files and hashes:         1: 5gv8NleysD8vl08l6aoCX-p4xqQ.roa (hash: tjzD0+CnyrFF+9hnhQ6B5JFuFle1cgkJByBQ1F5rqFQ=)
                          2: DKOVFRvr4JVI9fvsPOjSqP1QgZc.roa (hash: QHteCIReMB0y+8VYHHaJGLpZg/KydkuT8bWg/zzfV5U=)
                          3: EM8Mq0tuQwiD0QzNO6S-MBgjnmQ.roa (hash: Wuvx2xEPbvtcHwzCHgxwltJqe9Y1uivqf3ZchdgMl18=)
                          4: JGLVC4XzP6n9Cse-BrUivBt0pKA.roa (hash: cUCcalTTQ/avTVz8fQt2rahEv60GW/AWsaAJaWXrHgk=)
                          5: Kkf0wEszuwKdTv9qpkzRy7ilXdU.roa (hash: HdPDHoTL8Dq58Fm287LsLnmM8ifFJlmc7xBmnFLGVN4=)
                          6: LeFPKsfwI4E3BS6qMVxb1kMTQCI.crl (hash: OKzYVrB9+jPX75kvfZv/GvIbLG1tgO8eGtzMnYS8rUY=)
                          7: aX4hJDF0bJCSU4ePeWAaXLuAv7I.roa (hash: 3AmaA6tp7GabNXg0iGIHu2sayNs/VYaHMP9tOjJ2DZg=)
                          8: juH5j12Fxo8rXcxy5Avh-0BW8hU.roa (hash: FlXXfeNl6lDL7vg1dmAFL0GrFuDMRK2C9ACeNh39et8=)
                          9: p5GAXjjmGykge0j13vuR-fiPXzc.roa (hash: 0xZ8lfzfM1iN4qmV9NjtVZ2u+E5xO+r0x0N8DaUfu7c=)
                          10: qxxKg1IOhS-n9NxYxH7qQIrdoQU.roa (hash: C/pqYrg5VOxK+n7Ap2Truck5QxGmRvjQ0JHKTQP1YAk=)
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7527 (0x1d67)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2DE14F2AC7F0238137052EAA315C5BD643134022
        Validity
            Not Before: Mar 29 08:29:24 2025 GMT
            Not After : Sep 27 02:40:14 2025 GMT
        Subject: CN=3BF1B4C4CC5F75AE31369FEA603F5AF1FE7C27BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:19:38:4d:20:c0:de:68:1a:99:f1:0a:ca:8e:
                    cc:17:f1:34:6d:3a:99:43:99:9d:96:9c:9a:47:63:
                    9d:b9:13:32:e9:79:b4:2d:0c:73:46:41:47:1a:5a:
                    b9:97:4f:8d:99:43:04:b3:ff:53:97:ba:74:ab:f3:
                    58:05:53:04:5f:18:40:99:1f:40:7b:eb:42:85:91:
                    c0:77:98:29:cf:6f:6e:63:4a:c8:fe:38:e8:32:c6:
                    90:49:a8:fa:34:db:24:8e:e4:a7:f2:bc:c4:52:69:
                    23:96:2a:82:08:88:46:75:1a:21:14:b0:9c:f7:b9:
                    85:75:0c:77:02:6b:16:d2:e3:5a:70:41:7b:ca:39:
                    3c:d6:10:71:e3:5e:ec:44:a3:1c:88:cd:6d:ec:bb:
                    94:f6:f8:ea:86:da:44:0a:ba:4e:f1:09:02:3e:b9:
                    74:14:1e:47:a4:72:db:f7:29:69:55:38:47:0b:94:
                    66:fd:c4:6a:79:67:89:2f:ee:76:78:d6:7a:5a:d3:
                    54:c6:36:a1:03:a8:f3:7f:d8:80:ec:05:75:c7:74:
                    15:b1:28:df:93:6f:6c:95:aa:5a:4c:e7:a7:49:53:
                    4e:e5:29:21:eb:e0:40:07:76:d3:8b:c8:63:80:f1:
                    17:50:da:9f:10:9d:80:31:0b:cb:85:fc:8b:b4:a9:
                    f2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:F1:B4:C4:CC:5F:75:AE:31:36:9F:EA:60:3F:5A:F1:FE:7C:27:BB
            X509v3 Authority Key Identifier:
                keyid:2D:E1:4F:2A:C7:F0:23:81:37:05:2E:AA:31:5C:5B:D6:43:13:40:22

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1587/LeFPKsfwI4E3BS6qMVxb1kMTQCI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/LeFPKsfwI4E3BS6qMVxb1kMTQCI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1587/LeFPKsfwI4E3BS6qMVxb1kMTQCI.mft
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

    Signature Algorithm: sha256WithRSAEncryption
         a4:33:c0:35:03:04:67:08:1c:cb:7b:92:14:6f:dc:25:b4:30:
         b4:60:e3:b0:a0:a6:10:5b:81:03:1a:39:0b:88:c5:d2:39:7b:
         49:30:31:91:90:14:3d:70:d2:f9:b7:4e:9e:02:da:fd:01:f1:
         93:f8:ad:3f:6e:97:2f:48:e0:aa:df:7a:6f:9c:76:c9:eb:1b:
         77:75:a3:7a:45:5f:85:1b:11:46:78:3d:72:cf:5c:dc:79:0a:
         13:f1:6b:5a:18:bb:59:77:65:9e:09:2d:9e:32:97:09:59:fe:
         66:14:6e:f4:61:04:60:65:12:ed:53:9c:09:2b:8b:81:c5:86:
         fd:7b:98:ef:66:92:21:62:05:10:82:35:cb:b4:86:2b:1e:54:
         90:2e:b1:b3:42:7d:ec:b1:d7:a8:fe:4f:bc:f0:41:d3:0c:43:
         6c:65:d9:66:82:e9:68:d6:05:6c:1d:07:7c:9d:ea:02:5b:70:
         f6:07:af:c2:3f:3a:c2:f9:dc:17:cb:cc:e9:91:26:15:89:c5:
         95:e4:0a:27:c4:ed:f8:01:62:7b:5b:c7:59:0d:a6:f5:76:bc:
         e3:66:10:cb:86:0f:0d:45:ee:04:e5:c0:ee:e7:80:08:be:55:
         c7:c7:b0:59:fd:ba:0e:8c:10:34:b6:eb:c8:92:e3:04:7d:82:
         b2:8a:06:0d
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgICHWcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkRF
MTRGMkFDN0YwMjM4MTM3MDUyRUFBMzE1QzVCRDY0MzEzNDAyMjAeFw0yNTAzMjkw
ODI5MjRaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDNCRjFCNEM0Q0M1Rjc1
QUUzMTM2OUZFQTYwM0Y1QUYxRkU3QzI3QkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDWGThNIMDeaBqZ8QrKjswX8TRtOplDmZ2WnJpHY525EzLpebQt
DHNGQUcaWrmXT42ZQwSz/1OXunSr81gFUwRfGECZH0B760KFkcB3mCnPb25jSsj+
OOgyxpBJqPo02ySO5KfyvMRSaSOWKoIIiEZ1GiEUsJz3uYV1DHcCaxbS41pwQXvK
OTzWEHHjXuxEoxyIzW3su5T2+OqG2kQKuk7xCQI+uXQUHkekctv3KWlVOEcLlGb9
xGp5Z4kv7nZ41npa01TGNqEDqPN/2IDsBXXHdBWxKN+Tb2yVqlpM56dJU07lKSHr
4EAHdtOLyGOA8RdQ2p8QnYAxC8uF/Iu0qfIbAgMBAAGjggIMMIICCDAdBgNVHQ4E
FgQUO/G0xMxfda4xNp/qYD9a8f58J7swHwYDVR0jBBgwFoAULeFPKsfwI4E3BS6q
MVxb1kMTQCIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTU4
Ny9MZUZQS3Nmd0k0RTNCUzZxTVZ4YjFrTVRRQ0kuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL0xlRlBLc2Z3STRFM0JTNnFNVnhiMWtNVFFDSS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzE1ODcvTGVGUEtzZndJNEUz
QlM2cU1WeGIxa01UUUNJLm1mdDAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAVBggrBgEFBQcBCAEB/wQGMASgAgUAMCEG
CCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAwDQYJKoZIhvcNAQELBQAD
ggEBAKQzwDUDBGcIHMt7khRv3CW0MLRg47CgphBbgQMaOQuIxdI5e0kwMZGQFD1w
0vm3Tp4C2v0B8ZP4rT9uly9I4Krfem+cdsnrG3d1o3pFX4UbEUZ4PXLPXNx5ChPx
a1oYu1l3ZZ4JLZ4ylwlZ/mYUbvRhBGBlEu1TnAkri4HFhv17mO9mkiFiBRCCNcu0
hiseVJAusbNCfeyx16j+T7zwQdMMQ2xl2WaC6WjWBWwdB3yd6gJbcPYHr8I/OsL5
3BfLzOmRJhWJxZXkCifE7fgBYntbx1kNpvV2vONmEMuGDw1F7gTlwO7ngAi+VcfH
sFn9ug6MEDS268iS4wR9grKKBg0=
-----END CERTIFICATE-----