$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft File: 2pk_5cBP-fIsUmJjC-w39bOngoU.mft (raw, json) Hash identifier: Ta9cfrwV4CJwCNOBlypH5ZGGfLTUZTAF1o/GmrcOx5g= Subject key identifier: A8:88:0B:2E:BD:F5:35:B0:D8:D6:3A:56:23:8B:F3:8A:43:E9:A1:B7 Authority key identifier: DA:99:3F:E5:C0:4F:F9:F2:2C:52:62:63:0B:EC:37:F5:B3:A7:82:85 Certificate issuer: /CN=DA993FE5C04FF9F22C5262630BEC37F5B3A78285 Certificate serial: 1AA1 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2pk_5cBP-fIsUmJjC-w39bOngoU.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft Manifest number: 1A8B Signing time: Thu 05 Mar 2026 19:00:56 +0000 Manifest this update: Thu 05 Mar 2026 19:00:56 +0000 Manifest next update: Fri 06 Mar 2026 01:00:56 +0000 Files and hashes: 1: 2pk_5cBP-fIsUmJjC-w39bOngoU.crl (hash: K0pD22JhLYEXEmfgNg3VOZg9gMgpXFi6BGTIuxD+LKo=) 2: HvfqDy2hGJa-tDVDeSqEuKF3dN0.roa (hash: 2Jp6mxuujCuZIIC04F/ARmPj+su7hSsGSy1xTvc4+Qs=) 3: KQ-H06YzPy6rV4AqzFO-X8dibgw.roa (hash: /RpjV4HoINs3B8RP//omgR12bSPllVR3bfI79qOU30M=) 4: TpvO5vdeHWVXhGkTKjH84ly_vIU.roa (hash: +f0nHjtb5Rj8798V2ToE4hnOduYhYnSw9Um3wGP6CoI=) 5: l_MfvNTnzBZLPKSnaEcPlRuQYkE.roa (hash: g1JlaWRQx7eY93533lfTF3SPZVWvPqSI3xpvRqNIF7o=) 6: oNvneKkprq7Fup3AehiZivYiGcQ.roa (hash: WduhKcWHW4jd8W/irOIfT6Xtxvc/1kytp2QLDcGjP7I=) 7: wZLHpcvHrGz3tUiBMnBI6rIckCQ.roa (hash: 89jr9Ewq1iuL05K8GgrpOrKlq+vnC4Iu0FosUDNQP4g=) Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2pk_5cBP-fIsUmJjC-w39bOngoU.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Thu 05 Mar 2026 23:29:44 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 6817 (0x1aa1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=DA993FE5C04FF9F22C5262630BEC37F5B3A78285 Validity Not Before: Mar 5 19:00:56 2026 GMT Not After : Jan 9 08:23:18 2027 GMT Subject: CN=A8880B2EBDF535B0D8D63A56238BF38A43E9A1B7 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b0:4b:93:49:2e:47:72:6a:d8:85:17:58:f7:df: 75:ba:e5:b5:14:c5:d9:67:d2:2a:33:aa:cb:09:f4: 33:9c:2e:fc:b8:3b:59:e0:a1:0a:c5:b4:42:b0:2a: 7f:f1:ab:16:58:38:ed:c3:2b:4f:c3:37:8d:b2:5f: 18:d6:59:87:95:ea:d5:1f:cd:b4:8f:6b:d0:e6:d8: fa:97:d7:4c:88:69:80:10:89:36:ae:52:ae:63:57: 0e:59:77:ef:b0:ab:01:fe:fc:cf:90:f9:d3:8e:7d: 37:2c:6a:a3:cf:c7:df:09:93:11:70:a2:f7:41:31: 53:04:d8:70:c3:f7:3e:14:d0:3a:4a:15:3f:6f:ff: 03:af:f6:5e:1f:a5:c3:d7:0f:e9:c6:ed:a1:be:e8: 7a:97:9a:d5:6a:75:96:e8:29:23:f3:87:2a:0a:9c: d6:8f:aa:95:ed:e7:d6:e7:2d:c7:16:d9:59:93:3d: 05:14:a4:e2:06:d1:c9:30:ae:d2:b3:19:b3:1b:2b: 57:1c:77:67:d7:13:e2:ee:9f:71:d3:b6:66:1b:9c: 73:7c:d5:8a:c2:a6:9a:ec:ef:e7:ce:8f:4d:6f:cb: bd:81:cc:93:82:3d:61:ab:61:dd:77:83:2e:8d:2d: 9b:07:d5:0d:13:3f:19:e6:e5:fe:84:0b:a1:2b:6d: a7:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A8:88:0B:2E:BD:F5:35:B0:D8:D6:3A:56:23:8B:F3:8A:43:E9:A1:B7 X509v3 Authority Key Identifier: keyid:DA:99:3F:E5:C0:4F:F9:F2:2C:52:62:63:0B:EC:37:F5:B3:A7:82:85 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2pk_5cBP-fIsUmJjC-w39bOngoU.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/654/2pk_5cBP-fIsUmJjC-w39bOngoU.mft RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit Signature Algorithm: sha256WithRSAEncryption 47:85:9d:fb:56:39:31:6b:7d:0a:6c:cf:38:91:4c:8d:f0:7b: 40:61:4a:7b:4a:df:18:99:6d:87:28:90:41:55:f2:6d:43:c9: 27:b4:51:c1:1e:bb:92:9d:75:e9:a6:36:91:80:b2:0e:cd:1d: 33:b9:fe:8f:ec:4d:ed:89:61:3a:da:69:d7:a8:a7:b6:44:fe: 22:f6:1a:02:bc:a8:98:32:58:0c:df:b8:2b:44:e0:da:ac:2b: 1a:c0:27:9f:36:9b:e2:52:65:c9:d4:ab:53:18:85:00:a2:c6: 23:4a:b4:6f:b1:33:b9:b6:53:63:67:09:2c:6a:d5:82:c9:92: aa:45:54:88:6f:c1:41:fc:46:50:6e:c5:77:5e:ea:52:bf:81: 1f:9a:bf:ea:1f:16:6e:3b:d7:fc:7e:68:66:20:da:1a:b4:f3: c7:8c:9d:43:9c:07:7b:28:a3:8d:a4:20:eb:1e:45:9d:db:9b: 2b:51:b4:0a:24:e1:0c:2a:3b:51:84:f2:36:fc:84:90:58:c5: 42:51:37:08:ae:50:62:20:8b:a4:61:69:a1:be:37:bd:eb:00: 8a:c2:86:93:56:0e:6b:68:7d:c0:f8:50:ae:47:e0:a7:f8:85: cd:5b:d1:e6:4f:d2:8b:ec:37:c9:97:93:29:2d:81:f6:5d:30: 91:dd:f4:3e -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgICGqEwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoREE5 OTNGRTVDMDRGRjlGMjJDNTI2MjYzMEJFQzM3RjVCM0E3ODI4NTAeFw0yNjAzMDUx OTAwNTZaFw0yNzAxMDkwODIzMThaMDMxMTAvBgNVBAMTKEE4ODgwQjJFQkRGNTM1 QjBEOEQ2M0E1NjIzOEJGMzhBNDNFOUExQjcwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCwS5NJLkdyatiFF1j333W65bUUxdln0iozqssJ9DOcLvy4O1ng oQrFtEKwKn/xqxZYOO3DK0/DN42yXxjWWYeV6tUfzbSPa9Dm2PqX10yIaYAQiTau Uq5jVw5Zd++wqwH+/M+Q+dOOfTcsaqPPx98JkxFwovdBMVME2HDD9z4U0DpKFT9v /wOv9l4fpcPXD+nG7aG+6HqXmtVqdZboKSPzhyoKnNaPqpXt59bnLccW2VmTPQUU pOIG0ckwrtKzGbMbK1ccd2fXE+Lun3HTtmYbnHN81YrCpprs7+fOj01vy72BzJOC PWGrYd13gy6NLZsH1Q0TPxnm5f6EC6ErbaeVAgMBAAGjggIKMIICBjAdBgNVHQ4E FgQUqIgLLr31NbDY1jpWI4vzikPpobcwHwYDVR0jBBgwFoAU2pk/5cBP+fIsUmJj C+w39bOngoUwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjU0 LzJwa181Y0JQLWZJc1VtSmpDLXczOWJPbmdvVS5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvMnBrXzVjQlAtZklzVW1KakMtdzM5Yk9uZ29VLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNjU0LzJwa181Y0JQLWZJc1Vt SmpDLXczOWJPbmdvVS5tZnQwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIFADAhBggr BgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEBCwUAA4IB AQBHhZ37Vjkxa30KbM84kUyN8HtAYUp7St8YmW2HKJBBVfJtQ8kntFHBHruSnXXp pjaRgLIOzR0zuf6P7E3tiWE62mnXqKe2RP4i9hoCvKiYMlgM37grRODarCsawCef NpviUmXJ1KtTGIUAosYjSrRvsTO5tlNjZwksatWCyZKqRVSIb8FB/EZQbsV3XupS v4Efmr/qHxZuO9f8fmhmINoatPPHjJ1DnAd7KKONpCDrHkWd25srUbQKJOEMKjtR hPI2/ISQWMVCUTcIrlBiIIukYWmhvje96wCKwoaTVg5raH3A+FCuR+Cn+IXNW9Hm T9KL7DfJl5MpLYH2XTCR3fQ+ -----END CERTIFICATE-----Generated at Thu Mar 5 22:06:21 2026 by rpki-client