$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft File: 2pk_5cBP-fIsUmJjC-w39bOngoU.mft (raw, json) Hash identifier: vJriL573+1yUIhfb5QR5bSFOHqVvivLk8jjYoYpYm9o= Subject key identifier: A8:88:0B:2E:BD:F5:35:B0:D8:D6:3A:56:23:8B:F3:8A:43:E9:A1:B7 Authority key identifier: DA:99:3F:E5:C0:4F:F9:F2:2C:52:62:63:0B:EC:37:F5:B3:A7:82:85 Certificate issuer: /CN=DA993FE5C04FF9F22C5262630BEC37F5B3A78285 Certificate serial: 1800 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2pk_5cBP-fIsUmJjC-w39bOngoU.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft Manifest number: 17EA Signing time: Mon 20 Oct 2025 12:06:20 +0000 Manifest this update: Mon 20 Oct 2025 12:06:20 +0000 Manifest next update: Mon 20 Oct 2025 18:06:20 +0000 Files and hashes: 1: 2pk_5cBP-fIsUmJjC-w39bOngoU.crl (hash: iXbroCLqE06l1rGNokOEB6X9LI3TVVyUr8oF9KeR5YM=) 2: HvfqDy2hGJa-tDVDeSqEuKF3dN0.roa (hash: 2Jp6mxuujCuZIIC04F/ARmPj+su7hSsGSy1xTvc4+Qs=) 3: KQ-H06YzPy6rV4AqzFO-X8dibgw.roa (hash: /RpjV4HoINs3B8RP//omgR12bSPllVR3bfI79qOU30M=) 4: TpvO5vdeHWVXhGkTKjH84ly_vIU.roa (hash: +f0nHjtb5Rj8798V2ToE4hnOduYhYnSw9Um3wGP6CoI=) 5: l_MfvNTnzBZLPKSnaEcPlRuQYkE.roa (hash: g1JlaWRQx7eY93533lfTF3SPZVWvPqSI3xpvRqNIF7o=) 6: oNvneKkprq7Fup3AehiZivYiGcQ.roa (hash: WduhKcWHW4jd8W/irOIfT6Xtxvc/1kytp2QLDcGjP7I=) 7: wZLHpcvHrGz3tUiBMnBI6rIckCQ.roa (hash: 89jr9Ewq1iuL05K8GgrpOrKlq+vnC4Iu0FosUDNQP4g=) Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2pk_5cBP-fIsUmJjC-w39bOngoU.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Mon 20 Oct 2025 18:06:20 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 6144 (0x1800) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=DA993FE5C04FF9F22C5262630BEC37F5B3A78285 Validity Not Before: Oct 20 12:06:20 2025 GMT Not After : Aug 3 08:44:40 2026 GMT Subject: CN=A8880B2EBDF535B0D8D63A56238BF38A43E9A1B7 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b0:4b:93:49:2e:47:72:6a:d8:85:17:58:f7:df: 75:ba:e5:b5:14:c5:d9:67:d2:2a:33:aa:cb:09:f4: 33:9c:2e:fc:b8:3b:59:e0:a1:0a:c5:b4:42:b0:2a: 7f:f1:ab:16:58:38:ed:c3:2b:4f:c3:37:8d:b2:5f: 18:d6:59:87:95:ea:d5:1f:cd:b4:8f:6b:d0:e6:d8: fa:97:d7:4c:88:69:80:10:89:36:ae:52:ae:63:57: 0e:59:77:ef:b0:ab:01:fe:fc:cf:90:f9:d3:8e:7d: 37:2c:6a:a3:cf:c7:df:09:93:11:70:a2:f7:41:31: 53:04:d8:70:c3:f7:3e:14:d0:3a:4a:15:3f:6f:ff: 03:af:f6:5e:1f:a5:c3:d7:0f:e9:c6:ed:a1:be:e8: 7a:97:9a:d5:6a:75:96:e8:29:23:f3:87:2a:0a:9c: d6:8f:aa:95:ed:e7:d6:e7:2d:c7:16:d9:59:93:3d: 05:14:a4:e2:06:d1:c9:30:ae:d2:b3:19:b3:1b:2b: 57:1c:77:67:d7:13:e2:ee:9f:71:d3:b6:66:1b:9c: 73:7c:d5:8a:c2:a6:9a:ec:ef:e7:ce:8f:4d:6f:cb: bd:81:cc:93:82:3d:61:ab:61:dd:77:83:2e:8d:2d: 9b:07:d5:0d:13:3f:19:e6:e5:fe:84:0b:a1:2b:6d: a7:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A8:88:0B:2E:BD:F5:35:B0:D8:D6:3A:56:23:8B:F3:8A:43:E9:A1:B7 X509v3 Authority Key Identifier: keyid:DA:99:3F:E5:C0:4F:F9:F2:2C:52:62:63:0B:EC:37:F5:B3:A7:82:85 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2pk_5cBP-fIsUmJjC-w39bOngoU.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit Signature Algorithm: sha256WithRSAEncryption 1e:78:fc:c7:c1:fc:30:b0:30:ea:ff:68:f1:3c:45:9c:14:48: 55:23:e3:da:d6:35:58:fe:2f:95:f6:69:33:04:27:bc:c8:ad: 5d:6a:c0:de:cc:70:e9:20:57:70:8a:09:7c:31:f4:1a:72:f4: 94:5e:59:1c:4e:d7:2b:60:cb:f5:65:e7:98:63:a8:60:62:36: ee:df:49:76:b0:83:99:10:99:f7:8e:c9:0e:ae:d3:a9:e6:d1: f5:2e:20:d2:d9:c9:ad:4d:0d:9c:08:01:cd:b6:f3:d8:0c:20: 4a:69:a7:86:af:5d:25:e6:06:5e:b2:f1:19:46:53:55:f8:7b: 8b:be:08:67:f6:60:22:7a:49:bf:b9:0d:f0:65:2b:d5:b8:06: 9a:39:e7:58:15:c8:5f:b6:54:35:2d:50:af:00:fd:48:12:3a: ec:3c:5b:4f:19:c3:e4:5b:ce:7d:ea:65:a0:a1:f6:62:bb:e7: 72:f1:a7:ff:aa:6c:ce:09:71:be:4f:ad:24:46:c4:b9:a7:95: 9d:28:c6:c8:50:d4:3d:ac:cf:4e:35:be:2d:13:63:ea:6d:f7: 13:15:d6:c2:93:1a:37:41:9f:9b:b4:42:8e:b1:56:10:25:51: f5:2b:19:29:2d:44:1a:30:71:50:c2:f6:e9:bd:fd:84:76:9f: c6:35:1b:e8 -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgICGAAwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoREE5 OTNGRTVDMDRGRjlGMjJDNTI2MjYzMEJFQzM3RjVCM0E3ODI4NTAeFw0yNTEwMjAx MjA2MjBaFw0yNjA4MDMwODQ0NDBaMDMxMTAvBgNVBAMTKEE4ODgwQjJFQkRGNTM1 QjBEOEQ2M0E1NjIzOEJGMzhBNDNFOUExQjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCwS5NJLkdyatiFF1j333W65bUUxdln0iozqssJ9DOcLvy4O1ng oQrFtEKwKn/xqxZYOO3DK0/DN42yXxjWWYeV6tUfzbSPa9Dm2PqX10yIaYAQiTau Uq5jVw5Zd++wqwH+/M+Q+dOOfTcsaqPPx98JkxFwovdBMVME2HDD9z4U0DpKFT9v /wOv9l4fpcPXD+nG7aG+6HqXmtVqdZboKSPzhyoKnNaPqpXt59bnLccW2VmTPQUU pOIG0ckwrtKzGbMbK1ccd2fXE+Lun3HTtmYbnHN81YrCpprs7+fOj01vy72BzJOC PWGrYd13gy6NLZsH1Q0TPxnm5f6EC6ErbaeVAgMBAAGjggIKMIICBjAdBgNVHQ4E FgQUqIgLLr31NbDY1jpWI4vzikPpobcwHwYDVR0jBBgwFoAU2pk/5cBP+fIsUmJj C+w39bOngoUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjU0 LzJwa181Y0JQLWZJc1VtSmpDLXczOWJPbmdvVS5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvMnBrXzVjQlAtZklzVW1KakMtdzM5Yk9uZ29VLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjU0LzJwa181Y0JQLWZJc1Vt SmpDLXczOWJPbmdvVS5tZnQwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIFADAhBggr BgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEBCwUAA4IB AQAeePzHwfwwsDDq/2jxPEWcFEhVI+Pa1jVY/i+V9mkzBCe8yK1dasDezHDpIFdw igl8MfQacvSUXlkcTtcrYMv1ZeeYY6hgYjbu30l2sIOZEJn3jskOrtOp5tH1LiDS 2cmtTQ2cCAHNtvPYDCBKaaeGr10l5gZesvEZRlNV+HuLvghn9mAiekm/uQ3wZSvV uAaaOedYFchftlQ1LVCvAP1IEjrsPFtPGcPkW8596mWgofZiu+dy8af/qmzOCXG+ T60kRsS5p5WdKMbIUNQ9rM9ONb4tE2PqbfcTFdbCkxo3QZ+btEKOsVYQJVH1Kxkp LUQaMHFQwvbpvf2Edp/GNRvo -----END CERTIFICATE-----Generated at Mon Oct 20 13:42:58 2025 by rpki-client