diff --git a/draft-ietf-opsawg-9092-update.xml b/draft-ietf-opsawg-9092-update.xml
index cb1ebda..be98425 100644
--- a/draft-ietf-opsawg-9092-update.xml
+++ b/draft-ietf-opsawg-9092-update.xml
@@ -473,9 +473,11 @@
         format="default"/>.
       </t>
       <t>
-        The address range of the signing certificate MUST
-        cover all prefixes in the geofeed file it signs.
-      </t>
+        The address range of the signing certificate MUST cover all
+        prefixes on the geofeed file it signs.  The certificate MUST NOT
+        include the Autonomous System Identifier Delegation certificate
+        extension <xref target="RFC3779"/>.
+         </t>
       <t>
         An address range A "covers" address range B if the range of B is
         identical to or a subset of A. "Address range" is used here
@@ -912,7 +914,8 @@
       <t>
       The trust anchor is represented by a self-signed certificate.  As
       usual in the RPKI, the trust anchor has authority over all IPv4
-      address blocks, all IPv6 address blocks, and all Autonomous System (AS) numbers.
+      address blocks, all IPv6 address blocks, and all Autonomous System
+      (AS) numbers.
       </t>
       <sourcecode type=""><![CDATA[
     -----BEGIN CERTIFICATE-----
@@ -978,16 +981,16 @@
     -----END CERTIFICATE-----
 ]]></sourcecode>
       <t>
-   The end-entity certificate is issued by the CA.  This
-   certificate grants signature authority for one IPv4 address block
-   (192.0.2.0/24).  Signature authority for AS numbers is not needed for
-   geofeed data signatures, so no AS numbers are included in the
-   certificate.</t>
+   The end-entity certificate is issued by the CA.  This certificate
+   grants signature authority for one IPv4 address block (192.0.2.0/24).
+   Signature authority for AS numbers is not needed for geofeed data
+   signatures, so AS numbers MUST NOT be included in the certificate.
+      </t>
       <sourcecode type=""><![CDATA[
     -----BEGIN CERTIFICATE-----
-    MIIEpTCCA42gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuQwDQYJKoZIhvcNAQEL
+    MIIEXjCCA0agAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuUwDQYJKoZIhvcNAQEL
     BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
-    Mzc3ODY0MjAeFw0yMTA1MjAxNjA1NDVaFw0yMjAzMTYxNjA1NDVaMDMxMTAvBgNV
+    Mzc3ODY0MjAeFw0yMzA5MTIyMTI0MzJaFw0yNDA3MDgyMTI0MzJaMDMxMTAvBgNV
     BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
     MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
     yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
@@ -995,21 +998,20 @@
     BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
     tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
     qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
-    AAGjggGvMIIBqzAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
+    AAGjggFoMIIBZDAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
     BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
     Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
     VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
     RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
     AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
     c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
-    Y2VyMBkGCCsGAQUFBwEHAQH/BAowCDAGBAIAAQUAMEUGCCsGAQUFBwELBDkwNzA1
-    BggrBgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmV4YW1wbGUubmV0L25vdGlmaWNhdGlv
-    bi54bWwwDQYJKoZIhvcNAQELBQADggEBAEjC98gVp0Mb7uiKaHylP0453mtJ+AkN
-    07fsK/qGw/e90DJv7cp1hvjj4uy3sgf7PJQ7cKNGrgybq/lE0jce+ARgVjbi2Brz
-    ZsWAnB846Snwsktw6cenaif6Aww6q00NspAepMBd2Vg/9sKFvOwJFVOgNcqiQiXP
-    5rGJPWBcOMv52a/7adjfXwpnOijiTOgMloQGmC2TPZpydZKjlxEATdFEQssa33xD
-    nlpp+/r9xuNVYRtRcC36oWraVA3jzN6F6rDE8r8xs3ylISVz6JeCQ4YRYwbMsjjc
-    /tiJLM7ZYxIe5IrYz1ZtN6n/SEssJAswRIgps2EhCt/HS2xAmGCOhgU=
+    Y2VyMBkGCCsGAQUFBwEHAQH/BAowCDAGBAIAAQUAMA0GCSqGSIb3DQEBCwUAA4IB
+    AQDQhboLqwjpRHppCszugzqgaH29mEzCDvkbtWbfo97u2Edf/gRtfUoJ0hxherfH
+    faBdkS/yCQSgZXnA1UwnsnkavoRlOtlKLMicZ/Al6O8ef9DPpm01yz09Zu94UFie
+    TCRJQorJ3d4aURC/7Ox/MXoQRdffwT2swSKkWst/r7FL6JN5ZdIznWjnOErQXXbM
+    Dxp361/3TXUjX5fvNkKf/tivaOCngoBpG1FLSN62gAiVWQhunXO7nP+1ugw+aCvP
+    5l7FXEvVmTscrmy5SETQiDKIDwB+BlwfFdHufmKSpsaasRGbIe6e1SzmpBsymj+Z
+    ppLVbCS7uCs/8yKfjZdkVI7K
     -----END CERTIFICATE-----
 ]]></sourcecode>
       <t>
@@ -1017,197 +1019,179 @@
       brevity, the other two certificates are not.
       </t>
       <sourcecode type=""><![CDATA[
-    0 1189: SEQUENCE {
-    4  909:  SEQUENCE {
-    8    3:   [0] {
-   10    1:    INTEGER 2
-          :     }
-   13   20:   INTEGER 27AD394083D7F2B5B99B8670C775B2B96EE166E4
-   35   13:   SEQUENCE {
-   37    9:    OBJECT IDENTIFIER
-          :     sha256WithRSAEncryption (1 2 840 113549 1 1 11)
-   48    0:    NULL
-          :     }
-   50   51:   SEQUENCE {
-   52   49:    SET {
-   54   47:     SEQUENCE {
-   56    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
-   61   40:      PrintableString
-          :       '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
-          :       }
-          :      }
-          :     }
-  103   30:   SEQUENCE {
-  105   13:    UTCTime 20/05/2021 16:05:45 GMT
-  120   13:    UTCTime 16/03/2022 16:05:45 GMT
-          :     }
-  135   51:   SEQUENCE {
-  137   49:    SET {
-  139   47:     SEQUENCE {
-  141    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
-  146   40:      PrintableString
-          :       '914652A3BD51C144260198889F5C45ABF053A187'
-          :       }
-          :      }
-          :     }
-  188  290:   SEQUENCE {
-  192   13:    SEQUENCE {
-  194    9:     OBJECT IDENTIFIER rsaEncryption
-          :      (1 2 840 113549 1 1 1)
-  205    0:     NULL
-          :      }
-  207  271:    BIT STRING, encapsulates {
-  212  266:     SEQUENCE {
-  216  257:      INTEGER
-          :       00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8
-          :       40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
-          :       B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
-          :       57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
-          :       74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
-          :       9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
-          :       E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
-          :       95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
-          :       F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
-          :       16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
-          :       BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
-          :       88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
-          :       6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
-          :       67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
-          :       78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
-          :       FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
-          :       EB
-  477    3:      INTEGER 65537
-          :       }
-          :      }
-          :     }
-  482  431:   [3] {
-  486  427:    SEQUENCE {
-  490   29:     SEQUENCE {
-  492    3:      OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
-  497   22:      OCTET STRING, encapsulates {
-  499   20:       OCTET STRING
-          :        91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
-          :        F0 53 A1 87
-          :        }
-          :       }
-  521   31:     SEQUENCE {
-  523    3:      OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
-  528   24:      OCTET STRING, encapsulates {
-  530   22:       SEQUENCE {
-  532   20:        [0]
-          :         3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
-          :         B3 77 86 42
-          :         }
-          :        }
-          :       }
-  554   12:     SEQUENCE {
-  556    3:      OBJECT IDENTIFIER basicConstraints (2 5 29 19)
-  561    1:      BOOLEAN TRUE
-  564    2:      OCTET STRING, encapsulates {
-  566    0:       SEQUENCE {}
-          :        }
-          :       }
-  568   14:     SEQUENCE {
-  570    3:      OBJECT IDENTIFIER keyUsage (2 5 29 15)
-  575    1:      BOOLEAN TRUE
-  578    4:      OCTET STRING, encapsulates {
-  580    2:       BIT STRING 7 unused bits
-          :        '1'B (bit 0)
-          :        }
-          :       }
-  584   24:     SEQUENCE {
-  586    3:      OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
-  591    1:      BOOLEAN TRUE
-  594   14:      OCTET STRING, encapsulates {
-  596   12:       SEQUENCE {
-  598   10:        SEQUENCE {
-  600    8:         OBJECT IDENTIFIER
-          :          resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
-          :          }
-          :         }
-          :        }
-          :       }
-  610   97:     SEQUENCE {
-  612    3:      OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
-  617   90:      OCTET STRING, encapsulates {
-  619   88:       SEQUENCE {
-  621   86:        SEQUENCE {
-  623   84:         [0] {
-  625   82:          [0] {
-  627   80:           [6]
-          :          'rsync://rpki.example.net/repository/3ACE2CEF4F'
-          :          'B21B7D11E3E184EFC1E297B3778642.crl'
-          :            }
-          :           }
-          :          }
-          :         }
-          :        }
-          :       }
-  709  108:     SEQUENCE {
-  711    8:      OBJECT IDENTIFIER authorityInfoAccess
-          :       (1 3 6 1 5 5 7 1 1)
-  721   96:      OCTET STRING, encapsulates {
-  723   94:       SEQUENCE {
-  725   92:        SEQUENCE {
-  727    8:         OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2)
-  737   80:         [6]
-          :          'rsync://rpki.example.net/repository/3ACE2CEF4F'
-          :          'B21B7D11E3E184EFC1E297B3778642.cer'
-          :          }
-          :         }
-          :        }
-          :       }
-  819   25:     SEQUENCE {
-  821    8:      OBJECT IDENTIFIER ipAddrBlocks (1 3 6 1 5 5 7 1 7)
-  831    1:      BOOLEAN TRUE
-  834   10:      OCTET STRING, encapsulates {
-  836    8:       SEQUENCE {
-  838    6:        SEQUENCE {
-  840    2:         OCTET STRING 00 01
-  844    0:         NULL
-          :          }
-          :         }
-          :        }
-          :       }
-  846   69:     SEQUENCE {
-  848    8:      OBJECT IDENTIFIER subjectInfoAccess
-          :       (1 3 6 1 5 5 7 1 11)
-  858   57:      OCTET STRING, encapsulates {
-  860   55:       SEQUENCE {
-  862   53:        SEQUENCE {
-  864    8:         OBJECT IDENTIFIER '1 3 6 1 5 5 7 48 13'
-  874   41:         [6]
-          :          'https://rrdp.example.net/notification.xml'
-          :          }
-          :         }
-          :        }
-          :       }
-          :      }
-          :     }
-          :    }
-  917   13:  SEQUENCE {
-  919    9:   OBJECT IDENTIFIER sha256WithRSAEncryption
-          :    (1 2 840 113549 1 1 11)
-  930    0:   NULL
-          :    }
-  932  257:  BIT STRING
-          :   48 C2 F7 C8 15 A7 43 1B EE E8 8A 68 7C A5 3F 4E
-          :   39 DE 6B 49 F8 09 0D D3 B7 EC 2B FA 86 C3 F7 BD
-          :   D0 32 6F ED CA 75 86 F8 E3 E2 EC B7 B2 07 FB 3C
-          :   94 3B 70 A3 46 AE 0C 9B AB F9 44 D2 37 1E F8 04
-          :   60 56 36 E2 D8 1A F3 66 C5 80 9C 1F 38 E9 29 F0
-          :   B2 4B 70 E9 C7 A7 6A 27 FA 03 0C 3A AB 4D 0D B2
-          :   90 1E A4 C0 5D D9 58 3F F6 C2 85 BC EC 09 15 53
-          :   A0 35 CA A2 42 25 CF E6 B1 89 3D 60 5C 38 CB F9
-          :   D9 AF FB 69 D8 DF 5F 0A 67 3A 28 E2 4C E8 0C 96
-          :   84 06 98 2D 93 3D 9A 72 75 92 A3 97 11 00 4D D1
-          :   44 42 CB 1A DF 7C 43 9E 5A 69 FB FA FD C6 E3 55
-          :   61 1B 51 70 2D FA A1 6A DA 54 0D E3 CC DE 85 EA
-          :   B0 C4 F2 BF 31 B3 7C A5 21 25 73 E8 97 82 43 86
-          :   11 63 06 CC B2 38 DC FE D8 89 2C CE D9 63 12 1E
-          :   E4 8A D8 CF 56 6D 37 A9 FF 48 4B 2C 24 0B 30 44
-          :   88 29 B3 61 21 0A DF C7 4B 6C 40 98 60 8E 86 05
-          :   }
+   0 1118: SEQUENCE {
+   4  838:   SEQUENCE {
+   8    3:     [0] {
+  10    1:       INTEGER 2
+         :       }
+  13   20:     INTEGER 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 6E E1 66 E5
+  35   13:     SEQUENCE {
+  37    9:       OBJECT IDENTIFIER
+         :         sha256WithRSAEncryption (1 2 840 113549 1 1 11)
+  48    0:       NULL
+         :       }
+  50   51:     SEQUENCE {
+  52   49:       SET {
+  54   47:         SEQUENCE {
+  56    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
+  61   40:           PrintableString '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
+         :           }
+         :         }
+         :       }
+ 103   30:     SEQUENCE {
+ 105   13:       UTCTime 12/09/2023 21:24:32 GMT
+ 120   13:       UTCTime 08/07/2024 21:24:32 GMT
+         :       }
+ 135   51:     SEQUENCE {
+ 137   49:       SET {
+ 139   47:         SEQUENCE {
+ 141    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
+ 146   40:           PrintableString '914652A3BD51C144260198889F5C45ABF053A187'
+         :           }
+         :         }
+         :       }
+ 188  290:     SEQUENCE {
+ 192   13:       SEQUENCE {
+ 194    9:         OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
+ 205    0:         NULL
+         :         }
+ 207  271:       BIT STRING, encapsulates {
+ 212  266:         SEQUENCE {
+ 216  257:           INTEGER
+         :             00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8
+         :             40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
+         :             B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
+         :             57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
+         :             74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
+         :             9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
+         :             E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
+         :             95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
+         :             F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
+         :             16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
+         :             BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
+         :             88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
+         :             6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
+         :             67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
+         :             78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
+         :             FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
+         :             EB
+ 477    3:           INTEGER 65537
+         :           }
+         :         }
+         :       }
+ 482  360:     [3] {
+ 486  356:       SEQUENCE {
+ 490   29:         SEQUENCE {
+ 492    3:           OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
+ 497   22:           OCTET STRING, encapsulates {
+ 499   20:             OCTET STRING
+         :               91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
+         :               F0 53 A1 87
+         :             }
+         :           }
+ 521   31:         SEQUENCE {
+ 523    3:           OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
+ 528   24:           OCTET STRING, encapsulates {
+ 530   22:             SEQUENCE {
+ 532   20:               [0]
+         :                 3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
+         :                 B3 77 86 42
+         :               }
+         :             }
+         :           }
+ 554   12:         SEQUENCE {
+ 556    3:           OBJECT IDENTIFIER basicConstraints (2 5 29 19)
+ 561    1:           BOOLEAN TRUE
+ 564    2:           OCTET STRING, encapsulates {
+ 566    0:             SEQUENCE {}
+         :             }
+         :           }
+ 568   14:         SEQUENCE {
+ 570    3:           OBJECT IDENTIFIER keyUsage (2 5 29 15)
+ 575    1:           BOOLEAN TRUE
+ 578    4:           OCTET STRING, encapsulates {
+ 580    2:             BIT STRING 7 unused bits
+         :               '1'B (bit 0)
+         :             }
+         :           }
+ 584   24:         SEQUENCE {
+ 586    3:           OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
+ 591    1:           BOOLEAN TRUE
+ 594   14:           OCTET STRING, encapsulates {
+ 596   12:             SEQUENCE {
+ 598   10:               SEQUENCE {
+ 600    8:                 OBJECT IDENTIFIER
+         :                   resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
+         :                 }
+         :               }
+         :             }
+         :           }
+ 610   97:         SEQUENCE {
+ 612    3:           OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
+ 617   90:           OCTET STRING, encapsulates {
+ 619   88:             SEQUENCE {
+ 621   86:               SEQUENCE {
+ 623   84:                 [0] {
+ 625   82:                   [0] {
+ 627   80:                     [6]
+         :                   'rsync://rpki.example.net/repository/3ACE2CEF4FB2'
+         :                   '1B7D11E3E184EFC1E297B3778642.crl'
+         :                     }
+         :                   }
+         :                 }
+         :               }
+         :             }
+         :           }
+ 709  108:         SEQUENCE {
+ 711    8:           OBJECT IDENTIFIER authorityInfoAccess (1 3 6 1 5 5 7 1 1)
+ 721   96:           OCTET STRING, encapsulates {
+ 723   94:             SEQUENCE {
+ 725   92:               SEQUENCE {
+ 727    8:                 OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2)
+ 737   80:                 [6]
+         :                   'rsync://rpki.example.net/repository/3ACE2CEF4FB2'
+         :                   '1B7D11E3E184EFC1E297B3778642.cer'
+         :                 }
+         :               }
+         :             }
+         :           }
+ 819   25:         SEQUENCE {
+ 821    8:           OBJECT IDENTIFIER ipAddrBlocks (1 3 6 1 5 5 7 1 7)
+ 831    1:           BOOLEAN TRUE
+ 834   10:           OCTET STRING, encapsulates {
+ 836    8:             SEQUENCE {
+ 838    6:               SEQUENCE {
+ 840    2:                 OCTET STRING 00 01
+ 844    0:                 NULL
+         :                 }
+         :               }
+         :             }
+         :           }
+         :         }
+         :       }
+         :     }
+ 846   13:   SEQUENCE {
+ 848    9:     OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11)
+ 859    0:     NULL
+         :     }
+ 861  257:   BIT STRING
+         :     D0 85 BA 0B AB 08 E9 44 7A 69 0A CC EE 83 3A A0
+         :     68 7D BD 98 4C C2 0E F9 1B B5 66 DF A3 DE EE D8
+         :     47 5F FE 04 6D 7D 4A 09 D2 1C 61 7A B7 C7 7D A0
+         :     5D 91 2F F2 09 04 A0 65 79 C0 D5 4C 27 B2 79 1A
+         :     BE 84 65 3A D9 4A 2C C8 9C 67 F0 25 E8 EF 1E 7F
+         :     D0 CF A6 6D 35 CB 3D 3D 66 EF 78 50 58 9E 4C 24
+         :     49 42 8A C9 DD DE 1A 51 10 BF EC EC 7F 31 7A 10
+         :     45 D7 DF C1 3D AC C1 22 A4 5A CB 7F AF B1 4B E8
+         :     93 79 65 D2 33 9D 68 E7 38 4A D0 5D 76 CC 0F 1A
+         :     77 EB 5F F7 4D 75 23 5F 97 EF 36 42 9F FE D8 AF
+         :     68 E0 A7 82 80 69 1B 51 4B 48 DE B6 80 08 95 59
+         :     08 6E 9D 73 BB 9C FF B5 BA 0C 3E 68 2B CF E6 5E
+         :     C5 5C 4B D5 99 3B 1C AE 6C B9 48 44 D0 88 32 88
+         :     0F 00 7E 06 5C 1F 15 D1 EE 7E 62 92 A6 C6 9A B1
+         :     11 9B 21 EE 9E D5 2C E6 A4 1B 32 9A 3F 99 A6 92
+         :     D5 6C 24 BB B8 2B 3F F3 22 9F 8D 97 64 54 8E CA
+         :   }
 ]]></sourcecode>
       <t>
 To allow reproduction of the signature results, the end-entity