Manifest
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/119/9VbDqqEAH4ncD87VQ2ohu0_zXXo.mft
File: 9VbDqqEAH4ncD87VQ2ohu0_zXXo.mft (raw, json)
Hash identifier: Ou1Zb/43x+oL2V0TYRCPvg/c/Zn02sirINeJ70LziSw=
Subject key identifier: 77:2D:59:F8:1B:38:8C:AD:C0:60:7D:6B:8A:28:46:03:EF:6E:29:6B
Authority key identifier: F5:56:C3:AA:A1:00:1F:89:DC:0F:CE:D5:43:6A:21:BB:4F:F3:5D:7A
Certificate issuer: /CN=F556C3AAA1001F89DC0FCED5436A21BB4FF35D7A
Certificate serial: 1772
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/9VbDqqEAH4ncD87VQ2ohu0_zXXo.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/119/9VbDqqEAH4ncD87VQ2ohu0_zXXo.mft
Manifest number: 1764
Signing time: Wed 18 Mar 2026 01:00:31 +0000
Manifest this update: Wed 18 Mar 2026 01:00:31 +0000
Manifest next update: Wed 18 Mar 2026 07:00:31 +0000
Files and hashes: 1: 9VbDqqEAH4ncD87VQ2ohu0_zXXo.crl (hash: miDAYOW0B9pxlUQi/jpiDoAZSFXpRDQ5+1cttrPzvr8=)
2: DXjFrf_OgBlIsDSW_d80nxJDYy0.roa (hash: I/0Nk3G2UjpS1Dd3jjRv9K9JPA1+5O1V1YsAJ6efLV0=)
3: Ytt-sZWFeEl7Ag-etQDx2u34_Ek.roa (hash: Am7wWX/+t2PT/KQGXWKB1Li0f65LRNZE2QFYyl/AQmw=)
4: lI9ajDytEBoqP3nY6k07TCbYYw4.roa (hash: LWyUgAWzaJTkzHAy91TtZ1KUB8GaXK9r6LOFEw6+TPE=)
5: uG9LWLpK67qpxjgXRPMAAm6hR9Y.roa (hash: URTxuyS38BOkzq2ChrFnplSe6g+QKSVcXtGhOX6pla8=)
6: v6Faz7VKoqwNwglDNFtgd3H0Nhc.roa (hash: Aq7JCfWo6hLi8NMkcsfakV2tH3kB+NE4WHgBDNgDz3U=)
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6002 (0x1772)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=F556C3AAA1001F89DC0FCED5436A21BB4FF35D7A
Validity
Not Before: Mar 18 01:00:31 2026 GMT
Not After : Jan 9 08:23:18 2027 GMT
Subject: CN=772D59F81B388CADC0607D6B8A284603EF6E296B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:b3:a6:65:9c:e4:3f:1a:f8:4c:65:02:42:d8:
44:71:a7:a6:c2:64:48:59:ca:83:76:f1:7b:1f:f6:
e2:c1:10:9d:c4:35:8f:2c:44:94:72:e2:03:e4:6a:
d5:04:79:5a:59:d1:4b:3e:8e:96:65:7c:0a:2b:64:
95:41:b9:10:fd:30:c9:29:d7:48:a2:64:1c:9d:3c:
57:5b:69:17:43:d8:fc:a5:4b:1e:c6:18:7f:c5:d9:
ce:10:82:cb:d7:4e:ca:b7:de:14:c4:93:7d:ae:b4:
84:02:05:92:7d:9c:05:3d:14:ce:a0:ac:c4:e9:63:
ef:0f:67:ea:24:93:25:4a:9c:b0:d6:3b:5c:ea:4c:
3d:09:d0:4b:d7:83:cd:25:46:d6:a3:0a:19:30:9a:
7c:91:70:5b:78:41:3a:fc:65:bf:93:07:10:fe:9d:
95:db:39:84:d9:86:97:e2:e6:b0:0b:be:87:5a:95:
62:74:4f:ae:c9:ee:de:82:4a:26:81:5a:ca:b5:1f:
af:7f:fc:02:4e:8c:2e:5f:c7:10:4e:9b:70:15:f4:
10:d1:46:d9:1e:bd:ab:19:07:53:79:d6:11:d3:53:
0a:87:e6:03:94:43:c5:46:b3:22:5d:62:d2:6e:b0:
6b:c3:91:6b:96:5a:e8:ec:bc:c1:46:9b:b8:ab:13:
1c:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:2D:59:F8:1B:38:8C:AD:C0:60:7D:6B:8A:28:46:03:EF:6E:29:6B
X509v3 Authority Key Identifier:
keyid:F5:56:C3:AA:A1:00:1F:89:DC:0F:CE:D5:43:6A:21:BB:4F:F3:5D:7A
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/119/9VbDqqEAH4ncD87VQ2ohu0_zXXo.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/9VbDqqEAH4ncD87VQ2ohu0_zXXo.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/119/9VbDqqEAH4ncD87VQ2ohu0_zXXo.mft
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
inherit
sbgp-ipAddrBlock: critical
IPv4: inherit
IPv6: inherit
Signature Algorithm: sha256WithRSAEncryption
3b:27:15:8e:55:3e:d4:91:6f:41:67:c6:cb:e6:96:00:c4:fb:
83:91:88:db:38:bb:44:3f:5f:85:d4:69:39:1c:f2:b3:76:06:
80:48:fa:ea:7c:3f:35:81:73:3d:60:24:e0:4b:fb:3d:71:69:
48:22:26:f2:c5:bd:c1:94:ba:cc:a7:6d:56:a5:9c:6e:53:68:
5a:6c:61:53:db:06:6f:b6:e7:ab:d3:f0:b0:27:4d:52:40:99:
3d:76:0c:87:f4:94:26:3f:65:f6:d4:ef:51:d5:e3:72:d7:c2:
22:e6:fb:cc:78:80:cd:b6:15:34:5e:c4:de:75:00:b6:74:8d:
2d:00:74:7a:6a:7b:a2:96:28:f1:0f:68:bf:9a:8c:82:03:dc:
af:e4:b9:c6:44:42:24:e6:cd:94:c7:39:f4:c8:83:b2:02:2f:
a4:43:e0:a0:3a:5d:0a:df:82:d5:0f:24:30:b7:fe:b2:cb:42:
64:9e:22:30:c5:a7:75:5c:7a:44:bf:b6:1b:f0:1b:18:50:cd:
c1:70:9a:d8:00:73:2d:3e:2b:14:55:38:96:15:8e:c1:05:ed:
64:87:68:d9:99:06:bb:df:3a:fa:04:db:ea:4d:94:0d:b5:4b:
46:8e:1a:50:7d:24:6a:6e:3e:e5:18:d0:d9:f8:bf:ab:8d:af:
e2:f9:5c:4e
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgICF3IwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRjU1
NkMzQUFBMTAwMUY4OURDMEZDRUQ1NDM2QTIxQkI0RkYzNUQ3QTAeFw0yNjAzMTgw
MTAwMzFaFw0yNzAxMDkwODIzMThaMDMxMTAvBgNVBAMTKDc3MkQ1OUY4MUIzODhD
QURDMDYwN0Q2QjhBMjg0NjAzRUY2RTI5NkIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCTs6ZlnOQ/GvhMZQJC2ERxp6bCZEhZyoN28Xsf9uLBEJ3ENY8s
RJRy4gPkatUEeVpZ0Us+jpZlfAorZJVBuRD9MMkp10iiZBydPFdbaRdD2PylSx7G
GH/F2c4QgsvXTsq33hTEk32utIQCBZJ9nAU9FM6grMTpY+8PZ+okkyVKnLDWO1zq
TD0J0EvXg80lRtajChkwmnyRcFt4QTr8Zb+TBxD+nZXbOYTZhpfi5rALvodalWJ0
T67J7t6CSiaBWsq1H69//AJOjC5fxxBOm3AV9BDRRtkevasZB1N51hHTUwqH5gOU
Q8VGsyJdYtJusGvDkWuWWujsvMFGm7irExy9AgMBAAGjggIKMIICBjAdBgNVHQ4E
FgQUdy1Z+Bs4jK3AYH1riihGA+9uKWswHwYDVR0jBBgwFoAU9VbDqqEAH4ncD87V
Q2ohu0/zXXowGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTE5
LzlWYkRxcUVBSDRuY0Q4N1ZRMm9odTBfelhYby5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvOVZiRHFxRUFING5jRDg3VlEyb2h1MF96WFhvLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTE5LzlWYkRxcUVBSDRuY0Q4
N1ZRMm9odTBfelhYby5tZnQwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIFADAhBggr
BgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEBCwUAA4IB
AQA7JxWOVT7UkW9BZ8bL5pYAxPuDkYjbOLtEP1+F1Gk5HPKzdgaASPrqfD81gXM9
YCTgS/s9cWlIIibyxb3BlLrMp21WpZxuU2habGFT2wZvtuer0/CwJ01SQJk9dgyH
9JQmP2X21O9R1eNy18Ii5vvMeIDNthU0XsTedQC2dI0tAHR6anuilijxD2i/moyC
A9yv5LnGREIk5s2Uxzn0yIOyAi+kQ+CgOl0K34LVDyQwt/6yy0JkniIwxad1XHpE
v7Yb8BsYUM3BcJrYAHMtPisUVTiWFY7BBe1kh2jZmQa73zr6BNvqTZQNtUtGjhpQ
fSRqbj7lGNDZ+L+rja/i+VxO
-----END CERTIFICATE-----
Generated at Mon Jun 22 06:36:17 2026 by rpki-client