$ rpki-client -vvf rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft File: cq-668ns3aLu0tSbE-YEjqPkHmA.mft (raw, json) Hash identifier: YCw9IQKze11RjHF0CuIBtvBAW4b3XckIJMLfG8GHcTE= Subject key identifier: AE:6A:F5:CB:29:FD:17:49:C5:C9:FE:EE:85:02:56:32:9C:A0:4B:E9 Authority key identifier: 72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60 Certificate issuer: /CN=A91FDD4D/serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60 Certificate serial: 21FF Authority info access: rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer Subject info access: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft Manifest number: 21C4 Signing time: Tue 04 Nov 2025 16:00:44 +0000 Manifest this update: Tue 04 Nov 2025 16:00:44 +0000 Manifest next update: Tue 11 Nov 2025 16:00:44 +0000 Files and hashes: 1: cq-668ns3aLu0tSbE-YEjqPkHmA.crl (hash: ABwk3FK5zabINHDnvgHgbj4Dp3BajdNFB7xJxXrSpds=) 2: E50E6E14B63411EDB4416786C4F9AE02.roa (hash: FmtBKEomkwEsg09oOugyzChandkcrHCKNwzoO1agNsg=) 3: E9DE96C44C3611EEA9D59630C4F9AE02.roa (hash: PC1UpxkrsO/0WXvqCVPit0ma41SpwfY7b5bjQTzVpWQ=) 4: 0F0824DED28311EDB1655152C4F9AE02.roa (hash: dz1GvojNAIHZyqW3h8Y6bP+YBH4Rk6bXASQ1x7rYr58=) 5: AB9E7432714911EEBF95153CC4F9AE02.roa (hash: lgOGf6vXQs55zxCogd+pRQs87jNu5Yd5pLF5QPR8QMk=) 6: 1C628A90671411EEA0040661C4F9AE02.roa (hash: CTvIhXrCtBos/LVoBMmH2P68ViNfFaDxoAYBDmOA96g=) 7: EEFB07CCB8A311ED8F694046C4F9AE02.roa (hash: cgIrr8o9jTXMbYMAZf1J8wAI/DfnpUQHzKHIr7ZgI6c=) 8: 0FB07E54D28311EDB1655152C4F9AE02.roa (hash: V6pTdi9Go4VZBEN3XXIn2lnRjqLUf2zngAhmgO8tgA0=) Validation: OK Signature path: rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Tue 11 Nov 2025 16:00:43 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8703 (0x21ff) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=A91FDD4D, serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60 Validity Not Before: Nov 4 16:00:44 2025 GMT Not After : Nov 11 16:00:44 2025 GMT Subject: CN=690a232c-d0d9 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e9:70:ad:81:0b:6e:45:cc:28:b3:30:8f:5c:1b: 30:92:f1:af:89:24:ef:0e:42:1e:e5:c4:36:11:2b: 87:5d:eb:0d:21:ef:62:d5:51:63:a3:30:2c:cd:35: 69:49:cf:36:8f:4f:e2:c6:e3:09:09:ab:0a:b7:2a: ce:6b:03:1f:79:b6:de:36:94:ac:57:1d:53:91:32: 46:98:c5:7b:fb:fa:3e:c3:5f:4f:0e:30:78:dd:dc: 40:cc:04:b6:03:03:34:6e:bd:35:8c:6c:e9:e7:aa: 45:f8:ba:f7:f8:03:7f:49:11:23:7c:6f:2d:6f:90: 6a:15:88:99:55:b3:4f:3f:c1:1a:76:30:87:02:68: 3f:c8:af:66:7c:8c:b0:2d:6b:e7:f8:12:41:7a:85: 8e:28:99:d7:ce:90:35:80:cc:74:0c:6e:ca:f5:00: 45:d9:c7:fb:15:fc:f5:06:d2:78:95:6f:8e:74:5b: 94:48:4e:9d:b5:2f:31:d9:c1:d3:28:76:40:4f:a0: cc:66:1e:9d:d8:9d:56:ba:1f:59:1b:50:48:c5:a0: 22:31:3a:18:d1:ab:57:e9:59:f8:31:88:ce:41:d4: 08:5d:d9:c5:01:fa:28:bf:cd:62:71:29:17:24:4d: a3:a6:00:e2:9e:d1:c8:e7:15:8f:9b:a2:77:75:57: ea:e9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: AE:6A:F5:CB:29:FD:17:49:C5:C9:FE:EE:85:02:56:32:9C:A0:4B:E9 X509v3 Authority Key Identifier: keyid:72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60 X509v3 Key Usage: critical Digital Signature X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl Authority Information Access: CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer X509v3 Certificate Policies: critical Policy: ipAddr-asNumber CPS: https://www.apnic.net/RPKI/CPS.pdf Subject Information Access: Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft RPKI Notify - URI:https://rrdp.apnic.net/notification.xml sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit Signature Algorithm: sha256WithRSAEncryption 91:41:83:14:41:f9:57:f0:9d:a5:ef:d9:96:ec:61:0e:fa:9a: f6:be:92:e5:a6:59:a5:8a:00:73:90:c0:fa:9c:af:5e:d7:c8: 82:94:93:cd:f9:ff:c6:46:c0:3c:24:5a:40:b2:15:40:63:ca: 87:98:2b:0d:ce:e2:af:e4:0d:ed:af:dc:7f:d8:64:ab:32:5d: 78:c6:32:d9:70:e0:aa:ec:6a:65:b9:8b:b6:b3:0f:5f:b9:45: eb:24:11:66:fc:db:a2:09:03:6e:67:2e:0f:15:4f:3d:fe:eb: f8:be:eb:b5:f0:72:83:fc:04:fb:81:1e:9d:15:28:fe:cb:0b: 23:6a:54:bf:1a:cb:85:7f:95:2e:1a:08:58:15:ef:50:38:93: a8:07:50:4c:04:1a:ce:14:28:db:c1:28:0d:f6:68:7a:2a:d7: 00:c1:bf:f1:0e:81:fe:50:9b:b2:ed:3e:c1:fc:b8:0d:bc:f7: 72:36:8f:bd:89:9f:0d:20:8b:be:65:31:c2:93:b7:a6:55:8a: ab:cc:b1:2e:12:94:e6:cb:a2:45:f2:1f:99:e1:84:fb:c0:5a: 00:e8:a2:a4:a5:06:b7:90:29:3b:d2:27:dc:32:6a:ae:31:91: fe:44:65:33:1d:20:0f:42:ba:d3:83:9d:2d:0d:20:64:ad:f1: b2:c0:bb:50 -----BEGIN CERTIFICATE----- MIIFhDCCBGygAwIBAgICIf8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx RkRENEQxMTAvBgNVBAUTKDcyQUZCQUVCQzlFQ0REQTJFRUQyRDQ5QjEzRTYwNDhF QTNFNDFFNjAwHhcNMjUxMTA0MTYwMDQ0WhcNMjUxMTExMTYwMDQ0WjAYMRYwFAYD VQQDEw02OTBhMjMyYy1kMGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA6XCtgQtuRcwoszCPXBswkvGviSTvDkIe5cQ2ESuHXesNIe9i1VFjozAszTVp Sc82j0/ixuMJCasKtyrOawMfebbeNpSsVx1TkTJGmMV7+/o+w19PDjB43dxAzAS2 AwM0br01jGzp56pF+Lr3+AN/SREjfG8tb5BqFYiZVbNPP8EadjCHAmg/yK9mfIyw LWvn+BJBeoWOKJnXzpA1gMx0DG7K9QBF2cf7Ffz1BtJ4lW+OdFuUSE6dtS8x2cHT KHZAT6DMZh6d2J1Wuh9ZG1BIxaAiMToY0atX6Vn4MYjOQdQIXdnFAfoov81icSkX JE2jpgDintHI5xWPm6J3dVfq6QIDAQABo4ICqDCCAqQwHQYDVR0OBBYEFK5q9csp /RdJxcn+7oUCVjKcoEvpMB8GA1UdIwQYMBaAFHKvuuvJ7N2i7tLUmxPmBI6j5B5g MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGREQ0RC9CQUUxMDhDNEVB NjAxMUU1ODgxNTc3MENDNEY5QUUwMi9jcS02NjhuczNhTHUwdFNiRS1ZRWpxUGtI bUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy RkQxRkYyL2NxLTY2OG5zM2FMdTB0U2JFLVlFanFQa0htQS5jZXIwSgYDVR0gAQH/ BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p Yy5uZXQvUlBLSS9DUFMucGRmMIHFBggrBgEFBQcBCwSBuDCBtTB+BggrBgEFBQcw C4ZycnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG REQ0RC9CQUUxMDhDNEVBNjAxMUU1ODgxNTc3MENDNEY5QUUwMi9jcS02NjhuczNh THUwdFNiRS1ZRWpxUGtIbUEubWZ0MDMGCCsGAQUFBzANhidodHRwczovL3JyZHAu YXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIF ADAhBggrBgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEB CwUAA4IBAQCRQYMUQflX8J2l79mW7GEO+pr2vpLlplmligBzkMD6nK9e18iClJPN +f/GRsA8JFpAshVAY8qHmCsNzuKv5A3tr9x/2GSrMl14xjLZcOCq7GpluYu2sw9f uUXrJBFm/NuiCQNuZy4PFU89/uv4vuu18HKD/AT7gR6dFSj+ywsjalS/GsuFf5Uu GghYFe9QOJOoB1BMBBrOFCjbwSgN9mh6KtcAwb/xDoH+UJuy7T7B/LgNvPdyNo+9 iZ8NIIu+ZTHCk7emVYqrzLEuEpTmy6JF8h+Z4YT7wFoA6KKkpQa3kCk70ifcMmqu MZH+RGUzHSAPQrrTg50tDSBkrfGywLtQ -----END CERTIFICATE-----Generated at Tue Nov 4 19:10:51 2025 by rpki-client