Manifest

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/cJdlx9TTMfTDasa-NH-mah8CNJA.mft
File:                     cJdlx9TTMfTDasa-NH-mah8CNJA.mft (raw, json)
Hash identifier:          w4nvy2/vxUn7OAUmyjOPOyeGZrOJwnTvc0/sEZNNltU=
Subject key identifier:   68:CB:90:98:DF:F9:5D:83:49:FA:65:97:54:14:B6:C1:72:57:A1:9A
Authority key identifier: 70:97:65:C7:D4:D3:31:F4:C3:6A:C6:BE:34:7F:A6:6A:1F:02:34:90
Certificate issuer:       /CN=A91AE85E/serialNumber=709765C7D4D331F4C36AC6BE347FA66A1F023490
Certificate serial:       34C6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJdlx9TTMfTDasa-NH-mah8CNJA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/cJdlx9TTMfTDasa-NH-mah8CNJA.mft
Manifest number:          3493
Signing time:             Fri 28 Mar 2025 14:18:19 +0000
Manifest this update:     Fri 28 Mar 2025 14:18:18 +0000
Manifest next update:     Fri 04 Apr 2025 14:18:18 +0000
Files and hashes:         1: cJdlx9TTMfTDasa-NH-mah8CNJA.crl (hash: d9gMDw9haPtgCK+nWedYvNK5Uaulxn/l0tuzCIK49k4=)
                          2: 392987D254F611E79DF7E643C4F9AE02.roa (hash: E8L7EMY++G+/jL4fto/6X8FIxPH0nU/qyOAGKr50fbg=)
                          3: 09E2DC32B12B11E59337F35AC4F9AE02.roa (hash: cZP7pPe4Y/msfUjF/3Xl+aRlpqp1LPFsqoN3iYA504I=)
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13510 (0x34c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AE85E
        Validity
            Not Before: Mar 28 14:18:18 2025 GMT
            Not After : Apr  4 14:18:18 2025 GMT
        Subject: CN=67e6afab-01fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:99:1c:a6:3e:aa:0d:b4:4f:89:26:70:b6:
                    34:69:b3:d4:0a:21:9d:5d:58:35:0d:6b:82:b1:b8:
                    c1:5a:a3:13:80:70:12:ac:63:68:f4:ea:1a:6d:39:
                    73:7e:63:7d:46:58:26:62:94:da:d9:78:25:b8:f9:
                    12:cf:8b:0f:54:b8:fb:53:78:fd:79:15:27:ba:ec:
                    9e:92:c3:99:29:37:c0:bb:19:f0:a5:bd:c4:8b:61:
                    00:14:b4:aa:07:54:72:8f:a7:26:cd:ce:fa:3f:77:
                    bf:0e:c1:ca:86:8c:58:da:c6:5c:a1:bc:71:aa:80:
                    30:3f:f2:a0:8c:b5:9e:15:b5:a5:2b:30:67:c5:8a:
                    6b:5c:4a:99:ab:c7:1f:7b:1b:42:f8:ca:1b:fa:6c:
                    c3:70:0c:71:06:0a:d8:0f:e1:37:f7:e9:2a:dd:19:
                    a1:d3:65:7f:dc:ca:45:db:c8:ea:10:88:18:e4:10:
                    b4:c2:57:eb:58:ca:e0:21:8d:2a:e7:b4:9f:b4:19:
                    8a:5c:d8:9e:0c:75:31:e7:92:0f:8d:af:8e:32:e6:
                    38:61:79:8f:44:0c:b4:c5:fd:dd:52:a1:4b:24:12:
                    21:a8:33:e4:2f:90:fb:25:36:08:a2:eb:93:88:82:
                    d8:aa:51:67:d0:c5:3d:c9:80:1d:0a:56:0c:47:f3:
                    46:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:CB:90:98:DF:F9:5D:83:49:FA:65:97:54:14:B6:C1:72:57:A1:9A
            X509v3 Authority Key Identifier:
                keyid:70:97:65:C7:D4:D3:31:F4:C3:6A:C6:BE:34:7F:A6:6A:1F:02:34:90

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/cJdlx9TTMfTDasa-NH-mah8CNJA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJdlx9TTMfTDasa-NH-mah8CNJA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/cJdlx9TTMfTDasa-NH-mah8CNJA.mft
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

    Signature Algorithm: sha256WithRSAEncryption
         4a:84:20:88:fe:c4:00:33:ba:54:6d:54:08:ec:44:f1:a9:2f:
         c1:09:fd:c1:2b:97:3c:7c:d2:a5:c1:06:a9:e7:96:36:c5:a2:
         ee:83:62:1e:c2:3d:a8:24:78:b2:13:db:2a:f8:25:fa:34:2d:
         3d:dc:56:86:cc:49:72:df:57:5b:b0:56:77:70:ee:b9:1a:ac:
         47:42:29:21:03:a3:db:fd:14:9d:a7:bb:44:e1:bc:5e:c5:33:
         1c:f3:b7:85:a9:57:d2:a8:b9:48:ee:bf:f8:e0:db:96:d5:9b:
         57:75:8c:eb:13:0f:66:9b:d2:f0:c7:2a:25:ad:90:e3:1a:2a:
         0b:a9:ae:af:d4:72:8a:80:e5:4a:6d:1a:84:3a:73:1b:27:ab:
         a4:f3:67:ff:46:df:2e:80:34:90:45:53:66:3e:bd:9e:18:e7:
         ce:ee:a4:89:82:16:f1:32:bf:71:71:b4:74:02:56:08:9e:ca:
         20:ba:78:6b:dc:44:c4:16:b8:b7:b3:49:18:a6:3b:79:bf:82:
         fd:0c:73:29:07:04:f7:3f:7f:7c:65:3b:9c:84:ed:9d:33:59:
         35:97:f9:0a:3a:30:4c:82:d5:de:be:cf:b2:1c:0b:f2:e0:5d:
         b7:a2:6c:8c:c9:f1:83:31:c0:c1:14:c3:db:c0:c4:65:90:08:
         55:5f:63:92
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgICNMYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUU4NUUxMTAvBgNVBAUTKDcwOTc2NUM3RDREMzMxRjRDMzZBQzZCRTM0N0ZBNjZB
MUYwMjM0OTAwHhcNMjUwMzI4MTQxODE4WhcNMjUwNDA0MTQxODE4WjAYMRYwFAYD
VQQDEw02N2U2YWZhYi0wMWZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwIGZHKY+qg20T4kmcLY0abPUCiGdXVg1DWuCsbjBWqMTgHASrGNo9OoabTlz
fmN9RlgmYpTa2XgluPkSz4sPVLj7U3j9eRUnuuyeksOZKTfAuxnwpb3Ei2EAFLSq
B1Ryj6cmzc76P3e/DsHKhoxY2sZcobxxqoAwP/KgjLWeFbWlKzBnxYprXEqZq8cf
extC+Mob+mzDcAxxBgrYD+E39+kq3Rmh02V/3MpF28jqEIgY5BC0wlfrWMrgIY0q
57SftBmKXNieDHUx55IPja+OMuY4YXmPRAy0xf3dUqFLJBIhqDPkL5D7JTYIouuT
iILYqlFn0MU9yYAdClYMR/NGvQIDAQABo4ICqDCCAqQwHQYDVR0OBBYEFGjLkJjf
+V2DSfpll1QUtsFyV6GaMB8GA1UdIwQYMBaAFHCXZcfU0zH0w2rGvjR/pmofAjSQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRTg1RS8wQkVEMzUyNjFE
NkUxMUUyQjA0QTYxQUYwOEIwMkNEMi9jSmRseDlUVE1mVERhc2EtTkgtbWFoOENO
SkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NKZGx4OVRUTWZURGFzYS1OSC1tYWg4Q05KQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHFBggrBgEFBQcBCwSBuDCBtTB+BggrBgEFBQcw
C4ZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
RTg1RS8wQkVEMzUyNjFENkUxMUUyQjA0QTYxQUYwOEIwMkNEMi9jSmRseDlUVE1m
VERhc2EtTkgtbWFoOENOSkEubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3JyZHAu
YXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIF
ADAhBggrBgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEB
CwUAA4IBAQBKhCCI/sQAM7pUbVQI7ETxqS/BCf3BK5c8fNKlwQap55Y2xaLug2Ie
wj2oJHiyE9sq+CX6NC093FaGzEly31dbsFZ3cO65GqxHQikhA6Pb/RSdp7tE4bxe
xTMc87eFqVfSqLlI7r/44NuW1ZtXdYzrEw9mm9LwxyolrZDjGioLqa6v1HKKgOVK
bRqEOnMbJ6uk82f/Rt8ugDSQRVNmPr2eGOfO7qSJghbxMr9xcbR0AlYInsogunhr
3ETEFri3s0kYpjt5v4L9DHMpBwT3P398ZTuchO2dM1k1l/kKOjBMgtXevs+yHAvy
4F23omyMyfGDMcDBFMPbwMRlkAhVX2OS
-----END CERTIFICATE-----