$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/497/fkCukAEA4rl7Mc4AaQLzHn0dKvI.mft File: fkCukAEA4rl7Mc4AaQLzHn0dKvI.mft (raw, json) Hash identifier: cXi/jG6rQjTptNV2AfPPa42XvChOWldUWxDxX053s14= Subject key identifier: EC:D1:84:15:3C:40:20:3B:AB:D9:6D:98:CF:4D:A7:4F:5A:41:A1:0E Authority key identifier: 7E:40:AE:90:01:00:E2:B9:7B:31:CE:00:69:02:F3:1E:7D:1D:2A:F2 Certificate issuer: /CN=7E40AE900100E2B97B31CE006902F31E7D1D2AF2 Certificate serial: 218E Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/fkCukAEA4rl7Mc4AaQLzHn0dKvI.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/497/fkCukAEA4rl7Mc4AaQLzHn0dKvI.mft Manifest number: 217C Signing time: Wed 05 Nov 2025 20:14:38 +0000 Manifest this update: Wed 05 Nov 2025 20:14:38 +0000 Manifest next update: Thu 06 Nov 2025 02:14:38 +0000 Files and hashes: 1: 1D2UmyE5-gCb0damhvuEDH8YtAY.roa (hash: AMmfBM3qaK1itXqyZ4SgnT4JGnqlgrL/Gh5C0EIxR5E=) 2: CiBAH9JduuLsmuuCF8EVZqj7e_Y.roa (hash: bd7DjAkds7VcKmf/Fltkc6yJTfqF8NsglOW0Ic2RF7A=) 3: fkCukAEA4rl7Mc4AaQLzHn0dKvI.crl (hash: Lp/xzl6GZsrDDlsh7Yc0SIVXfe/4NHxsxGY72gfZ9bY=) 4: i1vcqehnPWMsGkHyBt_JD5k4A6s.roa (hash: 7Vby9l7O2UfOHc1jCfza0GDpjmXF68GhT4vaR2Ve+lE=) 5: imU9bcBr7hgyeXFqfTZmnAeJlhU.roa (hash: PY4enp06hDmmPvbNRcj0KK93xTkmT6kRWJIbjK/rHGs=) 6: ql9qcTEflj32Qvouuf74e7XIVH0.roa (hash: J5GlJW+RyK4nchWDPsGIHuSYVc8CVW/wpZ54lJLJtnA=) 7: xhyJQ6fLIljnRE3vjXjVdtzD-60.roa (hash: pw3KaKc1CqxoWC2rbY7xD+pjw8LfXPIJcNclxnFFohI=) Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/497/fkCukAEA4rl7Mc4AaQLzHn0dKvI.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/497/fkCukAEA4rl7Mc4AaQLzHn0dKvI.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/fkCukAEA4rl7Mc4AaQLzHn0dKvI.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Wed 05 Nov 2025 23:43:27 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 8590 (0x218e) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=7E40AE900100E2B97B31CE006902F31E7D1D2AF2 Validity Not Before: Nov 5 20:14:38 2025 GMT Not After : Oct 23 03:01:03 2026 GMT Subject: CN=ECD184153C40203BABD96D98CF4DA74F5A41A10E Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:dc:46:8a:79:8e:44:18:25:d7:0b:96:bf:57:a5: 15:1a:7b:81:3e:c9:c4:7b:f4:40:ec:ed:3f:05:e5: 44:ec:31:55:56:2a:65:a2:aa:0b:5d:8b:8c:1f:b1: b1:78:46:3d:1c:4d:7f:02:bb:8a:f0:a5:25:f5:59: 22:91:d6:a4:03:2d:ac:54:d7:2d:9b:3f:a1:15:5f: be:f7:c0:1b:04:54:f4:e7:6a:e4:00:53:38:62:31: 2f:32:8c:b4:a6:cd:58:f3:aa:1d:97:9b:e5:2b:a4: bd:42:98:18:08:dc:a2:fd:d0:80:41:98:8c:0c:97: 0c:3e:7c:6c:1f:0d:c3:71:ad:89:37:b7:a9:01:93: 4a:33:57:5a:44:6d:9c:bd:cd:63:9f:7b:a1:65:09: 34:c1:93:8f:6e:67:6e:4d:07:4a:dc:d1:4a:40:b4: d7:e3:41:cc:00:a3:b3:e5:3e:e8:0f:e1:0a:74:02: d6:79:f9:00:37:ea:8a:33:1a:42:4d:a5:c4:a5:e1: 21:3e:e3:bf:5b:4d:89:84:f1:9e:63:8a:a6:80:e5: 9c:46:da:9c:18:75:98:07:de:d8:58:27:f3:34:d7: c3:c9:14:65:5d:3a:e7:30:f7:b6:fb:66:76:9c:86: 30:7c:9b:fc:ba:4f:9a:2f:ec:04:48:50:1f:36:d7: 44:f3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: EC:D1:84:15:3C:40:20:3B:AB:D9:6D:98:CF:4D:A7:4F:5A:41:A1:0E X509v3 Authority Key Identifier: keyid:7E:40:AE:90:01:00:E2:B9:7B:31:CE:00:69:02:F3:1E:7D:1D:2A:F2 X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/497/fkCukAEA4rl7Mc4AaQLzHn0dKvI.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/fkCukAEA4rl7Mc4AaQLzHn0dKvI.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/497/fkCukAEA4rl7Mc4AaQLzHn0dKvI.mft RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit Signature Algorithm: sha256WithRSAEncryption 28:14:62:01:ea:3e:f6:88:91:dd:fa:a9:6d:41:22:4f:3f:11: 4d:09:16:0a:c6:ca:74:93:01:18:13:fc:28:c8:93:db:61:d4: 55:b3:ca:1e:ae:46:16:3a:f4:95:3b:ca:f1:58:ca:0f:1f:e2: bb:3f:2c:cc:b3:81:ea:d2:ac:2b:98:0c:6b:2c:6e:60:f8:d5: 5c:02:f9:80:2b:a9:4e:2f:d9:3d:3c:74:c1:56:af:a0:20:15: 97:20:76:f5:be:7d:fc:c4:36:9b:73:df:03:07:02:9e:f8:f3: 18:1a:7f:a8:31:d0:20:9a:8b:b0:3a:71:d0:03:96:93:e4:3f: 00:d6:63:44:96:f4:ad:69:9d:cd:21:10:cd:17:fe:95:41:f1: a8:46:cf:97:cb:0b:a1:43:0d:82:fc:0b:18:6c:ec:33:8f:c4: 2e:b4:9d:6e:d2:39:84:16:61:0e:ff:10:a9:95:52:f2:e7:e8: ea:5c:1c:99:19:82:44:0f:61:45:e1:b6:d1:2f:44:7d:aa:63: e8:65:b5:23:69:fc:3b:09:4c:fd:50:8c:ac:ec:80:1d:45:3b: d4:9a:bc:1a:72:65:b0:55:80:bb:7c:b1:68:a2:07:33:e6:e1: ae:8e:df:56:65:be:f9:9a:1f:83:74:0b:68:0d:f6:40:40:24: d5:3f:cb:23 -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgICIY4wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoN0U0 MEFFOTAwMTAwRTJCOTdCMzFDRTAwNjkwMkYzMUU3RDFEMkFGMjAeFw0yNTExMDUy MDE0MzhaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKEVDRDE4NDE1M0M0MDIw M0JBQkQ5NkQ5OENGNERBNzRGNUE0MUExMEUwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDcRop5jkQYJdcLlr9XpRUae4E+ycR79EDs7T8F5UTsMVVWKmWi qgtdi4wfsbF4Rj0cTX8Cu4rwpSX1WSKR1qQDLaxU1y2bP6EVX773wBsEVPTnauQA UzhiMS8yjLSmzVjzqh2Xm+UrpL1CmBgI3KL90IBBmIwMlww+fGwfDcNxrYk3t6kB k0ozV1pEbZy9zWOfe6FlCTTBk49uZ25NB0rc0UpAtNfjQcwAo7PlPugP4Qp0AtZ5 +QA36oozGkJNpcSl4SE+479bTYmE8Z5jiqaA5ZxG2pwYdZgH3thYJ/M018PJFGVd Oucw97b7ZnachjB8m/y6T5ov7ARIUB8210TzAgMBAAGjggIKMIICBjAdBgNVHQ4E FgQU7NGEFTxAIDur2W2Yz02nT1pBoQ4wHwYDVR0jBBgwFoAUfkCukAEA4rl7Mc4A aQLzHn0dKvIwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDk3 L2ZrQ3VrQUVBNHJsN01jNEFhUUx6SG4wZEt2SS5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvZmtDdWtBRUE0cmw3TWM0QWFRTHpIbjBkS3ZJLmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvNDk3L2ZrQ3VrQUVBNHJsN01j NEFhUUx6SG4wZEt2SS5tZnQwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIFADAhBggr BgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEBCwUAA4IB AQAoFGIB6j72iJHd+qltQSJPPxFNCRYKxsp0kwEYE/woyJPbYdRVs8oerkYWOvSV O8rxWMoPH+K7PyzMs4Hq0qwrmAxrLG5g+NVcAvmAK6lOL9k9PHTBVq+gIBWXIHb1 vn38xDabc98DBwKe+PMYGn+oMdAgmouwOnHQA5aT5D8A1mNElvStaZ3NIRDNF/6V QfGoRs+XywuhQw2C/AsYbOwzj8QutJ1u0jmEFmEO/xCplVLy5+jqXByZGYJED2FF 4bbRL0R9qmPoZbUjafw7CUz9UIys7IAdRTvUmrwacmWwVYC7fLFoogcz5uGujt9W Zb75mh+DdAtoDfZAQCTVP8sj -----END CERTIFICATE-----Generated at Wed Nov 5 22:45:37 2025 by rpki-client