This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.cnnic.cn/rpki/A9162E3D0000/846/iKQI7rXTpv4suSjFDJ-2gC-QJn8.mft File: iKQI7rXTpv4suSjFDJ-2gC-QJn8.mft (raw, json) Hash identifier: Xovt2PJ31znvptp83Q5CftlNsq8iWS8aIfTWZ7HrCZs= Subject key identifier: 0C:CE:83:A6:2E:1F:1D:A8:1C:E2:49:FC:3F:C4:BF:44:37:2A:FF:AC Authority key identifier: 88:A4:08:EE:B5:D3:A6:FE:2C:B9:28:C5:0C:9F:B6:80:2F:90:26:7F Certificate issuer: /CN=88A408EEB5D3A6FE2CB928C50C9FB6802F90267F Certificate serial: 0138 Authority info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iKQI7rXTpv4suSjFDJ-2gC-QJn8.cer Subject info access: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/846/iKQI7rXTpv4suSjFDJ-2gC-QJn8.mft Manifest number: 0134 Signing time: Sun 21 Dec 2025 16:40:23 +0000 Manifest this update: Sun 21 Dec 2025 16:40:23 +0000 Manifest next update: Sun 21 Dec 2025 22:40:23 +0000 Files and hashes: 1: 0tXJhjrShCOZ_hSYp5KXxrxILYg.roa (hash: P4zzpwHv35P8/ZqKhNk96zu1Bs0VO0U5hO26cVsDcxA=) 2: 99HRwhw6tal7rDmw-PFDo59JioM.roa (hash: T7qj9RdduCmFelHSSIKeK8dbeOUk57gZ9sZGu20s13s=) 3: SZVv0d8wmaj2M9td0BSd4841GMs.roa (hash: WIihbieqLoWkrNlubEmmUEkPBvTK3qRwJxS+f+cCACY=) 4: UXY-RYaZHgTYhXJhGXXf96toWwE.roa (hash: m8GqULFjpNYHqvAai/zNQGo0eznqvOaJ5lpdYuPHNIE=) 5: iKQI7rXTpv4suSjFDJ-2gC-QJn8.crl (hash: ti87eWJaUK8ttT8+zzS1hSxnbI5tEiFlqZvEQG2kreA=) Validation: OK Signature path: rsync://rpki.cnnic.cn/rpki/A9162E3D0000/846/iKQI7rXTpv4suSjFDJ-2gC-QJn8.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/846/iKQI7rXTpv4suSjFDJ-2gC-QJn8.mft rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iKQI7rXTpv4suSjFDJ-2gC-QJn8.cer rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.crl rsync://rpki.cnnic.cn/rpki/A9162E3D0000/BBYptqnqt8sTJOo5ePA3lviJtUA.mft rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BBYptqnqt8sTJOo5ePA3lviJtUA.cer rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer Signature path expires: Sun 21 Dec 2025 22:40:16 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 312 (0x138) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=88A408EEB5D3A6FE2CB928C50C9FB6802F90267F Validity Not Before: Dec 21 16:40:23 2025 GMT Not After : Oct 23 03:01:03 2026 GMT Subject: CN=0CCE83A62E1F1DA81CE249FC3FC4BF44372AFFAC Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:cf:c6:c5:ba:fd:1a:8b:17:a4:7c:81:9d:e5:b8: ab:85:f0:6e:ee:31:c7:86:ee:67:17:09:de:b7:93: 58:90:43:ce:02:73:6b:99:05:ea:0a:69:10:50:8d: 9f:ae:6e:2d:7c:ab:a4:84:7c:e3:0b:59:99:61:e0: 63:6f:fc:54:5d:04:e8:b2:cc:9e:03:05:1c:8a:e2: 70:da:13:33:da:9d:f9:e3:0d:52:3d:75:76:6c:8a: 50:eb:2c:ca:c9:e2:31:18:eb:ab:40:9f:60:32:02: 84:31:a2:e0:62:c0:79:ba:a6:77:7a:de:9d:b1:0d: a8:8b:3a:36:78:32:51:6b:c0:3e:1d:4d:3a:61:2c: 9b:ed:3a:49:ed:06:99:5c:4a:5b:63:01:a3:ad:1f: 1e:56:21:8c:b2:4f:d3:86:6e:b2:1c:42:31:51:42: 56:15:b8:be:2b:db:e1:16:f0:89:f5:0a:37:14:08: 20:09:d6:17:79:6e:3b:78:bc:ab:e1:ba:5a:af:71: 59:f4:d4:39:6c:e1:8c:34:1d:fa:b3:00:cf:c0:71: d0:71:10:b2:fc:47:20:46:70:c3:d8:3b:a3:4a:fe: f1:cf:6a:6a:75:3d:96:d9:03:b0:e0:ee:6c:be:62: 54:b7:81:9a:82:f5:f5:b2:a4:d6:0d:a8:20:14:a6: 19:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 0C:CE:83:A6:2E:1F:1D:A8:1C:E2:49:FC:3F:C4:BF:44:37:2A:FF:AC X509v3 Authority Key Identifier: keyid:88:A4:08:EE:B5:D3:A6:FE:2C:B9:28:C5:0C:9F:B6:80:2F:90:26:7F X509v3 Certificate Policies: critical Policy: ipAddr-asNumber X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/846/iKQI7rXTpv4suSjFDJ-2gC-QJn8.crl Authority Information Access: CA Issuers - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/iKQI7rXTpv4suSjFDJ-2gC-QJn8.cer X509v3 Key Usage: critical Digital Signature Subject Information Access: Signed Object - URI:rsync://rpki.cnnic.cn/rpki/A9162E3D0000/846/iKQI7rXTpv4suSjFDJ-2gC-QJn8.mft RPKI Notify - URI:https://rpki.cnnic.cn/rrdp/notify.xml sbgp-autonomousSysNum: critical Autonomous System Numbers: inherit sbgp-ipAddrBlock: critical IPv4: inherit IPv6: inherit Signature Algorithm: sha256WithRSAEncryption 8c:03:4c:15:e1:7e:dc:be:ab:0a:1f:0f:ce:ce:e9:82:61:6a: fa:ec:24:d8:7b:1b:26:87:74:9c:1f:cd:46:1b:fc:ba:2f:e5: 2b:79:c0:d8:d0:c0:59:f5:fd:ec:0e:74:e5:a4:d5:37:8e:20: 7e:f2:66:dd:0d:56:3b:3c:ad:d6:bc:5a:49:1f:77:2c:31:d4: f4:6d:d7:88:be:de:62:7f:43:cc:85:ed:12:1d:ef:1b:64:e1: bd:09:88:a6:02:d8:e5:75:b2:22:14:3f:71:ff:fd:9d:01:b2: c6:a1:25:bd:71:17:89:95:2a:2f:35:09:d7:29:c5:f5:f4:cb: eb:d3:39:25:2d:3c:98:9e:9d:64:3d:85:bf:1a:47:bc:bd:94: a2:82:23:57:39:73:4e:04:11:f0:52:fd:af:ee:59:0a:ac:c9: 20:ee:ab:86:89:30:e8:35:68:1e:ce:8d:45:ae:9e:83:f8:9f: 38:fc:fc:4e:ae:12:2e:17:9a:2d:97:0d:b8:ee:30:82:ff:9c: 2f:ea:da:be:88:a4:a5:27:7d:31:d3:8f:93:23:4f:a5:70:00: 53:01:dd:6c:2d:b5:8b:9d:3e:c1:ee:bb:32:f0:9e:7f:43:f1: 44:70:bf:f4:fe:a1:41:87:e2:48:0d:a5:00:95:42:a2:c8:7c: e2:c1:e9:ac -----BEGIN CERTIFICATE----- MIIE7jCCA9agAwIBAgICATgwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoODhB NDA4RUVCNUQzQTZGRTJDQjkyOEM1MEM5RkI2ODAyRjkwMjY3RjAeFw0yNTEyMjEx NjQwMjNaFw0yNjEwMjMwMzAxMDNaMDMxMTAvBgNVBAMTKDBDQ0U4M0E2MkUxRjFE QTgxQ0UyNDlGQzNGQzRCRjQ0MzcyQUZGQUMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDPxsW6/RqLF6R8gZ3luKuF8G7uMceG7mcXCd63k1iQQ84Cc2uZ BeoKaRBQjZ+ubi18q6SEfOMLWZlh4GNv/FRdBOiyzJ4DBRyK4nDaEzPanfnjDVI9 dXZsilDrLMrJ4jEY66tAn2AyAoQxouBiwHm6pnd63p2xDaiLOjZ4MlFrwD4dTTph LJvtOkntBplcSltjAaOtHx5WIYyyT9OGbrIcQjFRQlYVuL4r2+EW8In1CjcUCCAJ 1hd5bjt4vKvhulqvcVn01Dls4Yw0HfqzAM/AcdBxELL8RyBGcMPYO6NK/vHPamp1 PZbZA7Dg7my+YlS3gZqC9fWypNYNqCAUphlPAgMBAAGjggIKMIICBjAdBgNVHQ4E FgQUDM6Dpi4fHagc4kn8P8S/RDcq/6wwHwYDVR0jBBgwFoAUiKQI7rXTpv4suSjF DJ+2gC+QJn8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBcBgNVHR8EVTBTMFGg T6BNhktyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODQ2 L2lLUUk3clhUcHY0c3VTakZESi0yZ0MtUUpuOC5jcmwwYwYIKwYBBQUHAQEEVzBV MFMGCCsGAQUFBzAChkdyc3luYzovL3Jwa2kuY25uaWMuY24vcnBraS9BOTE2MkUz RDAwMDAvaUtRSTdyWFRwdjRzdVNqRkRKLTJnQy1RSm44LmNlcjAOBgNVHQ8BAf8E BAMCB4AwgZwGCCsGAQUFBwELBIGPMIGMMFcGCCsGAQUFBzALhktyc3luYzovL3Jw a2kuY25uaWMuY24vcnBraS9BOTE2MkUzRDAwMDAvODQ2L2lLUUk3clhUcHY0c3VT akZESi0yZ0MtUUpuOC5tZnQwMQYIKwYBBQUHMA2GJWh0dHBzOi8vcnBraS5jbm5p Yy5jbi9ycmRwL25vdGlmeS54bWwwFQYIKwYBBQUHAQgBAf8EBjAEoAIFADAhBggr BgEFBQcBBwEB/wQSMBAwBgQCAAEFADAGBAIAAgUAMA0GCSqGSIb3DQEBCwUAA4IB AQCMA0wV4X7cvqsKHw/OzumCYWr67CTYexsmh3ScH81GG/y6L+UrecDY0MBZ9f3s DnTlpNU3jiB+8mbdDVY7PK3WvFpJH3csMdT0bdeIvt5if0PMhe0SHe8bZOG9CYim AtjldbIiFD9x//2dAbLGoSW9cReJlSovNQnXKcX19Mvr0zklLTyYnp1kPYW/Gke8 vZSigiNXOXNOBBHwUv2v7lkKrMkg7quGiTDoNWgezo1Frp6D+J84/PxOrhIuF5ot lw247jCC/5wv6tq+iKSlJ30x04+TI0+lcABTAd1sLbWLnT7B7rsy8J5/Q/FEcL/0 /qFBh+JIDaUAlUKiyHziwems -----END CERTIFICATE-----Generated at Sun Dec 21 18:18:55 2025 by rpki-client