Manifest

$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
File:                     KnEap9xgBJsLDYhIl-AVsRcfN7k.mft (raw, json)
Hash identifier:          jUlPkWT1w6YFoQyrRUx6MJiK1a442tVUQiFJj8wT4HQ=
Subject key identifier:   FF:A4:BA:66:D2:94:5D:86:DB:E7:BB:E8:FF:38:6F:D9:B3:2A:52:ED
Authority key identifier: 2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9
Certificate issuer:       /CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
Certificate serial:       1BED
Authority info access:    rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
Subject info access:      rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
Manifest number:          1B8C
Signing time:             Fri 22 Nov 2024 10:22:20 +0000
Manifest this update:     Fri 22 Nov 2024 10:22:20 +0000
Manifest next update:     Fri 22 Nov 2024 16:22:20 +0000
Files and hashes:         1: 1h7MjSQkDHW0g0wxTf5pE-fkqNg.roa (hash: s33f7SFvTxJ40vJ42UpvBavXht/UaSIuqUD5A0fKGlg=)
                          2: 5F3_qJsNzbOE3KUQvB7FGRoJIoQ.roa (hash: LbGiFQ0hOo7l49oL65K6ks14edGk5uaNeR7V1Fy9pBc=)
                          3: 8eSZNkxhMpH3hUusHxZKfYGN428.roa (hash: CaT7AmuDtLCoAa/D8K8kvuXkR0saTwmRNPCVFyZVC/I=)
                          4: BsL3vA6GhpVvLXEn1qGkojdwEWg.roa (hash: n/ETL8brdisweN5HtLLBIRFWfpzpiy6f0ZDH7tNiJJA=)
                          5: ERJ4ZQmOKZWoIaY-XUq47ePPW8E.roa (hash: tK2zEk6GVSNiqaFhgWyde3Br5IA+HhMCVF8coBM7RBw=)
                          6: I4t8S7wXzRpV_lu0fFLT4HMMGzg.roa (hash: jEeVJOIjdYMWGfh49iogsPidGly8ChKCUqbqSaC2l4g=)
                          7: IfCOZ9JdW2uzSt64Qiykk8CtwfA.roa (hash: 1o3jTGd6o/QJYKZ7aFuI+GrKdTVtAKWJSz70apIWZtY=)
                          8: Kj_5rV2yuaetzY1MmcMlH-zEzwY.roa (hash: vMCsnt/VOnjbkxWo8pL0WMe3yXqJDyeGw72NYzVKFac=)
                          9: KnEap9xgBJsLDYhIl-AVsRcfN7k.crl (hash: RMuYaWusAmWtX69ysT9MN8y2roWfyOnJZ4ZcgFtTYqc=)
                          10: OYtvpfopqvGSSmyHl1MsA6vdl1o.roa (hash: e1AmtpOUMVzQdagX+4bkrcOrvz3ND/FDxW2TIm8pmP8=)
                          11: _FBFzZErc3Sb4m_WAbJ9J-a9TGA.roa (hash: 0oChuwUJEwYJ12QmgS/INE9IQlx/ca/N9K7fTNs7K08=)
                          12: _Rv_OdbhX8-stFs5_dbsK3lUAug.roa (hash: COkYo5o7mLCcEL8QbfJHhbN8o4yiZ1ad7iUHgz3PqH0=)
                          13: akoD9DuvAG3U4nq_wQgcV1qWHRc.roa (hash: p354Kkb3VaI9JeAGMbO6Th8RSrdcsaZWKmZ4vRtUcn4=)
                          14: fWWcqMr1Rx36saVyyGcw4W_y8KY.roa (hash: Z/ntlef4VuosHAeVPaauLd7lkjfboFyCmFuuFmoe5kE=)
                          15: l-OcCesTSuBdO5IoSKzcBLmGV3I.roa (hash: V+qfdOP7fF5YPbI2fv4sNhq08smvoF+WOztOV3zR7uI=)
                          16: x2mEssjB-Oo51gVQ2nDDtFHhdas.roa (hash: Hb0BcMx1IZV1qTglQXMG0RDF0m1dzOc5OEeVrMKxDqA=)

Validation:               OK
Signature path:           rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl
                          rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 22 Nov 2024 14:53:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7149 (0x1bed)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2A711AA7DC60049B0B0D884897E015B1171F37B9
        Validity
            Not Before: Nov 22 10:22:20 2024 GMT
            Not After : Sep 27 02:40:14 2025 GMT
        Subject: CN=FFA4BA66D2945D86DBE7BBE8FF386FD9B32A52ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5c:59:98:50:2b:67:d0:e5:23:8b:30:5c:b4:
                    86:f5:ae:45:a0:e4:81:45:f3:d8:64:e9:d9:ce:e4:
                    23:3d:d4:25:d7:80:b5:7b:dd:14:5b:d0:e0:6a:a1:
                    16:ae:47:fe:8a:9e:96:38:c2:11:aa:9b:35:89:02:
                    d4:43:bc:76:b7:ae:8d:d5:79:39:a7:6a:fd:11:5a:
                    7a:3c:55:52:a6:d7:7f:d5:ab:50:61:5b:b9:cf:65:
                    b6:3a:19:e2:32:8c:49:04:fb:69:1e:1b:f0:c7:d1:
                    25:05:a1:47:01:1a:6f:24:ed:5b:38:2e:9a:8b:69:
                    cc:ea:32:c7:9d:f7:96:0d:09:0f:31:9d:a3:67:4f:
                    ed:d2:ae:b8:0f:d1:a2:c0:45:f5:47:d0:21:1a:10:
                    8f:16:d2:b3:f2:3e:ad:8b:22:8b:44:7f:eb:b7:c4:
                    9f:fe:81:ee:e1:59:d7:36:dc:5b:fe:fc:48:4c:5f:
                    ca:48:f0:22:79:f0:ad:fd:e3:be:f0:84:5b:73:a1:
                    fb:e6:a0:eb:db:27:4c:c9:c4:98:f8:e0:63:18:f9:
                    73:88:c4:93:f3:b6:eb:36:f3:48:ee:75:54:bb:f8:
                    51:2c:4e:4c:2d:f3:2c:e0:ce:2e:68:ce:56:cf:ed:
                    c2:4a:1b:1c:b9:a7:a6:76:5b:d6:53:1c:30:b1:74:
                    73:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:A4:BA:66:D2:94:5D:86:DB:E7:BB:E8:FF:38:6F:D9:B3:2A:52:ED
            X509v3 Authority Key Identifier:
                keyid:2A:71:1A:A7:DC:60:04:9B:0B:0D:88:48:97:E0:15:B1:17:1F:37:B9

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/KnEap9xgBJsLDYhIl-AVsRcfN7k.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/817/KnEap9xgBJsLDYhIl-AVsRcfN7k.mft
                RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

    Signature Algorithm: sha256WithRSAEncryption
         99:69:81:20:47:4a:94:5f:e0:a2:72:46:09:5e:79:1b:f1:c6:
         af:11:90:28:90:fc:a2:8d:b0:63:44:af:c9:d5:17:fc:74:bc:
         7a:58:75:2e:54:d3:68:b4:fb:4f:25:25:a6:0c:11:c1:f5:d9:
         29:e6:69:62:40:b0:65:99:40:49:04:4a:b9:ce:c3:03:70:e3:
         26:5f:39:6b:70:7f:ce:45:ad:23:f6:01:a5:f3:a3:5a:4e:c6:
         24:2d:2e:0e:f5:1f:a8:25:87:48:dd:e4:7c:e3:a4:ec:91:22:
         34:8d:2f:bf:69:c2:0c:7b:9a:81:28:31:4b:b6:27:1d:ab:b7:
         e6:af:a8:49:37:7a:4d:81:98:b4:0f:46:02:9c:5b:4d:4f:03:
         ab:8c:ac:d4:a3:37:df:f1:cc:5d:80:53:b9:92:e6:10:2d:8d:
         f8:5b:48:4d:61:e4:d9:00:d4:e6:35:f4:c7:b6:5e:5f:c3:27:
         52:36:a1:95:4e:52:76:08:95:f1:4f:44:44:eb:6d:9a:e2:90:
         59:76:90:87:95:d8:0c:b3:16:6e:96:f6:9c:6e:15:1b:93:b4:
         e6:5b:51:f5:ea:a7:02:5e:26:57:7f:0e:de:9e:91:1c:58:ec:
         e7:aa:da:b2:31:44:97:2f:1c:28:20:3a:b5:d5:a5:10:2e:4f:
         5b:25:19:e7
-----BEGIN CERTIFICATE-----
MIIE7jCCA9agAwIBAgICG+0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoMkE3
MTFBQTdEQzYwMDQ5QjBCMEQ4ODQ4OTdFMDE1QjExNzFGMzdCOTAeFw0yNDExMjIx
MDIyMjBaFw0yNTA5MjcwMjQwMTRaMDMxMTAvBgNVBAMTKEZGQTRCQTY2RDI5NDVE
ODZEQkU3QkJFOEZGMzg2RkQ5QjMyQTUyRUQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDTXFmYUCtn0OUjizBctIb1rkWg5IFF89hk6dnO5CM91CXXgLV7
3RRb0OBqoRauR/6KnpY4whGqmzWJAtRDvHa3ro3VeTmnav0RWno8VVKm13/Vq1Bh
W7nPZbY6GeIyjEkE+2keG/DH0SUFoUcBGm8k7Vs4LpqLaczqMsed95YNCQ8xnaNn
T+3SrrgP0aLARfVH0CEaEI8W0rPyPq2LIotEf+u3xJ/+ge7hWdc23Fv+/EhMX8pI
8CJ58K39477whFtzofvmoOvbJ0zJxJj44GMY+XOIxJPztus280judVS7+FEsTkwt
8yzgzi5ozlbP7cJKGxy5p6Z2W9ZTHDCxdHNjAgMBAAGjggIKMIICBjAdBgNVHQ4E
FgQU/6S6ZtKUXYbb57vo/zhv2bMqUu0wHwYDVR0jBBgwFoAUKnEap9xgBJsLDYhI
l+AVsRcfN7kwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg
T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3
L0tuRWFwOXhnQkpzTERZaElsLUFWc1JjZk43ay5jcmwwYwYIKwYBBQUHAQEEVzBV
MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz
RDAwMDAvS25FYXA5eGdCSnNMRFloSWwtQVZzUmNmTjdrLmNlcjAOBgNVHQ8BAf8E
BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw
a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODE3L0tuRWFwOXhnQkpzTERZ
aElsLUFWc1JjZk43ay5tZnQwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p
Yy5jbi9ycmRwL25vdGlmeS54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIFADAhBggr
BgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEBCwUAA4IB
AQCZaYEgR0qUX+CickYJXnkb8cavEZAokPyijbBjRK/J1Rf8dLx6WHUuVNNotPtP
JSWmDBHB9dkp5mliQLBlmUBJBEq5zsMDcOMmXzlrcH/ORa0j9gGl86NaTsYkLS4O
9R+oJYdI3eR846TskSI0jS+/acIMe5qBKDFLticdq7fmr6hJN3pNgZi0D0YCnFtN
TwOrjKzUozff8cxdgFO5kuYQLY34W0hNYeTZANTmNfTHtl5fwydSNqGVTlJ2CJXx
T0RE622a4pBZdpCHldgMsxZulvacbhUbk7TmW1H16qcCXiZXfw7enpEcWOznqtqy
MUSXLxwoIDq11aUQLk9bJRnn
-----END CERTIFICATE-----