diff --git a/draft-ietf-opsawg-9092-update.xml b/draft-ietf-opsawg-9092-update.xml
index ddfbced..019cdbb 100644
--- a/draft-ietf-opsawg-9092-update.xml
+++ b/draft-ietf-opsawg-9092-update.xml
@@ -8,7 +8,7 @@
 <?rfc compact="yes"?>
 <?rfc subcompact="no"?>
 
-<rfc category="std" docName="draft-ietf-opsawg-9092-update-02"
+<rfc category="std" docName="draft-ietf-opsawg-9092-update-03"
      submissionType="IETF" consensus="true" ipr="trust200902"
      obsoletes="9092" version="2" >
 
@@ -813,6 +813,22 @@
         There are no new actions needed by the IANA.
       </t>
     </section>
+    <section title="Acknowledgments" anchor="acks">
+      <t>Thanks to Rob Austein for CMS and detached signature clue,
+      George Michaelson for the first and substantial external review,
+      and Erik Kline who was too shy to agree to coauthorship.
+      Additionally, we express our gratitude to early implementors,
+      including Menno Schepers; Flavio Luciani; Eric Dugas; and Kevin
+      Pack.  Also, thanks to the following geolocation providers who
+      are consuming geofeeds with this described solution: Jonathan
+      Kosgei (ipdata.co), Ben Dowling (ipinfo.io), and Pol Nisenblat
+      (bigdatacloud.com).  For an amazing number of helpful reviews,
+      we thank Job Snijders, who also found an ASN.1 'inherit' issue;
+      Adrian Farrel; Antonio Prado; Francesca Palombini; Jean-Michel
+      Combes (INTDIR); John Scudder; Kyle Rose (SECDIR); Martin Duke;
+      Murray Kucherawy; Paul Kyzivat (GENART); Rob Wilton; Roman
+      Danyliw; and Ties de Kock.</t>
+    </section>
   </middle>
   <back>
 
@@ -923,17 +939,19 @@
     </references>
     
 
-  <section title="Example" anchor="example">
-    <t>
-      This appendix provides an example, including a trust anchor, a CA
-      certificate subordinate to the trust anchor, an end-entity
-      certificate subordinate to the CA for signing the geofeed, and a
-      detached signature.</t>
+    <section title="Example" anchor="example">
 
-    <t>
-      The trust anchor is represented by a self-signed certificate.  As
-      usual in the RPKI, the trust anchor has authority over all IPv4
-      address blocks, all IPv6 address blocks, and all AS numbers.</t>
+  <t>
+    This appendix provides an example, including a trust anchor, a
+    CRL signed by the trust anchor, a CA certificate subordinate to
+    the trust anchor, a CRL signed by the CA, an end-entity
+    certificate subordinate to the CA for signing the geofeed, and a
+    detached signature.</t>
+
+   <t>
+     The trust anchor is represented by a self-signed certificate.  As
+     usual in the RPKI, the trust anchor has authority over all IPv4
+     address blocks, all IPv6 address blocks, and all AS numbers.</t>
 
     <figure><artwork><![CDATA[
 -----BEGIN CERTIFICATE-----
@@ -961,6 +979,23 @@ Quz66XrzxtmxlrRcAnbv/HtV17qOd4my6q5yjTPR1dmYN9oR/2ChlXtGE6uQVguA
 rvNZ5CwiJ1TgGGTB7T8ORHwWU6dGTc0jk2rESAaikmLi1roZSNC21fckhapEit1a
 x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
 -----END CERTIFICATE-----
+]]></artwork></figure>
+
+   <t>
+   The CRL issued by the trust anchor.</t>
+
+<figure><artwork><![CDATA[
+-----BEGIN X509 CRL-----
+MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEX
+DTIzMDkyMDE4MDkxMVoXDTIzMTAyMDE4MDkxMVqgLzAtMB8GA1UdIwQYMBaAFMC9
+Ul2+0niyFuyzo0OV0gYLmQgyMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
+AQALdNwYgIPHVauhT9yGV2Oj28aj6yI8X/xQz53Gh7zqz4AfKSA3rmFUiQiPnLiA
+oO+oI83tzoTwxwVRdGpzc8ZhZ5yCwAQYZdiGteagLFi1zghWbRNWH/m7q/ypw1xd
+GZs3ow6b29OMr9ue/5s++bWMQ6oHh24cVB5S9kX3v7N0OeE0/SGcKtaeT+WE5SWC
+hudIB52s5NPcKu1SEnn/D8JLGoadxatmFEGMfRX2Wo9dcntcyCr/MPl6ZhvM9tsF
+Oxoom7RRnAfz+AWwptYrCkvKFdk974UCe9Bq2Bq3xuhrLs1kT6+yy0U9y7hyJYK/
+Dq9IJ9RuBsQagykwbwLbzlTr
+-----END X509 CRL-----
 ]]></artwork></figure>
 
    <t>
@@ -968,36 +1003,54 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
    certificate grants authority over one IPv4 address block
    (192.0.2.0/24) and two AS numbers (64496 and 64497).</t>
 
-    <figure><artwork><![CDATA[
-    -----BEGIN CERTIFICATE-----
-    MIIFBzCCA++gAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDLUwDQYJKoZIhvcNAQEL
-    BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMzA5MTYyMTAzMjhaFw0yNDA5
-    MTUyMTAzMjhaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG
-    QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
-    zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7
-    6wGIyZbtmhK63eEeaqbKz2GHub467498BXeVrYysO+YuIGgCEYKznNDZ4j5aaDbo
-    j5+4/z0Qvv6HEsxQd0f8br6lKJwgeRM6+fm7796HNPB0aqD7Zj9NRCLXjbB0DCgJ
-    liH6rXMKR86ofgll9V2mRjesvhdKYgkGbOif9rvxVpLJ/6zdru5CE9yeuJZ59l+n
-    YH/r6PzdJ4Q7yKrJX8qD6A60j4+biaU4MQ72KpsjhQNTTqF/HRwi0N54GDaknEwE
-    TnJQHgLJDYqww9yKWtjjAgMBAAGjggIvMIICKzAdBgNVHQ4EFgQUOs4s70+yG30R
-    4+GE78Hil7N3hkIwHwYDVR0jBBgwFoAU3hNEuwvUGNCHY1TBatcUR03pNdYwDwYD
-    VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwGAYDVR0gAQH/BA4wDDAKBggr
-    BgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5u
-    ZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0Iz
-    Nzc4NjQyLmNybDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMnJzeW5jOi8v
-    cnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5L2V4YW1wbGUtdGEuY2VyMIG5Bggr
-    BgEFBQcBCwSBrDCBqTA+BggrBgEFBQcwCoYycnN5bmM6Ly9ycGtpLmV4YW1wbGUu
-    bmV0L3JlcG9zaXRvcnkvZXhhbXBsZS1jYS5tZnQwNQYIKwYBBQUHMA2GKWh0dHBz
-    Oi8vcnJkcC5leGFtcGxlLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBzAF
-    hiRyc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8wHwYIKwYBBQUH
-    AQcBAf8EEDAOMAwEAgABMAYDBADAAAIwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgMA
-    +/ACAwD78TANBgkqhkiG9w0BAQsFAAOCAQEAkWoRJBJRgIMRkTUgPDG/rqcd/fz+
-    eN8L3Yme1hNJuAnkf6S3pr5GT1NG9hVTphLFPI4jPSoPZSEQtZ6gsswU3KacnS2A
-    VtgHYfZA9gfRHhURuiWvFNSp+d7A2MeBmmRyBOD3a5v4f+wNoXPgPhUTZUsXh2Q4
-    q7WFgiQp6P8vdIXjZDKFB7Xtu7Fl1S5RVowV68DexjVfmaPTPZjetHaAqpz6C4/E
-    s4NArJzIL+8sqmIeuWUD11WXQ3wsC0IWuPMi6XOJQnPQQFtMPr79cftsw+Ynr/vc
-    F+WPd2Mdaby93ASOE2MyXdaaOf8Av3wIpMvhMuAuM03V/mPVksqxUbfOLw==
-    -----END CERTIFICATE-----
+<figure><artwork><![CDATA[
+-----BEGIN CERTIFICATE-----
+MIIFBzCCA++gAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDLUwDQYJKoZIhvcNAQEL
+BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMzA5MTYyMTAzMjhaFw0yNDA5
+MTUyMTAzMjhaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG
+QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
+zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7
+6wGIyZbtmhK63eEeaqbKz2GHub467498BXeVrYysO+YuIGgCEYKznNDZ4j5aaDbo
+j5+4/z0Qvv6HEsxQd0f8br6lKJwgeRM6+fm7796HNPB0aqD7Zj9NRCLXjbB0DCgJ
+liH6rXMKR86ofgll9V2mRjesvhdKYgkGbOif9rvxVpLJ/6zdru5CE9yeuJZ59l+n
+YH/r6PzdJ4Q7yKrJX8qD6A60j4+biaU4MQ72KpsjhQNTTqF/HRwi0N54GDaknEwE
+TnJQHgLJDYqww9yKWtjjAgMBAAGjggIvMIICKzAdBgNVHQ4EFgQUOs4s70+yG30R
+4+GE78Hil7N3hkIwHwYDVR0jBBgwFoAU3hNEuwvUGNCHY1TBatcUR03pNdYwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwGAYDVR0gAQH/BA4wDDAKBggr
+BgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5u
+ZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0Iz
+Nzc4NjQyLmNybDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMnJzeW5jOi8v
+cnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5L2V4YW1wbGUtdGEuY2VyMIG5Bggr
+BgEFBQcBCwSBrDCBqTA+BggrBgEFBQcwCoYycnN5bmM6Ly9ycGtpLmV4YW1wbGUu
+bmV0L3JlcG9zaXRvcnkvZXhhbXBsZS1jYS5tZnQwNQYIKwYBBQUHMA2GKWh0dHBz
+Oi8vcnJkcC5leGFtcGxlLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBzAF
+hiRyc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8wHwYIKwYBBQUH
+AQcBAf8EEDAOMAwEAgABMAYDBADAAAIwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgMA
++/ACAwD78TANBgkqhkiG9w0BAQsFAAOCAQEAkWoRJBJRgIMRkTUgPDG/rqcd/fz+
+eN8L3Yme1hNJuAnkf6S3pr5GT1NG9hVTphLFPI4jPSoPZSEQtZ6gsswU3KacnS2A
+VtgHYfZA9gfRHhURuiWvFNSp+d7A2MeBmmRyBOD3a5v4f+wNoXPgPhUTZUsXh2Q4
+q7WFgiQp6P8vdIXjZDKFB7Xtu7Fl1S5RVowV68DexjVfmaPTPZjetHaAqpz6C4/E
+s4NArJzIL+8sqmIeuWUD11WXQ3wsC0IWuPMi6XOJQnPQQFtMPr79cftsw+Ynr/vc
+F+WPd2Mdaby93ASOE2MyXdaaOf8Av3wIpMvhMuAuM03V/mPVksqxUbfOLw==
+-----END CERTIFICATE-----
+]]></artwork></figure>
+
+   <t>
+   The CRL issued by the CA.</t>
+
+<figure><artwork><![CDATA[
+-----BEGIN X509 CRL-----
+MIIBrTCBlgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygzQUNFMkNFRjRG
+QjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyFw0yMzA5MjAxODIzNTBaFw0y
+MzEwMjAxODIzNTBaoC8wLTAfBgNVHSMEGDAWgBQ6zizvT7IbfRHj4YTvweKXs3eG
+QjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAiiqMfYMxDTKYosc77UM0
+qzLuVsik3QHRMZI1YC/WVMNnuNrppjKr5e9lrfHF92XX4nO7odJk9TuCT+xpn6of
+/E5XQMh0btrgRO4lFS8SBqhD32++j65EWeOVHxwwiVIw0Nq9l+5kNa3a5Rfvr03d
+/c2DvgIUmrhQkJqUEYH0009oTsx2cFNIURhgpwdXulCcaPVO8QnKE0Vz7JwmuQJH
+U1vj8wB7rbW9gszbimInb1WNjR8cGL/USnDBTtoc1GSjQyhPck/UGyh5zgrmbS5R
+HpDVvN3FM6f8nfuz8qNy7TC8umV8IUzkJ+3+bxlUnyPUV9VNuQOQJHIgWzciA0cS
+XQ==
+-----END X509 CRL-----
 ]]></artwork></figure>
 
    <t>
@@ -1007,228 +1060,230 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
    for geofeed data signatures, so no AS numbers are included in the
    end-entity certificate.</t>
 
-    <figure><artwork><![CDATA[
-    -----BEGIN CERTIFICATE-----
-    MIIEZDCCA0ygAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuwwDQYJKoZIhvcNAQEL
-    BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
-    Mzc3ODY0MjAeFw0yMzA5MTYyMTAzMjhaFw0yNDA3MTIyMTAzMjhaMDMxMTAvBgNV
-    BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
-    MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
-    yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
-    K0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZmr5xphXRvE+mzuJVLgu2V1upm
-    BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
-    tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
-    qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
-    AAGjggFuMIIBajAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
-    BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
-    Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
-    VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
-    RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
-    AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
-    c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
-    Y2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwAACMA0GCSqGSIb3DQEB
-    CwUAA4IBAQAIdkoBMQydWkkaE91zFTX6xIzzDhllfDR5bgw8C2XrAkTiWlMce+/A
-    794a7j3+fIAyDrQ1fjgPLof6I7xMaiqyNtb+5GqXNk+sHwjg6AnInZV2Xgz2X6lJ
-    dtNck25zGwfj/RZ8BxO+UUzP0JUOCTAaCed2KOVF9qWfmXeZ2HPvZVD+01G0PNKd
-    DGKzBmtWKzXsWVk00fvm+xaDs/sBTf28O907AUM+2ipuFYfWYc2mPaT3C4uK0udl
-    3/FhUzH6loqs/c1jIsL3mWd8iR2eAwBa+rsp9sc3wbnPCjFOuFZKN85nnXzrbJ6d
-    FjqNix9Z2it7TCmU89JltreRt5Q1xX+m
-    -----END CERTIFICATE-----
+<figure><artwork><![CDATA[
+-----BEGIN CERTIFICATE-----
+MIIEZDCCA0ygAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuwwDQYJKoZIhvcNAQEL
+BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
+Mzc3ODY0MjAeFw0yMzA5MTYyMTAzMjhaFw0yNDA3MTIyMTAzMjhaMDMxMTAvBgNV
+BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
+yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
+K0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZmr5xphXRvE+mzuJVLgu2V1upm
+BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
+tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
+qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
+AAGjggFuMIIBajAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
+BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
+Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
+VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
+RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
+AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
+c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
+Y2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwAACMA0GCSqGSIb3DQEB
+CwUAA4IBAQAIdkoBMQydWkkaE91zFTX6xIzzDhllfDR5bgw8C2XrAkTiWlMce+/A
+794a7j3+fIAyDrQ1fjgPLof6I7xMaiqyNtb+5GqXNk+sHwjg6AnInZV2Xgz2X6lJ
+dtNck25zGwfj/RZ8BxO+UUzP0JUOCTAaCed2KOVF9qWfmXeZ2HPvZVD+01G0PNKd
+DGKzBmtWKzXsWVk00fvm+xaDs/sBTf28O907AUM+2ipuFYfWYc2mPaT3C4uK0udl
+3/FhUzH6loqs/c1jIsL3mWd8iR2eAwBa+rsp9sc3wbnPCjFOuFZKN85nnXzrbJ6d
+FjqNix9Z2it7TCmU89JltreRt5Q1xX+m
+-----END CERTIFICATE-----
 ]]></artwork></figure>
 
     <t>
    The end-entity certificate is displayed below in detail.  For
    brevity, the other two certificates are not.</t>
 
-        <figure><artwork><![CDATA[
-   0 1124: SEQUENCE {
-   4  844:  SEQUENCE {
-   8    3:   [0] {
-  10    1:    INTEGER 2
-                 :     }
-  13   20:   INTEGER
-                 :   27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2
-                 :   B9 6E E1 66 EC
-  35   13:   SEQUENCE {
-  37    9:    OBJECT IDENTIFIER
-                 :     sha256WithRSAEncryption (1 2 840 113549 1 1 11)
-  48    0:    NULL
-                 :     }
-  50   51:   SEQUENCE {
-  52   49:    SET {
-  54   47:     SEQUENCE {
-  56    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
-  61   40:      PrintableString
-                 :      '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
-                 :       }
-                 :      }
-                 :     }
- 103   30:   SEQUENCE {
- 105   13:    UTCTime 16/09/2023 21:03:28 GMT
- 120   13:    UTCTime 12/07/2024 21:03:28 GMT
-                 :     }
- 135   51:   SEQUENCE {
- 137   49:    SET {
- 139   47:     SEQUENCE {
- 141    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
- 146   40:      PrintableString
-                 :      '914652A3BD51C144260198889F5C45ABF053A187'
-                 :       }
-                 :      }
-                 :     }
- 188  290:   SEQUENCE {
- 192   13:    SEQUENCE {
- 194    9:     OBJECT IDENTIFIER
-                 :      rsaEncryption (1 2 840 113549 1 1 1)
- 205    0:     NULL
-                 :      }
- 207  271:    BIT STRING, encapsulates {
- 212  266:     SEQUENCE {
- 216  257:      INTEGER
-                 :      00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8
-                 :      40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
-                 :      B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
-                 :      57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
-                 :      74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
-                 :      9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
-                 :      E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
-                 :      95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
-                 :      F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
-                 :      16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
-                 :      BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
-                 :      88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
-                 :      6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
-                 :      67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
-                 :      78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
-                 :      FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
-                 :      EB
- 477    3:      INTEGER 65537
-                 :       }
-                 :      }
-                 :     }
- 482  366:   [3] {
- 486  362:    SEQUENCE {
- 490   29:     SEQUENCE {
- 492    3:      OBJECT IDENTIFIER
-                 :       subjectKeyIdentifier (2 5 29 14)
- 497   22:      OCTET STRING, encapsulates {
- 499   20:       OCTET STRING
-                 :      91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
-                 :      F0 53 A1 87
-                 :        }
-                 :       }
- 521   31:     SEQUENCE {
- 523    3:      OBJECT IDENTIFIER
-                 :       authorityKeyIdentifier (2 5 29 35)
- 528   24:      OCTET STRING, encapsulates {
- 530   22:       SEQUENCE {
- 532   20:        [0]
-                 :      3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
-                 :      B3 77 86 42
-                 :         }
-                 :        }
-                 :       }
- 554   12:     SEQUENCE {
- 556    3:      OBJECT IDENTIFIER basicConstraints (2 5 29 19)
- 561    1:      BOOLEAN TRUE
- 564    2:      OCTET STRING, encapsulates {
- 566    0:       SEQUENCE {}
-                 :        }
-                 :       }
- 568   14:     SEQUENCE {
- 570    3:      OBJECT IDENTIFIER keyUsage (2 5 29 15)
- 575    1:      BOOLEAN TRUE
- 578    4:      OCTET STRING, encapsulates {
- 580    2:       BIT STRING 7 unused bits
-                 :        '1'B (bit 0)
-                 :        }
-                 :       }
- 584   24:     SEQUENCE {
- 586    3:      OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
- 591    1:      BOOLEAN TRUE
- 594   14:      OCTET STRING, encapsulates {
- 596   12:       SEQUENCE {
- 598   10:        SEQUENCE {
- 600    8:         OBJECT IDENTIFIER
-                 :          resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
-                 :          }
-                 :         }
-                 :        }
-                 :       }
- 610   97:     SEQUENCE {
- 612    3:      OBJECT IDENTIFIER
-                 :       cRLDistributionPoints (2 5 29 31)
- 617   90:      OCTET STRING, encapsulates {
- 619   88:       SEQUENCE {
- 621   86:        SEQUENCE {
- 623   84:         [0] {
- 625   82:          [0] {
- 627   80:           [6]
-                 :          'rsync://rpki.example.net/repository/3ACE'
-                 :          '2CEF4FB21B7D11E3E184EFC1E297B3778642.crl'
-                 :            }
-                 :           }
-                 :          }
-                 :         }
-                 :        }
-                 :       }
- 709  108:     SEQUENCE {
- 711    8:      OBJECT IDENTIFIER
-                 :       authorityInfoAccess (1 3 6 1 5 5 7 1 1)
- 721   96:      OCTET STRING, encapsulates {
- 723   94:       SEQUENCE {
- 725   92:        SEQUENCE {
- 727    8:         OBJECT IDENTIFIER
-                 :          caIssuers (1 3 6 1 5 5 7 48 2)
- 737   80:         [6]
-                 :          'rsync://rpki.example.net/repository/3ACE'
-                 :          '2CEF4FB21B7D11E3E184EFC1E297B3778642.cer'
-                 :          }
-                 :         }
-                 :        }
-                 :       }
- 819   31:     SEQUENCE {
- 821    8:      OBJECT IDENTIFIER
-                 :       ipAddrBlocks (1 3 6 1 5 5 7 1 7)
- 831    1:      BOOLEAN TRUE
- 834   16:      OCTET STRING, encapsulates {
- 836   14:       SEQUENCE {
- 838   12:        SEQUENCE {
- 840    2:         OCTET STRING 00 01
- 844    6:         SEQUENCE {
- 846    4:          BIT STRING
-                 :           '010000000000000000000011'B
-                 :           }
-                 :          }
-                 :         }
-                 :        }
-                 :       }
-                 :      }
-                 :     }
-                 :    }
- 852   13:  SEQUENCE {
- 854    9:   OBJECT IDENTIFIER
-                 :    sha256WithRSAEncryption (1 2 840 113549 1 1 11)
- 865    0:   NULL
-                 :    }
- 867  257:  BIT STRING
-                 :   08 76 4A 01 31 0C 9D 5A 49 1A 13 DD 73 15 35 FA
-                 :   C4 8C F3 0E 19 65 7C 34 79 6E 0C 3C 0B 65 EB 02
-                 :   44 E2 5A 53 1C 7B EF C0 EF DE 1A EE 3D FE 7C 80
-                 :   32 0E B4 35 7E 38 0F 2E 87 FA 23 BC 4C 6A 2A B2
-                 :   36 D6 FE E4 6A 97 36 4F AC 1F 08 E0 E8 09 C8 9D
-                 :   95 76 5E 0C F6 5F A9 49 76 D3 5C 93 6E 73 1B 07
-                 :   E3 FD 16 7C 07 13 BE 51 4C CF D0 95 0E 09 30 1A
-                 :   09 E7 76 28 E5 45 F6 A5 9F 99 77 99 D8 73 EF 65
-                 :   50 FE D3 51 B4 3C D2 9D 0C 62 B3 06 6B 56 2B 35
-                 :   EC 59 59 34 D1 FB E6 FB 16 83 B3 FB 01 4D FD BC
-                 :   3B DD 3B 01 43 3E DA 2A 6E 15 87 D6 61 CD A6 3D
-                 :   A4 F7 0B 8B 8A D2 E7 65 DF F1 61 53 31 FA 96 8A
-                 :   AC FD CD 63 22 C2 F7 99 67 7C 89 1D 9E 03 00 5A
-                 :   FA BB 29 F6 C7 37 C1 B9 CF 0A 31 4E B8 56 4A 37
-                 :   CE 67 9D 7C EB 6C 9E 9D 16 3A 8D 8B 1F 59 DA 2B
-                 :   7B 4C 29 94 F3 D2 65 B6 B7 91 B7 94 35 C5 7F A6
-                 :   }
+<figure><artwork><![CDATA[
+  0 1124: SEQUENCE {
+  4  844:  SEQUENCE {
+  8    3:   [0] {
+ 10    1:    INTEGER 2
+                :     }
+ 13   20:   INTEGER
+                :   27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 6E
+                :   E1 66 EC
+ 35   13:   SEQUENCE {
+ 37    9:    OBJECT IDENTIFIER
+                :     sha256WithRSAEncryption (1 2 840 113549 1 1 11)
+ 48    0:    NULL
+                :     }
+ 50   51:   SEQUENCE {
+ 52   49:    SET {
+ 54   47:     SEQUENCE {
+ 56    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
+ 61   40:      PrintableString
+                :      '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
+                :       }
+                :      }
+                :     }
+103   30:   SEQUENCE {
+105   13:    UTCTime 16/09/2023 21:03:28 GMT
+120   13:    UTCTime 12/07/2024 21:03:28 GMT
+                :     }
+135   51:   SEQUENCE {
+137   49:    SET {
+139   47:     SEQUENCE {
+141    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
+146   40:      PrintableString
+                :      '914652A3BD51C144260198889F5C45ABF053A187'
+                :       }
+                :      }
+                :     }
+188  290:   SEQUENCE {
+192   13:    SEQUENCE {
+194    9:     OBJECT IDENTIFIER
+                :      rsaEncryption (1 2 840 113549 1 1 1)
+205    0:     NULL
+                :      }
+207  271:    BIT STRING, encapsulates {
+212  266:     SEQUENCE {
+216  257:      INTEGER
+                :      00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8
+                :      40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
+                :      B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
+                :      57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
+                :      74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
+                :      9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
+                :      E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
+                :      95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
+                :      F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
+                :      16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
+                :      BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
+                :      88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
+                :      6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
+                :      67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
+                :      78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
+                :      FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
+                :      EB
+477    3:      INTEGER 65537
+                :       }
+                :      }
+                :     }
+482  366:   [3] {
+486  362:    SEQUENCE {
+490   29:     SEQUENCE {
+492    3:      OBJECT IDENTIFIER
+                :       subjectKeyIdentifier (2 5 29 14)
+497   22:      OCTET STRING, encapsulates {
+499   20:       OCTET STRING
+                :      91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
+                :      F0 53 A1 87
+                :        }
+                :       }
+521   31:     SEQUENCE {
+523    3:      OBJECT IDENTIFIER
+                :       authorityKeyIdentifier (2 5 29 35)
+528   24:      OCTET STRING, encapsulates {
+530   22:       SEQUENCE {
+532   20:        [0]
+                :      3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
+                :      B3 77 86 42
+                :         }
+                :        }
+                :       }
+554   12:     SEQUENCE {
+556    3:      OBJECT IDENTIFIER basicConstraints (2 5 29 19)
+561    1:      BOOLEAN TRUE
+564    2:      OCTET STRING, encapsulates {
+566    0:       SEQUENCE {}
+                :        }
+                :       }
+568   14:     SEQUENCE {
+570    3:      OBJECT IDENTIFIER keyUsage (2 5 29 15)
+575    1:      BOOLEAN TRUE
+578    4:      OCTET STRING, encapsulates {
+580    2:       BIT STRING 7 unused bits
+                :        '1'B (bit 0)
+                :        }
+                :       }
+584   24:     SEQUENCE {
+586    3:      OBJECT IDENTIFIER 
+        :       certificatePolicies (2 5 29 32)
+591    1:      BOOLEAN TRUE
+594   14:      OCTET STRING, encapsulates {
+596   12:       SEQUENCE {
+598   10:        SEQUENCE {
+600    8:         OBJECT IDENTIFIER
+                :          resourceCertificatePolicy
+                :          (1 3 6 1 5 5 7 14 2)
+                :          }
+                :         }
+                :        }
+                :       }
+610   97:     SEQUENCE {
+612    3:      OBJECT IDENTIFIER
+                :       cRLDistributionPoints (2 5 29 31)
+617   90:      OCTET STRING, encapsulates {
+619   88:       SEQUENCE {
+621   86:        SEQUENCE {
+623   84:         [0] {
+625   82:          [0] {
+627   80:           [6]
+                :          'rsync://rpki.example.net/repository/3ACE'
+                :          '2CEF4FB21B7D11E3E184EFC1E297B3778642.crl'
+                :            }
+                :           }
+                :          }
+                :         }
+                :        }
+                :       }
+709  108:     SEQUENCE {
+711    8:      OBJECT IDENTIFIER
+                :       authorityInfoAccess (1 3 6 1 5 5 7 1 1)
+721   96:      OCTET STRING, encapsulates {
+723   94:       SEQUENCE {
+725   92:        SEQUENCE {
+727    8:         OBJECT IDENTIFIER
+                :          caIssuers (1 3 6 1 5 5 7 48 2)
+737   80:         [6]
+                :          'rsync://rpki.example.net/repository/3ACE'
+                :          '2CEF4FB21B7D11E3E184EFC1E297B3778642.cer'
+                :          }
+                :         }
+                :        }
+                :       }
+819   31:     SEQUENCE {
+821    8:      OBJECT IDENTIFIER
+                :       ipAddrBlocks (1 3 6 1 5 5 7 1 7)
+831    1:      BOOLEAN TRUE
+834   16:      OCTET STRING, encapsulates {
+836   14:       SEQUENCE {
+838   12:        SEQUENCE {
+840    2:         OCTET STRING 00 01
+844    6:         SEQUENCE {
+846    4:          BIT STRING
+                :           '010000000000000000000011'B
+                :           }
+                :          }
+                :         }
+                :        }
+                :       }
+                :      }
+                :     }
+                :    }
+852   13:  SEQUENCE {
+854    9:   OBJECT IDENTIFIER
+                :    sha256WithRSAEncryption (1 2 840 113549 1 1 11)
+865    0:   NULL
+                :    }
+867  257:  BIT STRING
+                :   08 76 4A 01 31 0C 9D 5A 49 1A 13 DD 73 15 35 FA
+                :   C4 8C F3 0E 19 65 7C 34 79 6E 0C 3C 0B 65 EB 02
+                :   44 E2 5A 53 1C 7B EF C0 EF DE 1A EE 3D FE 7C 80
+                :   32 0E B4 35 7E 38 0F 2E 87 FA 23 BC 4C 6A 2A B2
+                :   36 D6 FE E4 6A 97 36 4F AC 1F 08 E0 E8 09 C8 9D
+                :   95 76 5E 0C F6 5F A9 49 76 D3 5C 93 6E 73 1B 07
+                :   E3 FD 16 7C 07 13 BE 51 4C CF D0 95 0E 09 30 1A
+                :   09 E7 76 28 E5 45 F6 A5 9F 99 77 99 D8 73 EF 65
+                :   50 FE D3 51 B4 3C D2 9D 0C 62 B3 06 6B 56 2B 35
+                :   EC 59 59 34 D1 FB E6 FB 16 83 B3 FB 01 4D FD BC
+                :   3B DD 3B 01 43 3E DA 2A 6E 15 87 D6 61 CD A6 3D
+                :   A4 F7 0B 8B 8A D2 E7 65 DF F1 61 53 31 FA 96 8A
+                :   AC FD CD 63 22 C2 F7 99 67 7C 89 1D 9E 03 00 5A
+                :   FA BB 29 F6 C7 37 C1 B9 CF 0A 31 4E B8 56 4A 37
+                :   CE 67 9D 7C EB 6C 9E 9D 16 3A 8D 8B 1F 59 DA 2B
+                :   7B 4C 29 94 F3 D2 65 B6 B7 91 B7 94 35 C5 7F A6
+                :   }
 ]]></artwork></figure>
 
    <t>
@@ -1236,81 +1291,80 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
    private key is provided.  For brevity, the other two private
    keys are not.</t>
 
-        <figure><artwork><![CDATA[
-    -----BEGIN RSA PRIVATE KEY-----
-    MIIEpQIBAAKCAQEAsnE0Kzm/6gdlt4tyovD4QPwxFsootk4BqPaYAsDvZbCESOmW
-    /5Pmkollj/ZEnM5XEILTwlcK+toU0GQiKMATdAS9HCtP+ZNYpiXYuanTN57yrMDP
-    Ap6EddbwfKUBcK7mZq+caYV0bxPps7iVS4LtldbqZgV7lpaHsprnYellifhg48D1
-    zt0YlwXowazhTV4WhS3tPMuAz36/0v7VyTgZu0M0KbZmzy2LRn6a2LuOZYhRaqj/
-    eFHi6SEn13d+gChs6kxQnHNxFvZeVBRNTBS5Z6BKIKraC6CgAbdCJDhRingvxIHm
-    gXVi3uOvXXQva0H7ecOoOnJsRvmmA3SBAd+M6wIDAQABAoIBAQCyB0FeMuKm8bRo
-    18aKjFGSPEoZi53srIz5bvUgIi92TBLez7ZnzL6Iym26oJ+5th+lCHGO/dqlhXio
-    pI50C5Yc9TFbblb/ECOsuCuuqKFjZ8CD3GVsHozXKJeMM+/o5YZXQrORj6UnwT0z
-    ol/JE5pIGUCIgsXX6tz9s5BP3lUAvVQHsv6+vEVKLxQ3wj/1vIL8O/CN036EV0GJ
-    mpkwmygPjfECT9wbWo0yn3jxJb36+M/QjjUP28oNIVn/IKoPZRXnqchEbuuCJ651
-    IsaFSqtiThm4WZtvCH/IDq+6/dcMucmTjIRcYwW7fdHfjplllVPve9c/OmpWEQvF
-    t3ArWUt5AoGBANs4764yHxo4mctLIE7G7l/tf9bP4KKUiYw4R4ByEocuqMC4yhmt
-    MPCfOFLOQet71OWCkjP2L/7EKUe9yx7G5KmxAHY6jOjvcRkvGsl6lWFOsQ8p126M
-    Y9hmGzMOjtsdhAiMmOWKzjvm4WqfMgghQe+PnjjSVkgTt+7BxpIuGBAvAoGBANBg
-    26FF5cDLpixOd3Za1YXsOgguwCaw3Plvi7vUZRpa/zBMELEtyOebfakkIRWNm07l
-    nE+lAZwxm+29PTD0nqCFE91teyzjnQaLO5kkAdJiFuVV3icLOGo399FrnJbKensm
-    FGSli+3KxQhCNIJJfgWzq4bE0ioAMjdGbYXzIYQFAoGBAM6tuDJ36KDU+hIS6wu6
-    O2TPSfZhF/zPo3pCWQ78/QDb+Zdw4IEiqoBA7F4NPVLg9Y/H8UTx9r/veqe7hPOo
-    Ok7NpIzSmKTHkc5XfZ60Zn9OLFoKbaQ40a1kXoJdWEu2YROaUlAe9F6/Rog6PHYz
-    vLE5qscRbu0XQhLkN+z7bg5bAoGBAKDsbDEb/dbqbyaAYpmwhH2sdRSkphg7Niwc
-    DNm9qWa1J6Zw1+M87I6Q8naRREuU1IAVqqWHVLr/ROBQ6NTJ1Uc5/qFeT2XXUgkf
-    taMKv61tuyjZK3sTmznMh0HfzUpWjEhWnCEuB+ZYVdmO52ZGw2A75RdrILL2+9Dc
-    PvDXVubRAoGAdqXeSWoLxuzZXzl8rsaKrQsTYaXnOWaZieU1SL5vVe8nK257UDqZ
-    E3ng2j5XPTUWli+aNGFEJGRoNtcQvO60O/sFZUhu52sqq9mWVYZNh1TB5aP8X+pV
-    iFcZOLUvQEcN6PA+YQK5FU11rAI1M0Gm5RDnVnUl0L2xfCYxb7FzV6Y=
-    -----END RSA PRIVATE KEY-----
+    <figure><artwork><![CDATA[
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAsnE0Kzm/6gdlt4tyovD4QPwxFsootk4BqPaYAsDvZbCESOmW
+/5Pmkollj/ZEnM5XEILTwlcK+toU0GQiKMATdAS9HCtP+ZNYpiXYuanTN57yrMDP
+Ap6EddbwfKUBcK7mZq+caYV0bxPps7iVS4LtldbqZgV7lpaHsprnYellifhg48D1
+zt0YlwXowazhTV4WhS3tPMuAz36/0v7VyTgZu0M0KbZmzy2LRn6a2LuOZYhRaqj/
+eFHi6SEn13d+gChs6kxQnHNxFvZeVBRNTBS5Z6BKIKraC6CgAbdCJDhRingvxIHm
+gXVi3uOvXXQva0H7ecOoOnJsRvmmA3SBAd+M6wIDAQABAoIBAQCyB0FeMuKm8bRo
+18aKjFGSPEoZi53srIz5bvUgIi92TBLez7ZnzL6Iym26oJ+5th+lCHGO/dqlhXio
+pI50C5Yc9TFbblb/ECOsuCuuqKFjZ8CD3GVsHozXKJeMM+/o5YZXQrORj6UnwT0z
+ol/JE5pIGUCIgsXX6tz9s5BP3lUAvVQHsv6+vEVKLxQ3wj/1vIL8O/CN036EV0GJ
+mpkwmygPjfECT9wbWo0yn3jxJb36+M/QjjUP28oNIVn/IKoPZRXnqchEbuuCJ651
+IsaFSqtiThm4WZtvCH/IDq+6/dcMucmTjIRcYwW7fdHfjplllVPve9c/OmpWEQvF
+t3ArWUt5AoGBANs4764yHxo4mctLIE7G7l/tf9bP4KKUiYw4R4ByEocuqMC4yhmt
+MPCfOFLOQet71OWCkjP2L/7EKUe9yx7G5KmxAHY6jOjvcRkvGsl6lWFOsQ8p126M
+Y9hmGzMOjtsdhAiMmOWKzjvm4WqfMgghQe+PnjjSVkgTt+7BxpIuGBAvAoGBANBg
+26FF5cDLpixOd3Za1YXsOgguwCaw3Plvi7vUZRpa/zBMELEtyOebfakkIRWNm07l
+nE+lAZwxm+29PTD0nqCFE91teyzjnQaLO5kkAdJiFuVV3icLOGo399FrnJbKensm
+FGSli+3KxQhCNIJJfgWzq4bE0ioAMjdGbYXzIYQFAoGBAM6tuDJ36KDU+hIS6wu6
+O2TPSfZhF/zPo3pCWQ78/QDb+Zdw4IEiqoBA7F4NPVLg9Y/H8UTx9r/veqe7hPOo
+Ok7NpIzSmKTHkc5XfZ60Zn9OLFoKbaQ40a1kXoJdWEu2YROaUlAe9F6/Rog6PHYz
+vLE5qscRbu0XQhLkN+z7bg5bAoGBAKDsbDEb/dbqbyaAYpmwhH2sdRSkphg7Niwc
+DNm9qWa1J6Zw1+M87I6Q8naRREuU1IAVqqWHVLr/ROBQ6NTJ1Uc5/qFeT2XXUgkf
+taMKv61tuyjZK3sTmznMh0HfzUpWjEhWnCEuB+ZYVdmO52ZGw2A75RdrILL2+9Dc
+PvDXVubRAoGAdqXeSWoLxuzZXzl8rsaKrQsTYaXnOWaZieU1SL5vVe8nK257UDqZ
+E3ng2j5XPTUWli+aNGFEJGRoNtcQvO60O/sFZUhu52sqq9mWVYZNh1TB5aP8X+pV
+iFcZOLUvQEcN6PA+YQK5FU11rAI1M0Gm5RDnVnUl0L2xfCYxb7FzV6Y=
+-----END RSA PRIVATE KEY-----
 ]]></artwork></figure>
 
     <t>
    Signing of "192.0.2.0/24,US,WA,Seattle," (terminated by CR and LF),
    yields the following detached CMS signature.</t>
 
-        <figure><artwork><![CDATA[
-    # RPKI Signature: 192.0.2.0/24
-    # MIIGTgYJKoZIhvcNAQcCoIIGPzCCBjsCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
-    # IhvcNAQkQAS+gggRoMIIEZDCCA0ygAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
-    # wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExR
-    # TNFMTg0RUZDMUUyOTdCMzc3ODY0MjAeFw0yMzA5MTYyMTAzMjhaFw0yNDA3MTIy
-    # MTAzMjhaMDMxMTAvBgNVBAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM
-    # 0NUFCRjA1M0ExODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycT
-    # QrOb/qB2W3i3Ki8PhA/DEWyii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQg
-    # tPCVwr62hTQZCIowBN0BL0cK0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZm
-    # r5xphXRvE+mzuJVLgu2V1upmBXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXha
-    # FLe08y4DPfr/S/tXJOBm7QzQptmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKG
-    # zqTFCcc3EW9l5UFE1MFLlnoEogqtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQ
-    # ft5w6g6cmxG+aYDdIEB34zrAgMBAAGjggFuMIIBajAdBgNVHQ4EFgQUkUZSo71R
-    # wUQmAZiIn1xFq/BToYcwHwYDVR0jBBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkI
-    # wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBg
-    # grBgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZ
-    # S5uZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5
-    # N0IzNzc4NjQyLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5
-    # jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0
-    # QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwD
-    # jAMBAIAATAGAwQAwAACMA0GCSqGSIb3DQEBCwUAA4IBAQAIdkoBMQydWkkaE91z
-    # FTX6xIzzDhllfDR5bgw8C2XrAkTiWlMce+/A794a7j3+fIAyDrQ1fjgPLof6I7x
-    # MaiqyNtb+5GqXNk+sHwjg6AnInZV2Xgz2X6lJdtNck25zGwfj/RZ8BxO+UUzP0J
-    # UOCTAaCed2KOVF9qWfmXeZ2HPvZVD+01G0PNKdDGKzBmtWKzXsWVk00fvm+xaDs
-    # /sBTf28O907AUM+2ipuFYfWYc2mPaT3C4uK0udl3/FhUzH6loqs/c1jIsL3mWd8
-    # iR2eAwBa+rsp9sc3wbnPCjFOuFZKN85nnXzrbJ6dFjqNix9Z2it7TCmU89Jltre
-    # Rt5Q1xX+mMYIBqjCCAaYCAQOAFJFGUqO9UcFEJgGYiJ9cRavwU6GHMAsGCWCGSA
-    # FlAwQCAaBrMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABLzAcBgkqhkiG9w0BC
-    # QUxDxcNMjMwOTE2MjEwMzI4WjAvBgkqhkiG9w0BCQQxIgQgK+LynlLxySDbBNGE
-    # MFDMaKOPKqzlPoj7hW0EfKl9wRYwDQYJKoZIhvcNAQEBBQAEggEAm1SGhxyTWRb
-    # jf+ewdePchggMKR8zY7FRy+Z5ietrNaWkF2ZgqluVmm3mRDpQDeqTYrcTcBdR3o
-    # szs89XxWNf81Afs1mBcUdgPHxcghJNoVsDFmcPd+LEFikOtGjaFCwS2meF3RYaM
-    # 51jKer8SObP9nqV1JdPYzaArIpzhjHUA1wktTblEmg9lEOJPqALMI9uL7ngcKaE
-    # w4omrcNSBXt9vqge/I5wG7q9tMw2RRcYXTj1XG6nSm7bo9L4JQfBrsubaANmGO9
-    # NEAZeHyTQq7TzO9w7KBsB3Cg8qRhCzAY8bznt+r1DVPpQj4EHUBizYUMQRCxD5o
-    # IUjEELzssfleF8pQ==
-    # End Signature: 192.0.2.0/24
+    <figure><artwork><![CDATA[
+# RPKI Signature: 192.0.2.0/24
+# MIIGTgYJKoZIhvcNAQcCoIIGPzCCBjsCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
+# IhvcNAQkQAS+gggRoMIIEZDCCA0ygAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
+# wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExR
+# TNFMTg0RUZDMUUyOTdCMzc3ODY0MjAeFw0yMzA5MTYyMTAzMjhaFw0yNDA3MTIy
+# MTAzMjhaMDMxMTAvBgNVBAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM
+# 0NUFCRjA1M0ExODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycT
+# QrOb/qB2W3i3Ki8PhA/DEWyii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQg
+# tPCVwr62hTQZCIowBN0BL0cK0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZm
+# r5xphXRvE+mzuJVLgu2V1upmBXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXha
+# FLe08y4DPfr/S/tXJOBm7QzQptmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKG
+# zqTFCcc3EW9l5UFE1MFLlnoEogqtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQ
+# ft5w6g6cmxG+aYDdIEB34zrAgMBAAGjggFuMIIBajAdBgNVHQ4EFgQUkUZSo71R
+# wUQmAZiIn1xFq/BToYcwHwYDVR0jBBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkI
+# wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBg
+# grBgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZ
+# S5uZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5
+# N0IzNzc4NjQyLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5
+# jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0
+# QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwD
+# jAMBAIAATAGAwQAwAACMA0GCSqGSIb3DQEBCwUAA4IBAQAIdkoBMQydWkkaE91z
+# FTX6xIzzDhllfDR5bgw8C2XrAkTiWlMce+/A794a7j3+fIAyDrQ1fjgPLof6I7x
+# MaiqyNtb+5GqXNk+sHwjg6AnInZV2Xgz2X6lJdtNck25zGwfj/RZ8BxO+UUzP0J
+# UOCTAaCed2KOVF9qWfmXeZ2HPvZVD+01G0PNKdDGKzBmtWKzXsWVk00fvm+xaDs
+# /sBTf28O907AUM+2ipuFYfWYc2mPaT3C4uK0udl3/FhUzH6loqs/c1jIsL3mWd8
+# iR2eAwBa+rsp9sc3wbnPCjFOuFZKN85nnXzrbJ6dFjqNix9Z2it7TCmU89Jltre
+# Rt5Q1xX+mMYIBqjCCAaYCAQOAFJFGUqO9UcFEJgGYiJ9cRavwU6GHMAsGCWCGSA
+# FlAwQCAaBrMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABLzAcBgkqhkiG9w0BC
+# QUxDxcNMjMwOTE2MjEwMzI4WjAvBgkqhkiG9w0BCQQxIgQgK+LynlLxySDbBNGE
+# MFDMaKOPKqzlPoj7hW0EfKl9wRYwDQYJKoZIhvcNAQEBBQAEggEAm1SGhxyTWRb
+# jf+ewdePchggMKR8zY7FRy+Z5ietrNaWkF2ZgqluVmm3mRDpQDeqTYrcTcBdR3o
+# szs89XxWNf81Afs1mBcUdgPHxcghJNoVsDFmcPd+LEFikOtGjaFCwS2meF3RYaM
+# 51jKer8SObP9nqV1JdPYzaArIpzhjHUA1wktTblEmg9lEOJPqALMI9uL7ngcKaE
+# w4omrcNSBXt9vqge/I5wG7q9tMw2RRcYXTj1XG6nSm7bo9L4JQfBrsubaANmGO9
+# NEAZeHyTQq7TzO9w7KBsB3Cg8qRhCzAY8bznt+r1DVPpQj4EHUBizYUMQRCxD5o
+# IUjEELzssfleF8pQ==
+# End Signature: 192.0.2.0/24
 ]]></artwork></figure>
 
-        </section>
-        </back>
-
-        </rfc>
+      </section>
+    </back>
+  </rfc>