This adds the thisUpdate value from Manifest eContent payloads into
the CCR/Erik protocol ManifestRef structure. This will be useful for
debugging Erik protocol exchanges, but also allows me to generate
Erik objects based on CCR data without having to open() any of the
tens of thousands of underlying objects.

The formal ASN.1 notation will also be updated along these lines:
https://github.com/job/draft-rpki-erik-protocol/commit/f30b8a0913b0f955677e041c2a849ef505e524c5
I'll upload a -02 of the associated drafts after landing this.

OK?

Index: ccr.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/ccr.c,v
diff -u -p -r1.11 ccr.c
--- ccr.c	14 Sep 2025 14:09:08 -0000	1.11
+++ ccr.c	15 Sep 2025 11:34:22 -0000
@@ -94,6 +94,7 @@ ASN1_SEQUENCE(ManifestRef) = {
 	ASN1_SIMPLE(ManifestRef, size, ASN1_INTEGER),
 	ASN1_SIMPLE(ManifestRef, aki, ASN1_OCTET_STRING),
 	ASN1_SIMPLE(ManifestRef, manifestNumber, ASN1_INTEGER),
+	ASN1_SIMPLE(ManifestRef, thisUpdate, ASN1_GENERALIZEDTIME),
 	ASN1_SEQUENCE_OF(ManifestRef, location, ACCESS_DESCRIPTION),
 } ASN1_SEQUENCE_END(ManifestRef);
 
@@ -278,6 +279,10 @@ append_cached_manifest(STACK_OF(Manifest
 
 	asn1int_set_seqnum(mftref->manifestNumber, cm->seqnum);
 
+	if (ASN1_GENERALIZEDTIME_set(mftref->thisUpdate, cm->thisupdate)
+	    == NULL)
+		errx(1, "ASN1_GENERALIZEDTIME_set");
+
 	location_add_sia(mftref->location, cm->sia);
 
 	if (sk_ManifestRef_push(mftrefs, mftref) <= 0)
@@ -939,6 +944,10 @@ parse_mft_refs(const char *fn, struct cc
 		    ref->manifestNumber);
 		if (ccr_mft->seqnum == NULL)
 			goto out;
+
+		if (!x509_get_generalized_time(fn, "ManifestRef thisUpdate",
+		    ref->thisUpdate, &ccr_mft->thisupdate))
+		goto out;
 
 		if (sk_ACCESS_DESCRIPTION_num(ref->location) != 1) {
 			warnx("%s: unexpected number of locations", fn);
Index: print.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/print.c,v
diff -u -p -r1.68 print.c
--- print.c	14 Sep 2025 15:15:57 -0000	1.68
+++ print.c	15 Sep 2025 11:34:23 -0000
@@ -918,12 +918,14 @@ print_ccr_mftstate(struct ccr *ccr)
 			json_do_uint("size", ccr_mft->size);
 			json_do_string("aki", aki);
 			json_do_string("seqnum", ccr_mft->seqnum);
+			json_do_int("thisupdate", ccr_mft->thisupdate);
 			json_do_string("sia", ccr_mft->sia);
 			json_do_end();
 		} else {
-			printf("%26shash:%s size:%zu aki:%s seqnum:%s sia:%s\n",
-			    "", hash, ccr_mft->size, aki, ccr_mft->seqnum,
-			    ccr_mft->sia);
+			printf("%26shash:%s size:%zu aki:%s seqnum:%s "
+			    "thisupdate:%lld sia:%s\n", "", hash,
+			    ccr_mft->size, aki, ccr_mft->seqnum,
+			    ccr_mft->thisupdate, ccr_mft->sia);
 		}
 
 		free(aki);
Index: rpki-asn1.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rpki-asn1.h,v
diff -u -p -r1.6 rpki-asn1.h
--- rpki-asn1.h	14 Sep 2025 14:02:27 -0000	1.6
+++ rpki-asn1.h	15 Sep 2025 11:34:23 -0000
@@ -65,6 +65,7 @@ typedef struct {
 	ASN1_INTEGER *size;
 	ASN1_OCTET_STRING *aki;
 	ASN1_INTEGER *manifestNumber;
+	ASN1_GENERALIZEDTIME *thisUpdate;
 	STACK_OF(ACCESS_DESCRIPTION) *location;
 } ManifestRef;