Manifest

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/64/XrjFfXL3lG3XskIFmSiOyhU8twk.mft
File:                     XrjFfXL3lG3XskIFmSiOyhU8twk.mft (raw, json)
Hash identifier:          mb3f5IBARbxfyn4cpRzI+lczTsipWUf/7uw7nmA4pss=
Subject key identifier:   32:D6:DF:0C:06:98:BD:E8:50:B6:1E:3D:63:D4:5F:EA:1E:83:60:70
Authority key identifier: 5E:B8:C5:7D:72:F7:94:6D:D7:B2:42:05:99:28:8E:CA:15:3C:B7:09
Certificate issuer:       /CN=5EB8C57D72F7946DD7B2420599288ECA153CB709
Certificate serial:       DB
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/XrjFfXL3lG3XskIFmSiOyhU8twk.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/64/XrjFfXL3lG3XskIFmSiOyhU8twk.mft
Manifest number:          CC
Signing time:             Fri 04 Jul 2025 06:11:47 +0000
Manifest this update:     Fri 04 Jul 2025 06:11:47 +0000
Manifest next update:     Fri 04 Jul 2025 12:11:47 +0000
Files and hashes:         1: -kvC1odFCKGfYwuP6kDSWCxa5cs.roa (hash: tnU1N852eOToaS3ilm0JWRHgYOaWT3bJAfStolGhwEI=)
                          2: 53WDhDUk0P7JcNoey2WXAIu3VAg.roa (hash: iOmb24loXZqCFP8DSE+C3NqDD3n3CuCWWhW3g3TUjRA=)
                          3: AasOdNmv0zHu4_c9-AzjNCkc0uI.roa (hash: N8YP934qLXcJhJar5NjswQEwIUS7svcuTKLe+uxGRAM=)
                          4: Fg1ErO9BHoKc_FII_rFTeLSw7po.roa (hash: bgExHcY9aLohokDPnLtJC0JNz4gv06ZKUqd8rHdr04s=)
                          5: HHip6xGy3KjEAMb_7wUxr4yVUQM.roa (hash: VpCNBNNgdvIc1ysg1ppt9KGLdfl82u7emNBYfkXFK/4=)
                          6: IYfAkO30FFNQ0NLxemsf-zs6iNA.roa (hash: zIOBveQUSlLmVJeKCea/oWuVgo0OjGpDfgdm4U8G8mE=)
                          7: NpRrsLdPP0YpI7jjQD34UQ5k4G8.roa (hash: 01WGFpA57IU1hSI2uRZXrj1/+8ZrG6EjbFFy2SBjfaM=)
                          8: PDflsZuvg8-6ap7hZ_S293XAEs8.roa (hash: g7HtnFG2KoFpC4ixAAbI9CS9N4IAR7RNGgtVlUBc1Ic=)
                          9: TRsllJSkEPmnLGRBl0ebrTHdqUE.roa (hash: T9rV/A+m2L9HkkPUmRQCNU45A/Mqdg6my4PcVgCno8E=)
                          10: XrjFfXL3lG3XskIFmSiOyhU8twk.crl (hash: QnQ0F45tWCY5MGR7fU3vUu8Fn7Ivmdbs6YWL3/xpiko=)
                          11: cWImJWVYwJtT2DVZSvess2PB44g.roa (hash: pCWOv2JcjWI9GgoFfSf2ihbHQ73eRrecxsMYo6WEBk4=)
                          12: ghPaf9745tJbRM2YiaM4gRBGbIQ.roa (hash: c5pyLTuOnotoKT0S1QS5Zk7365IadK9YXzhpFYcEJ8U=)
                          13: pCIYmEUUf4wGyVIT-YYL3EWzhYE.roa (hash: VQI1jAs2W0S0lWYH2aeurU8HN6osLbzDnzztG7Iqt1U=)
                          14: wLBCQS1OcFKf5jwfCrO2RuLyKxg.roa (hash: zvKAVQ1/Ys9GSlKB3gUEGolh8vjjW8BwNg1SlqEWfKU=)
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/64/XrjFfXL3lG3XskIFmSiOyhU8twk.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/64/XrjFfXL3lG3XskIFmSiOyhU8twk.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/XrjFfXL3lG3XskIFmSiOyhU8twk.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 04 Jul 2025 12:11:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 219 (0xdb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5EB8C57D72F7946DD7B2420599288ECA153CB709
        Validity
            Not Before: Jul  4 06:11:47 2025 GMT
            Not After : May 26 00:40:26 2026 GMT
        Subject: CN=32D6DF0C0698BDE850B61E3D63D45FEA1E836070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:2d:4c:89:ed:6d:7b:32:ef:bf:90:2a:17:2e:
                    d7:20:4d:c0:72:d0:75:d8:84:d8:45:99:0e:cb:09:
                    83:2b:65:1f:6c:e8:aa:9e:61:50:70:0b:cc:3d:a5:
                    51:af:6c:f9:47:a8:49:4d:2c:43:49:67:4d:1b:8f:
                    fb:aa:45:00:c6:15:a9:91:6a:70:2d:52:3e:7d:70:
                    94:31:c8:95:9f:8b:8e:cd:84:dc:85:55:bb:b5:47:
                    0a:f5:82:91:20:67:b7:b3:78:da:2b:39:b7:94:35:
                    92:7d:aa:b0:e8:72:b4:46:8e:40:de:69:38:4a:4b:
                    d1:8b:3a:e0:dc:4e:40:19:fa:87:be:45:5b:6d:22:
                    70:4a:7d:de:eb:a6:dc:72:51:25:08:a8:92:40:20:
                    4e:a0:21:69:4d:93:4e:34:8a:96:6a:90:c0:b5:cd:
                    c5:a6:71:50:0d:27:9b:d8:f4:e7:46:e5:61:c6:2e:
                    c6:86:b1:09:90:b3:1d:66:d9:9a:4f:73:2b:8c:c8:
                    f2:18:a3:f3:d2:58:96:50:91:5f:ec:bd:5f:6c:74:
                    e7:01:24:e1:bf:03:d9:47:c7:b2:60:6c:94:d6:7c:
                    51:e4:b2:79:ee:c8:58:7c:8c:d1:51:37:a6:a8:ff:
                    4d:77:e5:41:93:b6:d7:79:03:ff:69:72:81:2d:fa:
                    3f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D6:DF:0C:06:98:BD:E8:50:B6:1E:3D:63:D4:5F:EA:1E:83:60:70
            X509v3 Authority Key Identifier:
                keyid:5E:B8:C5:7D:72:F7:94:6D:D7:B2:42:05:99:28:8E:CA:15:3C:B7:09

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/64/XrjFfXL3lG3XskIFmSiOyhU8twk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/XrjFfXL3lG3XskIFmSiOyhU8twk.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/64/XrjFfXL3lG3XskIFmSiOyhU8twk.mft
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

    Signature Algorithm: sha256WithRSAEncryption
         66:af:69:b7:ca:44:01:9b:8f:20:30:ba:6e:2e:d7:ce:d0:c4:
         c9:3f:b7:98:ea:66:d8:09:bb:5c:00:48:a4:b8:a5:6f:36:37:
         99:42:b4:3b:d4:a0:20:1b:db:8b:a0:fb:91:81:ed:3e:17:9c:
         1e:7b:19:42:1e:29:3a:1f:62:b1:85:5c:9a:bc:a6:f7:71:b0:
         35:74:38:3d:77:a9:8d:f0:6f:3a:d0:b1:28:57:88:6e:e8:e0:
         d3:fc:ee:d5:8c:b1:76:c6:5b:8c:2a:a5:20:ce:00:07:fc:2d:
         8e:f9:d9:bd:1d:56:7d:c1:d4:3c:7f:cf:b7:88:34:77:f9:5b:
         67:01:8d:02:2a:2c:cf:77:eb:36:17:46:c9:1d:7e:b4:de:db:
         f2:76:6e:d4:f8:32:cd:1a:e3:ef:f7:49:ca:99:06:97:53:2a:
         9e:1b:fb:03:e7:12:ce:ce:3d:42:b7:ee:88:ca:aa:06:e0:d4:
         fd:14:7a:23:7f:1f:71:7d:a9:d4:65:69:21:26:cb:1e:e7:f9:
         54:ad:da:38:e3:b1:c3:c9:42:50:5d:87:28:1d:e5:58:51:f9:
         8f:57:97:bd:34:57:27:74:d6:5d:2b:a4:10:a5:85:a2:c9:cd:
         78:a5:99:eb:09:92:85:13:9f:ed:30:73:a6:88:9b:00:f7:a3:
         8e:1c:16:46
-----BEGIN CERTIFICATE-----
MIIE7DCCA9SgAwIBAgICANswDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNUVC
OEM1N0Q3MkY3OTQ2REQ3QjI0MjA1OTkyODhFQ0ExNTNDQjcwOTAeFw0yNTA3MDQw
NjExNDdaFw0yNjA1MjYwMDQwMjZaMDMxMTAvBgNVBAMTKDMyRDZERjBDMDY5OEJE
RTg1MEI2MUUzRDYzRDQ1RkVBMUU4MzYwNzAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDRLUyJ7W17Mu+/kCoXLtcgTcBy0HXYhNhFmQ7LCYMrZR9s6Kqe
YVBwC8w9pVGvbPlHqElNLENJZ00bj/uqRQDGFamRanAtUj59cJQxyJWfi47NhNyF
Vbu1Rwr1gpEgZ7ezeNorObeUNZJ9qrDocrRGjkDeaThKS9GLOuDcTkAZ+oe+RVtt
InBKfd7rptxyUSUIqJJAIE6gIWlNk040ipZqkMC1zcWmcVANJ5vY9OdG5WHGLsaG
sQmQsx1m2ZpPcyuMyPIYo/PSWJZQkV/svV9sdOcBJOG/A9lHx7JgbJTWfFHksnnu
yFh8jNFRN6ao/0135UGTttd5A/9pcoEt+j/TAgMBAAGjggIIMIICBDAdBgNVHQ4E
FgQUMtbfDAaYvehQth49Y9Rf6h6DYHAwHwYDVR0jBBgwFoAUXrjFfXL3lG3XskIF
mSiOyhU8twkwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBgNVHR8EVDBSMFCg
TqBMhkpyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjQv
WHJqRmZYTDNsRzNYc2tJRm1TaU95aFU4dHdrLmNybDBjBggrBgEFBQcBAQRXMFUw
UwYIKwYBBQUHMAKGR3JzeW5jOi8vcnBraS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNE
MDAwMC9YcmpGZlhMM2xHM1hza0lGbVNpT3loVTh0d2suY2VyMA4GA1UdDwEB/wQE
AwIHgDCBmwYIKwYBBQUHAQsEgY4wgYswVgYIKwYBBQUHMAuGSnJzeW5jOi8vcnBr
aS5jbm5pYy5jbi9ycGtpL0E5MTYyRTNEMDAwMC82NC9YcmpGZlhMM2xHM1hza0lG
bVNpT3loVTh0d2subWZ0MDEGCCsGAQUFBzANhiVodHRwczovL3Jwa2kuY25uaWMu
Y24vcnJkcC9ub3RpZnkueG1sMBUGCCsGAQUFBwEIAQH/BAYwBKACBQAwIQYIKwYB
BQUHAQcBAf8EEjAQMAYEAgABBQAwBgQCAAIFADANBgkqhkiG9w0BAQsFAAOCAQEA
Zq9pt8pEAZuPIDC6bi7XztDEyT+3mOpm2Am7XABIpLilbzY3mUK0O9SgIBvbi6D7
kYHtPhecHnsZQh4pOh9isYVcmrym93GwNXQ4PXepjfBvOtCxKFeIbujg0/zu1Yyx
dsZbjCqlIM4AB/wtjvnZvR1WfcHUPH/Pt4g0d/lbZwGNAiosz3frNhdGyR1+tN7b
8nZu1PgyzRrj7/dJypkGl1Mqnhv7A+cSzs49QrfuiMqqBuDU/RR6I38fcX2p1GVp
ISbLHuf5VK3aOOOxw8lCUF2HKB3lWFH5j1eXvTRXJ3TWXSukEKWFosnNeKWZ6wmS
hROf7TBzpoibAPejjhwWRg==
-----END CERTIFICATE-----
Generated at Fri Jul 4 09:28:13 2025 by rpki-client