$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/3259/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.mft File: hX8ghpiiSaBZYHneTz2uX6e5Z1Q.mft (raw, json) Hash identifier: HlcxvPwcF+RRGBHxFVnAOnDIH3WC8tJEYGT1riWtnzs= Subject key identifier: 4D:28:36:42:2D:A4:F1:4F:8E:8A:7E:1D:DA:A1:7B:D2:F2:CF:62:79 Authority key identifier: 85:7F:20:86:98:A2:49:A0:59:60:79:DE:4F:3D:AE:5F:A7:B9:67:54 Certificate issuer: /CN=857F208698A249A0596079DE4F3DAE5FA7B96754 Certificate serial: 0CA3 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3259/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.mft Manifest number: 0CA3 Signing time: Wed 05 Nov 2025 19:42:18 +0000 Manifest this update: Wed 05 Nov 2025 19:42:18 +0000 Manifest next update: Thu 06 Nov 2025 01:42:18 +0000 Files and hashes: 1: hX8ghpiiSaBZYHneTz2uX6e5Z1Q.crl (hash: Fc+qMxNDSigdE6WsPOPfjunPy0hFkWtI9qd7cVN6NSE=) Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3259/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3259/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Wed 05 Nov 2025 23:43:27 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 3235 (0xca3) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=857F208698A249A0596079DE4F3DAE5FA7B96754 Validity Not Before: Nov 5 19:42:18 2025 GMT Not After : Oct 23 03:01:03 2026 GMT Subject: CN=4D2836422DA4F14F8E8A7E1DDAA17BD2F2CF6279 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ba:c1:61:84:f2:15:6d:fb:f5:6d:1c:83:13:14: 46:d6:5f:2d:2e:43:72:41:d8:d1:e4:3a:ce:59:76: 0a:bb:77:95:38:9e:b5:ec:4f:d6:b2:17:78:c6:29: 03:5e:6c:85:17:f3:8b:5f:28:e8:8e:51:c4:f0:24: 56:16:e3:f0:03:d2:e8:f5:da:aa:0e:a7:c6:fa:6c: 1f:66:60:7e:72:9c:6e:44:95:00:10:e6:e0:38:90: c1:f1:47:a3:33:63:bc:d6:85:92:5f:02:7c:e6:8c: 1e:4c:20:54:a3:77:ed:ca:8e:31:e3:8f:1d:62:14: 12:91:24:f2:28:30:a2:e1:70:54:ca:81:f1:3f:07: 4c:1f:e6:18:c0:df:9b:04:d7:61:63:f6:4a:b7:9a: 41:ea:38:f4:4f:65:75:92:26:97:0a:9f:39:4b:b1: 95:98:ce:a0:0a:48:2b:4c:52:26:91:22:1a:45:58: 5e:40:5e:ba:b9:52:80:58:9e:4a:7c:db:1a:dc:85: d0:1e:e9:9a:08:d5:9d:47:48:46:ed:dc:e3:80:d8: 49:67:c5:9f:10:1b:db:6e:18:69:4b:72:06:ee:f1: 1f:8b:1e:2a:c7:60:e5:2b:90:f3:49:eb:f7:43:1e: d3:c1:59:81:1a:51:f6:a6:24:17:3f:1f:33:94:28: 12:75 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4D:28:36:42:2D:A4:F1:4F:8E:8A:7E:1D:DA:A1:7B:D2:F2:CF:62:79 X509v3 Authority Key Identifier: keyid:85:7F:20:86:98:A2:49:A0:59:60:79:DE:4F:3D:AE:5F:A7:B9:67:54 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3259/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/3259/hX8ghpiiSaBZYHneTz2uX6e5Z1Q.mft RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit Signature Algorithm: sha256WithRSAEncryption 0e:00:b0:47:ab:9e:5a:4e:86:ed:b4:d7:43:19:d8:f7:b8:38: 5e:88:c1:e7:58:8b:76:cb:88:3f:e2:0f:25:bc:ca:15:7e:5a: 2d:aa:89:da:58:06:42:15:8a:8d:92:3d:b6:11:0b:c2:a0:8f: b2:c9:b1:3d:a5:c1:14:39:f8:d9:4c:24:bd:b5:92:f9:fd:4f: dd:a1:94:90:fa:db:e4:a0:c1:99:fc:67:67:1c:df:f3:7d:eb: ea:9c:ff:88:56:b9:24:b7:95:48:65:05:c9:71:83:e3:6d:0a: dd:13:a8:51:31:f4:ee:e3:02:df:31:db:61:08:e2:4b:a4:cd: 85:48:2d:d5:75:b6:24:60:53:9b:29:d3:3a:1c:72:c6:ed:6c: cc:be:21:fe:79:f3:73:02:f8:e9:a5:0a:b2:79:de:17:80:29: 05:e2:d5:36:83:47:39:8e:32:a7:13:f9:ba:62:32:b5:4e:25: f1:7f:1a:b6:20:dc:ed:6a:f5:f4:b7:d5:06:66:e5:cf:0e:40: c9:8a:a4:43:e7:18:f5:f9:8d:23:3d:0e:bc:c5:9d:1d:e4:58: 20:d2:58:0c:fa:18:a7:d5:0c:92:56:53:fb:a4:ed:71:de:31: 15:83:e5:d4:9d:88:1a:10:1a:d1:55:76:e9:71:92:bf:10:75: de:6e:93:ed -----BEGIN CERTIFICATE----- MIIE8DCCA9igAwIBAgICDKMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoODU3 RjIwODY5OEEyNDlBMDU5NjA3OURFNEYzREFFNUZBN0I5Njc1NDAeFw0yNTExMDUx OTQyMThaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKDREMjgzNjQyMkRBNEYx NEY4RThBN0UxRERBQTE3QkQyRjJDRjYyNzkwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC6wWGE8hVt+/VtHIMTFEbWXy0uQ3JB2NHkOs5Zdgq7d5U4nrXs T9ayF3jGKQNebIUX84tfKOiOUcTwJFYW4/AD0uj12qoOp8b6bB9mYH5ynG5ElQAQ 5uA4kMHxR6MzY7zWhZJfAnzmjB5MIFSjd+3KjjHjjx1iFBKRJPIoMKLhcFTKgfE/ B0wf5hjA35sE12Fj9kq3mkHqOPRPZXWSJpcKnzlLsZWYzqAKSCtMUiaRIhpFWF5A Xrq5UoBYnkp82xrchdAe6ZoI1Z1HSEbt3OOA2ElnxZ8QG9tuGGlLcgbu8R+LHirH YOUrkPNJ6/dDHtPBWYEaUfamJBc/HzOUKBJ1AgMBAAGjggIMMIICCDAdBgNVHQ4E FgQUTSg2Qi2k8U+Oin4d2qF70vLPYnkwHwYDVR0jBBgwFoAUhX8ghpiiSaBZYHne Tz2uX6e5Z1QwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg UKBOhkxyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvMzI1 OS9oWDhnaHBpaVNhQlpZSG5lVHoydVg2ZTVaMVEuY3JsMGMGCCsGAQUFBwEBBFcw VTBTBggrBgEFBQcwAoZHcnN5bmM6Ly9ycGtpLmNubmljLmNuL3Jwa2kvQTkxNjJF M0QwMDAwL2hYOGdocGlpU2FCWllIbmVUejJ1WDZlNVoxUS5jZXIwDgYDVR0PAQH/ BAQDAgeAMIGdBggrBgEFBQcBCwSBkDCBjTBYBggrBgEFBQcwC4ZMcnN5bmM6Ly9y cGtpLmNubmljLmNuL3Jwa2kvQTkxNjJFM0QwMDAwLzMyNTkvaFg4Z2hwaWlTYUJa WUhuZVR6MnVYNmU1WjFRLm1mdDAxBggrBgEFBQcwDYYlaHR0cHM6Ly9ycGtpLmNu bmljLmNuL3JyZHAvbm90aWZ5LnhtbDAVBggrBgEFBQcBCAEB/wQGMASgAgUAMCEG CCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAwDQYJKoZIhvcNAQELBQAD ggEBAA4AsEernlpOhu2010MZ2Pe4OF6IwedYi3bLiD/iDyW8yhV+Wi2qidpYBkIV io2SPbYRC8Kgj7LJsT2lwRQ5+NlMJL21kvn9T92hlJD62+SgwZn8Z2cc3/N96+qc /4hWuSS3lUhlBclxg+NtCt0TqFEx9O7jAt8x22EI4kukzYVILdV1tiRgU5sp0zoc csbtbMy+If5583MC+OmlCrJ53heAKQXi1TaDRzmOMqcT+bpiMrVOJfF/GrYg3O1q 9fS31QZm5c8OQMmKpEPnGPX5jSM9DrzFnR3kWCDSWAz6GKfVDJJWU/uk7XHeMRWD 5dSdiBoQGtFVdulxkr8Qdd5uk+0= -----END CERTIFICATE-----Generated at Wed Nov 5 21:59:35 2025 by rpki-client