randy/draft-9092update
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ee cert pem from russ

Browse source
This commit is contained in:
Randy Bush 2023-09-13 08:43:01 -07:00
parent 49c464b452
commit 7a0189af1d
1 changed files with 195 additions and 211 deletions
Download patch file Download diff file Expand all files Collapse all files

128
draft-ietf-opsawg-9092-update.xml
View file

@ -473,8 +473,10 @@
format="default"/>. format="default"/>.
</t> </t>
<t> <t>
The address range of the signing certificate MUST The address range of the signing certificate MUST cover all
cover all prefixes in the geofeed file it signs. prefixes on the geofeed file it signs. The certificate MUST NOT
include the Autonomous System Identifier Delegation certificate
extension <xref target="RFC3779"/>.
</t> </t>
<t> <t>
An address range A "covers" address range B if the range of B is An address range A "covers" address range B if the range of B is
@ -912,7 +914,8 @@
<t> <t>
The trust anchor is represented by a self-signed certificate. As The trust anchor is represented by a self-signed certificate. As
usual in the RPKI, the trust anchor has authority over all IPv4 usual in the RPKI, the trust anchor has authority over all IPv4
address blocks, all IPv6 address blocks, and all Autonomous System (AS) numbers. address blocks, all IPv6 address blocks, and all Autonomous System
(AS) numbers.
</t> </t>
<sourcecode type=""><![CDATA[ <sourcecode type=""><![CDATA[
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
@ -978,16 +981,16 @@
-----END CERTIFICATE----- -----END CERTIFICATE-----
]]></sourcecode> ]]></sourcecode>
<t> <t>
The end-entity certificate is issued by the CA. This The end-entity certificate is issued by the CA. This certificate
certificate grants signature authority for one IPv4 address block grants signature authority for one IPv4 address block (192.0.2.0/24).
(192.0.2.0/24). Signature authority for AS numbers is not needed for Signature authority for AS numbers is not needed for geofeed data
geofeed data signatures, so no AS numbers are included in the signatures, so AS numbers MUST NOT be included in the certificate.
certificate.</t> </t>
<sourcecode type=""><![CDATA[ <sourcecode type=""><![CDATA[
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEpTCCA42gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuQwDQYJKoZIhvcNAQEL MIIEXjCCA0agAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
Mzc3ODY0MjAeFw0yMTA1MjAxNjA1NDVaFw0yMjAzMTYxNjA1NDVaMDMxMTAvBgNV Mzc3ODY0MjAeFw0yMzA5MTIyMTI0MzJaFw0yNDA3MDgyMTI0MzJaMDMxMTAvBgNV
BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
@ -995,21 +998,20 @@
BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
AAGjggGvMIIBqzAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j AAGjggFoMIIBZDAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
Y2VyMBkGCCsGAQUFBwEHAQH/BAowCDAGBAIAAQUAMEUGCCsGAQUFBwELBDkwNzA1 Y2VyMBkGCCsGAQUFBwEHAQH/BAowCDAGBAIAAQUAMA0GCSqGSIb3DQEBCwUAA4IB
BggrBgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmV4YW1wbGUubmV0L25vdGlmaWNhdGlv AQDQhboLqwjpRHppCszugzqgaH29mEzCDvkbtWbfo97u2Edf/gRtfUoJ0hxherfH
bi54bWwwDQYJKoZIhvcNAQELBQADggEBAEjC98gVp0Mb7uiKaHylP0453mtJ+AkN faBdkS/yCQSgZXnA1UwnsnkavoRlOtlKLMicZ/Al6O8ef9DPpm01yz09Zu94UFie
07fsK/qGw/e90DJv7cp1hvjj4uy3sgf7PJQ7cKNGrgybq/lE0jce+ARgVjbi2Brz TCRJQorJ3d4aURC/7Ox/MXoQRdffwT2swSKkWst/r7FL6JN5ZdIznWjnOErQXXbM
ZsWAnB846Snwsktw6cenaif6Aww6q00NspAepMBd2Vg/9sKFvOwJFVOgNcqiQiXP Dxp361/3TXUjX5fvNkKf/tivaOCngoBpG1FLSN62gAiVWQhunXO7nP+1ugw+aCvP
5rGJPWBcOMv52a/7adjfXwpnOijiTOgMloQGmC2TPZpydZKjlxEATdFEQssa33xD 5l7FXEvVmTscrmy5SETQiDKIDwB+BlwfFdHufmKSpsaasRGbIe6e1SzmpBsymj+Z
nlpp+/r9xuNVYRtRcC36oWraVA3jzN6F6rDE8r8xs3ylISVz6JeCQ4YRYwbMsjjc ppLVbCS7uCs/8yKfjZdkVI7K
/tiJLM7ZYxIe5IrYz1ZtN6n/SEssJAswRIgps2EhCt/HS2xAmGCOhgU=
-----END CERTIFICATE----- -----END CERTIFICATE-----
]]></sourcecode> ]]></sourcecode>
<t> <t>
@ -1017,12 +1019,12 @@
brevity, the other two certificates are not. brevity, the other two certificates are not.
</t> </t>
<sourcecode type=""><![CDATA[ <sourcecode type=""><![CDATA[
0 1189: SEQUENCE { 0 1118: SEQUENCE {
4 909: SEQUENCE { 4 838: SEQUENCE {
8 3: [0] { 8 3: [0] {
10 1: INTEGER 2 10 1: INTEGER 2
: } : }
13 20: INTEGER 27AD394083D7F2B5B99B8670C775B2B96EE166E4 13 20: INTEGER 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 6E E1 66 E5
35 13: SEQUENCE { 35 13: SEQUENCE {
37 9: OBJECT IDENTIFIER 37 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11) : sha256WithRSAEncryption (1 2 840 113549 1 1 11)
@ -1032,28 +1034,25 @@
52 49: SET { 52 49: SET {
54 47: SEQUENCE { 54 47: SEQUENCE {
56 3: OBJECT IDENTIFIER commonName (2 5 4 3) 56 3: OBJECT IDENTIFIER commonName (2 5 4 3)
61 40: PrintableString 61 40: PrintableString '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
: '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
: } : }
: } : }
: } : }
103 30: SEQUENCE { 103 30: SEQUENCE {
105 13: UTCTime 20/05/2021 16:05:45 GMT 105 13: UTCTime 12/09/2023 21:24:32 GMT
120 13: UTCTime 16/03/2022 16:05:45 GMT 120 13: UTCTime 08/07/2024 21:24:32 GMT
: } : }
135 51: SEQUENCE { 135 51: SEQUENCE {
137 49: SET { 137 49: SET {
139 47: SEQUENCE { 139 47: SEQUENCE {
141 3: OBJECT IDENTIFIER commonName (2 5 4 3) 141 3: OBJECT IDENTIFIER commonName (2 5 4 3)
146 40: PrintableString 146 40: PrintableString '914652A3BD51C144260198889F5C45ABF053A187'
: '914652A3BD51C144260198889F5C45ABF053A187'
: } : }
: } : }
: } : }
188 290: SEQUENCE { 188 290: SEQUENCE {
192 13: SEQUENCE { 192 13: SEQUENCE {
194 9: OBJECT IDENTIFIER rsaEncryption 194 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (1 2 840 113549 1 1 1)
205 0: NULL 205 0: NULL
: } : }
207 271: BIT STRING, encapsulates { 207 271: BIT STRING, encapsulates {
@ -1080,8 +1079,8 @@
: } : }
: } : }
: } : }
482 431: [3] { 482 360: [3] {
486 427: SEQUENCE { 486 356: SEQUENCE {
490 29: SEQUENCE { 490 29: SEQUENCE {
492 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14) 492 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
497 22: OCTET STRING, encapsulates { 497 22: OCTET STRING, encapsulates {
@ -1135,8 +1134,8 @@
623 84: [0] { 623 84: [0] {
625 82: [0] { 625 82: [0] {
627 80: [6] 627 80: [6]
: 'rsync://rpki.example.net/repository/3ACE2CEF4F' : 'rsync://rpki.example.net/repository/3ACE2CEF4FB2'
: 'B21B7D11E3E184EFC1E297B3778642.crl' : '1B7D11E3E184EFC1E297B3778642.crl'
: } : }
: } : }
: } : }
@ -1144,15 +1143,14 @@
: } : }
: } : }
709 108: SEQUENCE { 709 108: SEQUENCE {
711 8: OBJECT IDENTIFIER authorityInfoAccess 711 8: OBJECT IDENTIFIER authorityInfoAccess (1 3 6 1 5 5 7 1 1)
: (1 3 6 1 5 5 7 1 1)
721 96: OCTET STRING, encapsulates { 721 96: OCTET STRING, encapsulates {
723 94: SEQUENCE { 723 94: SEQUENCE {
725 92: SEQUENCE { 725 92: SEQUENCE {
727 8: OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2) 727 8: OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2)
737 80: [6] 737 80: [6]
: 'rsync://rpki.example.net/repository/3ACE2CEF4F' : 'rsync://rpki.example.net/repository/3ACE2CEF4FB2'
: 'B21B7D11E3E184EFC1E297B3778642.cer' : '1B7D11E3E184EFC1E297B3778642.cer'
: } : }
: } : }
: } : }
@ -1169,44 +1167,30 @@
: } : }
: } : }
: } : }
846 69: SEQUENCE {
848 8: OBJECT IDENTIFIER subjectInfoAccess
: (1 3 6 1 5 5 7 1 11)
858 57: OCTET STRING, encapsulates {
860 55: SEQUENCE {
862 53: SEQUENCE {
864 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 48 13'
874 41: [6]
: 'https://rrdp.example.net/notification.xml'
: } : }
: } : }
: } : }
846 13: SEQUENCE {
848 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11)
859 0: NULL
: } : }
: } 861 257: BIT STRING
: } : D0 85 BA 0B AB 08 E9 44 7A 69 0A CC EE 83 3A A0
: } : 68 7D BD 98 4C C2 0E F9 1B B5 66 DF A3 DE EE D8
917 13: SEQUENCE { : 47 5F FE 04 6D 7D 4A 09 D2 1C 61 7A B7 C7 7D A0
919 9: OBJECT IDENTIFIER sha256WithRSAEncryption : 5D 91 2F F2 09 04 A0 65 79 C0 D5 4C 27 B2 79 1A
: (1 2 840 113549 1 1 11) : BE 84 65 3A D9 4A 2C C8 9C 67 F0 25 E8 EF 1E 7F
930 0: NULL : D0 CF A6 6D 35 CB 3D 3D 66 EF 78 50 58 9E 4C 24
: } : 49 42 8A C9 DD DE 1A 51 10 BF EC EC 7F 31 7A 10
932 257: BIT STRING : 45 D7 DF C1 3D AC C1 22 A4 5A CB 7F AF B1 4B E8
: 48 C2 F7 C8 15 A7 43 1B EE E8 8A 68 7C A5 3F 4E : 93 79 65 D2 33 9D 68 E7 38 4A D0 5D 76 CC 0F 1A
: 39 DE 6B 49 F8 09 0D D3 B7 EC 2B FA 86 C3 F7 BD : 77 EB 5F F7 4D 75 23 5F 97 EF 36 42 9F FE D8 AF
: D0 32 6F ED CA 75 86 F8 E3 E2 EC B7 B2 07 FB 3C : 68 E0 A7 82 80 69 1B 51 4B 48 DE B6 80 08 95 59
: 94 3B 70 A3 46 AE 0C 9B AB F9 44 D2 37 1E F8 04 : 08 6E 9D 73 BB 9C FF B5 BA 0C 3E 68 2B CF E6 5E
: 60 56 36 E2 D8 1A F3 66 C5 80 9C 1F 38 E9 29 F0 : C5 5C 4B D5 99 3B 1C AE 6C B9 48 44 D0 88 32 88
: B2 4B 70 E9 C7 A7 6A 27 FA 03 0C 3A AB 4D 0D B2 : 0F 00 7E 06 5C 1F 15 D1 EE 7E 62 92 A6 C6 9A B1
: 90 1E A4 C0 5D D9 58 3F F6 C2 85 BC EC 09 15 53 : 11 9B 21 EE 9E D5 2C E6 A4 1B 32 9A 3F 99 A6 92
: A0 35 CA A2 42 25 CF E6 B1 89 3D 60 5C 38 CB F9 : D5 6C 24 BB B8 2B 3F F3 22 9F 8D 97 64 54 8E CA
: D9 AF FB 69 D8 DF 5F 0A 67 3A 28 E2 4C E8 0C 96
: 84 06 98 2D 93 3D 9A 72 75 92 A3 97 11 00 4D D1
: 44 42 CB 1A DF 7C 43 9E 5A 69 FB FA FD C6 E3 55
: 61 1B 51 70 2D FA A1 6A DA 54 0D E3 CC DE 85 EA
: B0 C4 F2 BF 31 B3 7C A5 21 25 73 E8 97 82 43 86
: 11 63 06 CC B2 38 DC FE D8 89 2C CE D9 63 12 1E
: E4 8A D8 CF 56 6D 37 A9 FF 48 4B 2C 24 0B 30 44
: 88 29 B3 61 21 0A DF C7 4B 6C 40 98 60 8E 86 05
: } : }
]]></sourcecode> ]]></sourcecode>
<t> <t>