Manifest
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/1375/OrqLQlIyvliWg5beMqjrWgXuplg.mft
File: OrqLQlIyvliWg5beMqjrWgXuplg.mft (raw, json)
Hash identifier: odyhF8MxLVQkhAcBcpo46Fq+RsANnmvC/fVPo0CMXv4=
Subject key identifier: EE:3D:61:32:5F:A4:15:8F:6D:D8:75:32:51:AA:A0:A4:34:31:9D:AF
Authority key identifier: 3A:BA:8B:42:52:32:BE:58:96:83:96:DE:32:A8:EB:5A:05:EE:A6:58
Certificate issuer: /CN=3ABA8B425232BE58968396DE32A8EB5A05EEA658
Certificate serial: 2151
Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/OrqLQlIyvliWg5beMqjrWgXuplg.cer
Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/OrqLQlIyvliWg5beMqjrWgXuplg.mft
Manifest number: 2145
Signing time: Wed 29 Oct 2025 16:43:20 +0000
Manifest this update: Wed 29 Oct 2025 16:43:20 +0000
Manifest next update: Wed 29 Oct 2025 22:43:20 +0000
Files and hashes: 1: 7rjrvR7t1kwDsuU6ql7O_RYJUpg.roa (hash: PRS/WaIeY/npttmGhULQ+aQehhZu64V2nmOYOUJzpnc=)
2: OrqLQlIyvliWg5beMqjrWgXuplg.crl (hash: b9C6+PnaXpNUKc3httfF1zspRodyyQL1SQRLDXtz1po=)
3: VF1HNjXn8rRBPrqRvcoiMdFDyQ0.roa (hash: HBjMB9aQvQdCkQlD8eVlEFwJpz/H7S9+mAlqlZbs4+s=)
Validation: Failed, CRL has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8529 (0x2151)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ABA8B425232BE58968396DE32A8EB5A05EEA658
Validity
Not Before: Oct 29 16:43:20 2025 GMT
Not After : Oct 23 03:01:03 2026 GMT
Subject: CN=EE3D61325FA4158F6DD8753251AAA0A434319DAF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:4a:bf:c1:b3:f6:44:ba:99:72:56:cb:1f:b3:
33:33:73:4e:03:34:6d:68:51:d4:2e:d3:f3:99:db:
a5:47:b5:52:24:59:1f:31:c9:99:f2:42:a3:78:6b:
29:d6:70:26:97:8c:3d:d1:bf:0c:04:01:6e:72:9f:
9b:41:14:eb:2d:bc:db:b6:ab:ed:2b:5f:1b:a6:f1:
56:0b:6e:15:69:89:4b:3e:1f:d3:ce:ae:90:48:ab:
fd:07:de:04:40:7a:ef:52:20:c2:c1:bd:b8:2e:19:
11:71:82:24:72:ad:09:42:84:cf:0a:ac:7e:6a:f4:
93:5e:20:86:65:82:6a:7a:15:fd:29:8e:59:74:0d:
0f:73:3f:78:d7:3b:11:e6:7c:af:e1:75:1b:58:82:
89:37:b1:c9:6a:b8:11:00:35:25:51:ff:81:2d:9b:
80:d6:88:03:10:90:f7:49:06:81:1f:ca:b1:fc:4c:
29:f1:db:4c:ca:e2:47:0d:52:28:cb:a5:9c:a0:09:
2d:ea:c8:95:1a:a0:bd:2e:93:af:0c:f6:c2:d2:89:
66:bc:0a:82:9d:2b:6d:40:29:8c:68:8b:06:85:7f:
b7:85:1e:05:92:30:d7:7c:86:66:cb:9a:41:a4:52:
7b:e7:f9:ab:be:06:f1:8a:48:85:23:b5:45:f7:6f:
ea:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:3D:61:32:5F:A4:15:8F:6D:D8:75:32:51:AA:A0:A4:34:31:9D:AF
X509v3 Authority Key Identifier:
keyid:3A:BA:8B:42:52:32:BE:58:96:83:96:DE:32:A8:EB:5A:05:EE:A6:58
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/OrqLQlIyvliWg5beMqjrWgXuplg.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/OrqLQlIyvliWg5beMqjrWgXuplg.cer
X509v3 Key Usage: critical
Digital Signature
Subject Information Access:
Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/1375/OrqLQlIyvliWg5beMqjrWgXuplg.mft
RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
inherit
sbgp-ipAddrBlock: critical
IPv4: inherit
IPv6: inherit
Signature Algorithm: sha256WithRSAEncryption
40:73:fb:a4:ca:1c:dc:47:0b:64:55:a4:dc:0d:79:17:2e:54:
72:2f:a4:3d:5e:bd:c6:32:ff:f6:09:bb:b5:d2:2a:30:55:68:
19:6e:cf:ac:3b:b5:17:c7:56:2b:95:5a:95:6c:b7:d9:de:b2:
bd:fd:cc:af:b3:06:b1:03:65:cb:b7:f8:c2:74:f9:45:a9:67:
08:cb:aa:ab:d4:ee:55:be:68:64:81:5b:b6:ae:32:7f:90:13:
eb:b3:ae:ff:3c:42:eb:34:dc:24:72:4b:ec:74:6a:3f:d8:ac:
8e:09:4d:52:3a:5a:f8:5e:e3:37:bb:e6:1b:e9:ec:5a:eb:c4:
a0:25:75:e2:db:9c:84:e0:62:6e:bf:95:68:e8:5e:e1:4e:a7:
ab:07:31:3d:b7:8e:44:b9:68:f4:fa:c4:da:a9:5a:7f:55:9c:
c2:8a:e4:a6:1d:d4:23:31:72:23:be:00:77:e8:b9:41:a4:2f:
fb:36:fa:e0:ae:12:3a:f8:62:ee:45:d1:f9:0d:6e:28:9c:e0:
36:af:b1:26:f1:c0:07:37:7f:f0:f8:7d:2a:3d:95:a9:b2:62:
28:31:d2:75:c5:b5:c8:91:46:3c:72:81:7e:67:43:fa:8c:2b:
ba:34:bf:78:35:2c:c5:0b:c6:ea:6c:96:2b:37:8b:7c:97:42:
ef:38:2e:38
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgICIVEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FC
QThCNDI1MjMyQkU1ODk2ODM5NkRFMzJBOEVCNUEwNUVFQTY1ODAeFw0yNTEwMjkx
NjQzMjBaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKEVFM0Q2MTMyNUZBNDE1
OEY2REQ4NzUzMjUxQUFBMEE0MzQzMTlEQUYwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC8Sr/Bs/ZEuplyVssfszMzc04DNG1oUdQu0/OZ26VHtVIkWR8x
yZnyQqN4aynWcCaXjD3RvwwEAW5yn5tBFOstvNu2q+0rXxum8VYLbhVpiUs+H9PO
rpBIq/0H3gRAeu9SIMLBvbguGRFxgiRyrQlChM8KrH5q9JNeIIZlgmp6Ff0pjll0
DQ9zP3jXOxHmfK/hdRtYgok3sclquBEANSVR/4Etm4DWiAMQkPdJBoEfyrH8TCnx
20zK4kcNUijLpZygCS3qyJUaoL0uk68M9sLSiWa8CoKdK21AKYxoiwaFf7eFHgWS
MNd8hmbLmkGkUnvn+au+BvGKSIUjtUX3b+o3AgMBAAGjggIMMIICCDAdBgNVHQ4E
FgQU7j1hMl+kFY9t2HUyUaqgpDQxna8wHwYDVR0jBBgwFoAUOrqLQlIyvliWg5be
MqjrWgXuplgwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMTM3
NS9PcnFMUWxJeXZsaVdnNWJlTXFqcldnWHVwbGcuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwL09ycUxRbEl5dmxpV2c1YmVNcWpyV2dYdXBsZy5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzEzNzUvT3JxTFFsSXl2bGlX
ZzViZU1xanJXZ1h1cGxnLm1mdDAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAVBggrBgEFBQcBCAEB/wQGMASgAgUAMCEG
CCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAwDQYJKoZIhvcNAQELBQAD
ggEBAEBz+6TKHNxHC2RVpNwNeRcuVHIvpD1evcYy//YJu7XSKjBVaBluz6w7tRfH
ViuVWpVst9nesr39zK+zBrEDZcu3+MJ0+UWpZwjLqqvU7lW+aGSBW7auMn+QE+uz
rv88Qus03CRyS+x0aj/YrI4JTVI6Wvhe4ze75hvp7FrrxKAldeLbnITgYm6/lWjo
XuFOp6sHMT23jkS5aPT6xNqpWn9VnMKK5KYd1CMxciO+AHfouUGkL/s2+uCuEjr4
Yu5F0fkNbiic4DavsSbxwAc3f/D4fSo9lamyYigx0nXFtciRRjxygX5nQ/qMK7o0
v3g1LMULxupslis3i3yXQu84Ljg=
-----END CERTIFICATE-----
Generated at Wed Oct 29 23:03:35 2025 by rpki-client