Manifest

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
File:                     KnEap9xgBJsLDYhIl-AVsRcfN7k.mft (raw, json)
Hash identifier:          V8VotIv+Hoq2rTQnwuVRfEilLUQ6hGkdyHPW2FUAxG0=
Subject key identifier:   FF:A4:BA:66:D2:94:5D:86:DB:E7:BB:E8:FF:38:6F:D9:B3:2A:52:ED
Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9
Certificate issuer:       /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
Certificate serial:       1FBD
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
Manifest number:          1F4D
Signing time:             Tue 03 Jun 2025 21:09:37 +0000
Manifest this update:     Tue 03 Jun 2025 21:09:37 +0000
Manifest next update:     Wed 04 Jun 2025 03:09:37 +0000
Files and hashes:         1: Cx_PMXrwCzMbeqeFlDPfklmRXzE.roa (hash: sfsnweCmG/jHm5nbrPsozdJRdYLLaS3/WMbJAlYUq4E=)
                          2: KnEap9xgBJsLDYhIl-AVsRcfN7k.crl (hash: JTqBmqTIlzCK46ZIga5Rw+E2xk80jzxXLJWNOUrpwck=)
                          3: LybZbI5zyJ39JstrkEFIrhtylh8.roa (hash: z+mmcbUMAd//4i4kPYabxYduaYkJ6sfVgx+jU46dJGg=)
                          4: M5WxiIlYCW6SZUTRDTbxa2LnzjU.roa (hash: m9tbtocpg4JKbwsMbWXBIPlz4frao3dfUdJHi7zrZgg=)
                          5: S4HbotJRQ5_GhRWt9jAb8IEQHDw.roa (hash: otv2lZAvLzrW3EDlzi9Lnv7aEft9dRekQtock8hNwT0=)
                          6: Yld0PLcu0kDFCM8FFa_e7PUkDBs.roa (hash: Weph8XosCTlgY4xUw8VOwWRpLaXRiZ0P1fwqSL0Cp+s=)
                          7: e-RcNvHXkaYJsLZSaWMpPMFmaZE.roa (hash: NYEeAcBUsCB/ll8/IHHqbGto+nzHjpAiEbkf5GDxZjk=)
                          8: ekrQ2H8Y7kK2OjtlUfog_0LDO9E.roa (hash: UR8yfOSNtZ8AIr4CYZRJyls32R0dt4IjVnP4OTe1F1E=)
                          9: lU4MINnEocHPf7DsLjN6TqQBr9g.roa (hash: nWkWTYJDtFBZOZTTk+NylLr//gEQhbEtZuQsgeEL7No=)
                          10: mZ4wa3h5VnP3HhPa70W14S6h7_4.roa (hash: lcRoNbfxH5p4M1W+4xZaSBgfZt5WaNW+2CNCqFsymZU=)
                          11: qPTdKAqShrGpfL0vzX2Thwykdz4.roa (hash: G5XyzrC9DKKQXTNoqtUT55LljRWAhx2tEjRJFr4VKkg=)
                          12: rN5X1L8tl_GX_nzqwu1OyA5bT10.roa (hash: Gdm71Ynfr1CK1VYWBpYU6mNFZ9abPsblKlI3Q/vvryI=)
                          13: sMntCxUtK_jseejaS5-JuTzGRbo.roa (hash: W/RCOC1i921KNgUzkOxQpq7Cf8D/JtxRY4PxIMJC1do=)
                          14: uAf5pUFdtYtdOx45Hj4gHBGOKJE.roa (hash: 6JrQVp7ySTlmiK0e6//AOGp9uZShw5JAgDSFSxnbhKs=)
                          15: vxkYrgp7CFmcPITnZQ7G-ZRYsZ0.roa (hash: wbJjJh+2zu6VAgdzbvpTOYocrmVQMGQy2rapGPepPKw=)
                          16: yVZNZqdbW5_Cz0l5jiC27M47H_4.roa (hash: cMxeCjc8ROq48HrS48yFe56NPv4CmYX6+Y/k0JWTvj0=)
Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 04 Jun 2025 03:09:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8125 (0x1fbd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
        Validity
            Not Before: Jun  3 21:09:37 2025 GMT
            Not After : Apr  3 08:00:09 2026 GMT
        Subject: CN=FFA4BA66D2945D86DBE7BBE8FF386FD9B32A52ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5c:59:98:50:2b:67:d0:e5:23:8b:30:5c:b4:
                    86:f5:ae:45:a0:e4:81:45:f3:d8:64:e9:d9:ce:e4:
                    23:3d:d4:25:d7:80:b5:7b:dd:14:5b:d0:e0:6a:a1:
                    16:ae:47:fe:8a:9e:96:38:c2:11:aa:9b:35:89:02:
                    d4:43:bc:76:b7:ae:8d:d5:79:39:a7:6a:fd:11:5a:
                    7a:3c:55:52:a6:d7:7f:d5:ab:50:61:5b:b9:cf:65:
                    b6:3a:19:e2:32:8c:49:04:fb:69:1e:1b:f0:c7:d1:
                    25:05:a1:47:01:1a:6f:24:ed:5b:38:2e:9a:8b:69:
                    cc:ea:32:c7:9d:f7:96:0d:09:0f:31:9d:a3:67:4f:
                    ed:d2:ae:b8:0f:d1:a2:c0:45:f5:47:d0:21:1a:10:
                    8f:16:d2:b3:f2:3e:ad:8b:22:8b:44:7f:eb:b7:c4:
                    9f:fe:81:ee:e1:59:d7:36:dc:5b:fe:fc:48:4c:5f:
                    ca:48:f0:22:79:f0:ad:fd:e3:be:f0:84:5b:73:a1:
                    fb:e6:a0:eb:db:27:4c:c9:c4:98:f8:e0:63:18:f9:
                    73:88:c4:93:f3:b6:eb:36:f3:48:ee:75:54:bb:f8:
                    51:2c:4e:4c:2d:f3:2c:e0:ce:2e:68:ce:56:cf:ed:
                    c2:4a:1b:1c:b9:a7:a6:76:5b:d6:53:1c:30:b1:74:
                    73:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:A4:BA:66:D2:94:5D:86:DB:E7:BB:E8:FF:38:6F:D9:B3:2A:52:ED
            X509v3 Authority Key Identifier:
                keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

    Signature Algorithm: sha256WithRSAEncryption
         b6:e0:90:46:bd:b1:10:94:6e:b3:27:27:af:43:16:8e:4a:2e:
         55:6b:52:bd:c4:d5:dd:7e:44:3b:94:8a:dd:10:45:88:0a:c6:
         a5:3a:46:c7:3f:be:eb:2f:a9:32:a7:be:08:69:3b:d8:94:06:
         d0:00:85:f1:f3:4b:9f:2b:da:6e:e7:c9:e5:29:28:34:0d:59:
         3d:57:ef:92:5b:88:73:60:80:1f:1d:b1:fe:a5:ad:87:39:a4:
         35:59:66:42:ee:16:d1:71:3e:aa:f0:71:77:3c:c3:2b:9d:ab:
         fc:77:a3:44:39:20:fa:7c:d7:ea:a0:24:53:3f:7d:c0:07:29:
         26:38:79:6f:c8:63:5f:f3:76:b8:76:51:06:47:6c:a2:64:0f:
         e5:0e:65:38:86:1d:c9:03:11:a3:78:d8:14:46:0f:1d:42:d1:
         bc:fa:76:1e:eb:c8:30:0a:cf:23:c9:15:e3:1a:12:2d:a2:eb:
         d4:3c:8b:24:a2:ea:61:62:55:14:26:65:79:0c:ce:db:6f:fb:
         56:86:1e:ec:dd:55:fd:fc:ee:ad:86:5d:f8:49:8f:38:e6:50:
         41:a5:65:7e:ca:87:45:f0:fd:07:9a:74:e5:d1:c4:22:ee:69:
         e6:c5:1e:3d:1a:ba:6b:5c:95:92:b5:2f:fb:a3:a2:f3:2f:64:
         4c:ff:37:2e
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgICH70wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3
MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNTA2MDMy
MTA5MzdaFw0yNjA0MDMwODAwMDlaMDMxMTAvBgNVBAMTKEZGQTRCQTY2RDI5NDVE
ODZEQkU3QkJFOEZGMzg2RkQ5QjMyQTUyRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTXFmYUCtn0OUjizBctIb1rkWg5IFF89hk6dnO5CM91CXXgLV7
3RRb0OBqoRauR/6KnpY4whGqmzWJAtRDvHa3ro3VeTmnav0RWno8VVKm13/Vq1Bh
W7nPZbY6GeIyjEkE+2keG/DH0SUFoUcBGm8k7Vs4LpqLaczqMsed95YNCQ8xnaNn
T+3SrrgP0aLARfVH0CEaEI8W0rPyPq2LIotEf+u3xJ/+ge7hWdc23Fv+/EhMX8pI
8CJ58K39477whFtzofvmoOvbJ0zJxJj44GMY+XOIxJPztus280judVS7+FEsTkwt
8yzgzi5ozlbP7cJKGxy5p6Z2W9ZTHDCxdHNjAgMBAAGjggIKMIICBjAdBgNVHQ4E
FgQU/6S6ZtKUXYbb57vo/zhv2bMqUu0wHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI
l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3
L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3L0tuRWFwOXhnQkpzTERZ
aElsLUFWc1JjZk43ay5tZnQwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIFADAhBggr
BgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEBCwUAA4IB
AQC24JBGvbEQlG6zJyevQxaOSi5Va1K9xNXdfkQ7lIrdEEWICsalOkbHP77rL6ky
p74IaTvYlAbQAIXx80ufK9pu58nlKSg0DVk9V++SW4hzYIAfHbH+pa2HOaQ1WWZC
7hbRcT6q8HF3PMMrnav8d6NEOSD6fNfqoCRTP33ABykmOHlvyGNf83a4dlEGR2yi
ZA/lDmU4hh3JAxGjeNgURg8dQtG8+nYe68gwCs8jyRXjGhItouvUPIskouphYlUU
JmV5DM7bb/tWhh7s3VX9/O6thl34SY845lBBpWV+yodF8P0HmnTl0cQi7mnmxR49
GrprXJWStS/7o6LzL2RM/zcu
-----END CERTIFICATE-----