Manifest

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/2329/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.mft
File:                     7BDJNFV1nGWdK7gZ-wf_cGPOzDI.mft (raw, json)
Hash identifier:          oEwcpdwGNZbCGvy2/RLHaKaDNHAGJK2AC/HMGbDz/3g=
Subject key identifier:   84:B2:46:AC:88:B2:39:A0:6B:33:57:4C:E0:F4:1B:77:81:94:AA:21
Authority key identifier: EC:10:C9:34:55:75:9C:65:9D:2B:B8:19:FB:07:FF:70:63:CE:CC:32
Certificate issuer:       /CN=EC10C93455759C659D2BB819FB07FF7063CECC32
Certificate serial:       1D5C
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.mft
Manifest number:          1D2A
Signing time:             Sat 29 Mar 2025 10:32:20 +0000
Manifest this update:     Sat 29 Mar 2025 10:32:20 +0000
Manifest next update:     Sat 29 Mar 2025 16:32:20 +0000
Files and hashes:         1: 7BDJNFV1nGWdK7gZ-wf_cGPOzDI.crl (hash: JSIiSCbwQ+O72SNMCroqKX33siIePhzRpXHVcWOeVaQ=)
                          2: NUkHOx0MM_UhSf4mXaEd7TlPWEE.roa (hash: mX8XLeO+zszvnK60l0trG+zbEKC3ubHM+ob7incrUTg=)
                          3: NfW9ixqx7VgotkkSnHgDKsh9dMY.roa (hash: Kie2q3O8eSHwiR0YzejrLsyQsmYHNodx8EF7zb/LMb0=)
                          4: S08gk3iwLLEpMcj1QO7K4KhStgU.roa (hash: yOf9iY1WMYzrbZrzaW1zGaZqbmiHAxIWjmbN/VW8KO8=)
                          5: SnwzkyZwfLVEJiP7wGX50bglsyU.roa (hash: Es9/z1r/+Fywv8gJgfUxwAGY0kCQtfSuFzlK9mwSc3I=)
                          6: a5VjISKzB5OHVPbIcpAmzw2vVVY.roa (hash: IbL8QfOTW3H+VPdlptYPq13rZd+vhPVLsoo3KN+W6PE=)
                          7: dNK-t-rgPXrn6eHRDfAxg535HMU.roa (hash: dIyzfQT0ryWEJXRFD6QWEqQEAS+y7x62ixhfYBY5SMQ=)
                          8: jhEg6HuRZNTrgrJYUd5elMT5s9c.roa (hash: sWbzhWThXRWbF9GlffFSK1iZraf+0A95K++Of9ZD/lk=)
                          9: o_oAkdJTg2XeO1GwIypjLQPXohM.roa (hash: 4/5vSj9d5XDVtoHiWhC8a+MOhwVdu7cs1BRGxj4luCs=)
                          10: tOrFct_T2uf3YfTFAUqLYVfWzos.roa (hash: 1joSZa7uWWmp1eUI7gk+vcbJECdoLlixcSZdzkjVXik=)
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7516 (0x1d5c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EC10C93455759C659D2BB819FB07FF7063CECC32
        Validity
            Not Before: Mar 29 10:32:20 2025 GMT
            Not After : Sep 27 02:40:14 2025 GMT
        Subject: CN=84B246AC88B239A06B33574CE0F41B778194AA21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d4:83:33:f7:e8:35:66:fc:41:d5:38:bf:41:
                    50:d3:bc:85:e9:5e:f3:30:72:7e:b2:f6:ee:16:86:
                    9f:78:74:fe:c0:32:1b:6c:80:33:2f:38:7e:28:9e:
                    b3:f8:13:f4:ee:0a:bc:9c:b6:65:ea:b6:61:2a:8d:
                    0f:f6:53:c3:ce:74:e5:24:43:1a:29:32:28:28:9d:
                    d8:fe:11:6b:12:4c:d0:6b:e7:81:65:c3:d5:64:9f:
                    f5:9e:0a:1e:66:94:09:c8:9f:2a:46:fb:1e:b3:22:
                    be:84:dd:bd:ec:64:b7:2e:cf:c8:de:80:d9:f8:db:
                    6e:45:aa:93:98:ec:ec:31:2d:7d:38:c5:2c:02:08:
                    fe:ca:c5:46:8e:ce:3c:9f:90:be:bc:f7:e5:0b:fe:
                    d6:48:2c:22:90:ef:3c:fb:da:e3:6f:4c:09:0f:83:
                    e6:d1:5c:cb:cd:75:30:88:3c:c6:04:1b:e0:c9:83:
                    51:79:ef:07:77:f8:81:13:b6:86:1f:80:d2:21:f8:
                    67:3a:0b:55:9f:d5:bc:93:9b:b6:45:c1:e8:b9:1f:
                    0d:8e:32:ce:f9:f9:b9:e7:2b:e1:72:14:8c:dc:b7:
                    c0:90:02:fd:0f:5c:23:7d:ae:07:b9:8d:51:9d:0a:
                    4b:7c:c5:f7:ca:9e:a0:a1:96:ce:b3:34:46:80:6c:
                    12:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B2:46:AC:88:B2:39:A0:6B:33:57:4C:E0:F4:1B:77:81:94:AA:21
            X509v3 Authority Key Identifier:
                keyid:EC:10:C9:34:55:75:9C:65:9D:2B:B8:19:FB:07:FF:70:63:CE:CC:32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2329/7BDJNFV1nGWdK7gZ-wf_cGPOzDI.mft
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

    Signature Algorithm: sha256WithRSAEncryption
         b4:36:0a:b5:b2:94:b0:b6:62:94:2f:5f:80:4e:ad:2f:d3:22:
         68:3c:f5:1e:ba:61:5b:8d:f7:c9:6e:41:e7:2d:3d:fe:61:31:
         54:5f:53:0c:b2:5d:9f:28:fb:03:e0:93:d1:f8:70:4c:9f:f7:
         ca:bf:77:7f:db:18:bd:1f:2f:af:c1:7e:a2:45:05:b1:cd:81:
         07:a4:77:47:48:68:d9:f5:d9:83:da:e7:51:00:cd:66:de:a0:
         2d:1b:6a:24:ab:26:c0:c9:9f:b0:55:ae:7b:e3:33:9f:07:09:
         c7:69:6e:44:a2:c5:49:0f:d4:55:d8:af:7e:b6:45:22:65:36:
         63:4f:d3:5a:ad:09:b4:29:5f:21:dd:14:6e:7f:f2:7d:f9:6e:
         2a:07:9c:62:07:cb:95:e6:77:01:a2:8b:b6:a5:01:af:7a:d4:
         30:c3:06:e0:04:8f:b5:67:96:3a:7b:bb:c2:98:b7:1a:58:7e:
         a8:2b:91:f8:52:8e:10:d4:9c:36:d0:06:0e:16:88:1c:d8:8c:
         a1:fa:71:9f:dc:c0:b5:cc:18:0a:51:bc:cc:a8:77:62:38:68:
         5c:51:9d:96:e9:0e:17:69:9a:4e:1b:cc:8a:71:13:58:45:74:
         27:fb:07:e9:40:90:4b:08:aa:88:39:7a:d1:78:df:c2:dd:94:
         a0:97:de:0c
-----BEGIN CERTIFICATE-----
MIIE8DCCA9igAwIBAgICHVwwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoRUMx
MEM5MzQ1NTc1OUM2NTlEMkJCODE5RkIwN0ZGNzA2M0NFQ0MzMjAeFw0yNTAzMjkx
MDMyMjBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKDg0QjI0NkFDODhCMjM5
QTA2QjMzNTc0Q0UwRjQxQjc3ODE5NEFBMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCw1IMz9+g1ZvxB1Ti/QVDTvIXpXvMwcn6y9u4Whp94dP7AMhts
gDMvOH4onrP4E/TuCryctmXqtmEqjQ/2U8POdOUkQxopMigondj+EWsSTNBr54Fl
w9Vkn/WeCh5mlAnInypG+x6zIr6E3b3sZLcuz8jegNn4225FqpOY7OwxLX04xSwC
CP7KxUaOzjyfkL689+UL/tZILCKQ7zz72uNvTAkPg+bRXMvNdTCIPMYEG+DJg1F5
7wd3+IETtoYfgNIh+Gc6C1Wf1byTm7ZFwei5Hw2OMs75+bnnK+FyFIzct8CQAv0P
XCN9rge5jVGdCkt8xffKnqChls6zNEaAbBJ/AgMBAAGjggIMMIICCDAdBgNVHQ4E
FgQUhLJGrIiyOaBrM1dM4PQbd4GUqiEwHwYDVR0jBBgwFoAU7BDJNFV1nGWdK7gZ
+wf/cGPOzDIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMjMy
OS83QkRKTkZWMW5HV2RLN2daLXdmX2NHUE96REkuY3JsMGMGCCsGAQUFBwEBBFcw
VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF
M0QwMDAwLzdCREpORlYxbkdXZEs3Z1otd2ZfY0dQT3pESS5jZXIwDgYDVR0PAQH/
BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y
cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzIzMjkvN0JESk5GVjFuR1dk
SzdnWi13Zl9jR1BPekRJLm1mdDAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu
bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAVBggrBgEFBQcBCAEB/wQGMASgAgUAMCEG
CCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAwDQYJKoZIhvcNAQELBQAD
ggEBALQ2CrWylLC2YpQvX4BOrS/TImg89R66YVuN98luQectPf5hMVRfUwyyXZ8o
+wPgk9H4cEyf98q/d3/bGL0fL6/BfqJFBbHNgQekd0dIaNn12YPa51EAzWbeoC0b
aiSrJsDJn7BVrnvjM58HCcdpbkSixUkP1FXYr362RSJlNmNP01qtCbQpXyHdFG5/
8n35bioHnGIHy5XmdwGii7alAa961DDDBuAEj7Vnljp7u8KYtxpYfqgrkfhSjhDU
nDbQBg4WiBzYjKH6cZ/cwLXMGApRvMyod2I4aFxRnZbpDhdpmk4bzIpxE1hFdCf7
B+lAkEsIqog5etF438LdlKCX3gw=
-----END CERTIFICATE-----