-02 published
This commit is contained in:
parent
4c9ad63e1e
commit
8cdde2b887
1 changed files with 489 additions and 478 deletions
|
|
@ -8,7 +8,7 @@
|
||||||
<?rfc compact="yes"?>
|
<?rfc compact="yes"?>
|
||||||
<?rfc subcompact="no"?>
|
<?rfc subcompact="no"?>
|
||||||
|
|
||||||
<rfc category="std" docName="draft-ietf-opsawg-9092-update-01"
|
<rfc category="std" docName="draft-ietf-opsawg-9092-update-02"
|
||||||
submissionType="IETF" consensus="true" ipr="trust200902"
|
submissionType="IETF" consensus="true" ipr="trust200902"
|
||||||
obsoletes="9092" version="2" >
|
obsoletes="9092" version="2" >
|
||||||
|
|
||||||
|
|
@ -492,6 +492,13 @@
|
||||||
object's address range is included in the <xref target="RFC5652"
|
object's address range is included in the <xref target="RFC5652"
|
||||||
format="default"/> CMS SignedData certificates field.
|
format="default"/> CMS SignedData certificates field.
|
||||||
</t>
|
</t>
|
||||||
|
<t>
|
||||||
|
The CA MUST sign only one Geofeed with each generated private
|
||||||
|
key and MUST generate a new key pair for each new version of the
|
||||||
|
Geofeed. An associated EE certificate used in this fashion is
|
||||||
|
termed a "one-time-use" EE certificate (see Section 3 of
|
||||||
|
<xref target="RFC6487"/>).
|
||||||
|
</t>
|
||||||
<t>
|
<t>
|
||||||
Identifying the private key associated with the certificate and
|
Identifying the private key associated with the certificate and
|
||||||
getting the department that controls the private key (which
|
getting the department that controls the private key (which
|
||||||
|
|
@ -753,6 +760,11 @@
|
||||||
treated as "remarks".
|
treated as "remarks".
|
||||||
</t>
|
</t>
|
||||||
|
|
||||||
|
<t>
|
||||||
|
<xref target="rpki-client"/> can be used to authenticate a
|
||||||
|
signed geofeed file.
|
||||||
|
</t>
|
||||||
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
<section anchor="seccons" numbered="true" toc="default">
|
<section anchor="seccons" numbered="true" toc="default">
|
||||||
|
|
@ -820,6 +832,7 @@
|
||||||
<?rfc include="reference.RFC.8174.xml"?>
|
<?rfc include="reference.RFC.8174.xml"?>
|
||||||
<?rfc include="reference.RFC.6481.xml"?>
|
<?rfc include="reference.RFC.6481.xml"?>
|
||||||
<?rfc include="reference.RFC.6486.xml"?>
|
<?rfc include="reference.RFC.6486.xml"?>
|
||||||
|
<?rfc include="reference.RFC.6487.xml"?>
|
||||||
<?rfc include="reference.RFC.8805.xml"?>
|
<?rfc include="reference.RFC.8805.xml"?>
|
||||||
<?rfc include="reference.RFC.8933.xml"?>
|
<?rfc include="reference.RFC.8933.xml"?>
|
||||||
</references>
|
</references>
|
||||||
|
|
@ -837,8 +850,6 @@
|
||||||
<?rfc include="reference.RFC.9092.xml"?>
|
<?rfc include="reference.RFC.9092.xml"?>
|
||||||
<?rfc include="reference.RFC.9323.xml"?>
|
<?rfc include="reference.RFC.9323.xml"?>
|
||||||
<?rfc include="reference.I-D.ietf-sidrops-rpki-rta.xml"?>
|
<?rfc include="reference.I-D.ietf-sidrops-rpki-rta.xml"?>
|
||||||
|
|
||||||
|
|
||||||
<reference anchor="RIPE81" target="https://www.ripe.net/publications/docs/ripe-081">
|
<reference anchor="RIPE81" target="https://www.ripe.net/publications/docs/ripe-081">
|
||||||
<front>
|
<front>
|
||||||
<title>Representation Of IP Routing Policies In The RIPE Database</title>
|
<title>Representation Of IP Routing Policies In The RIPE Database</title>
|
||||||
|
|
@ -901,59 +912,67 @@
|
||||||
<refcontent>commit 5f557a4</refcontent>
|
<refcontent>commit 5f557a4</refcontent>
|
||||||
</reference>
|
</reference>
|
||||||
|
|
||||||
|
<reference anchor="rpki-client" target="https://sobornost.net/~job/using_geofeed_authenticators.txt">
|
||||||
|
<front>
|
||||||
|
<title>Example on how to use rpki-client to authenticate a signed Geofeed</title>
|
||||||
|
<author fullname="Job Snijders"/>
|
||||||
|
<date month="September" year="2023" />
|
||||||
|
</front>
|
||||||
|
</reference>
|
||||||
|
|
||||||
</references>
|
</references>
|
||||||
<section anchor="example" numbered="true" toc="default">
|
|
||||||
<name>Example</name>
|
|
||||||
|
<section title="Example" anchor="example">
|
||||||
<t>
|
<t>
|
||||||
This appendix provides an example that includes a trust anchor, a CA
|
This appendix provides an example, including a trust anchor, a CA
|
||||||
certificate subordinate to the trust anchor, an end-entity
|
certificate subordinate to the trust anchor, an end-entity
|
||||||
certificate subordinate to the CA for signing the geofeed, and a
|
certificate subordinate to the CA for signing the geofeed, and a
|
||||||
detached signature.
|
detached signature.</t>
|
||||||
</t>
|
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
The trust anchor is represented by a self-signed certificate. As
|
The trust anchor is represented by a self-signed certificate. As
|
||||||
usual in the RPKI, the trust anchor has authority over all IPv4
|
usual in the RPKI, the trust anchor has authority over all IPv4
|
||||||
address blocks, all IPv6 address blocks, and all Autonomous System
|
address blocks, all IPv6 address blocks, and all AS numbers.</t>
|
||||||
(AS) numbers.
|
|
||||||
</t>
|
<figure><artwork><![CDATA[
|
||||||
<sourcecode type=""><![CDATA[
|
-----BEGIN CERTIFICATE-----
|
||||||
-----BEGIN CERTIFICATE-----
|
MIIEPjCCAyagAwIBAgIUPsUFJ4e/7pKZ6E14aBdkbYzms1gwDQYJKoZIhvcNAQEL
|
||||||
MIIEPjCCAyagAwIBAgIUPsUFJ4e/7pKZ6E14aBdkbYzms1gwDQYJKoZIhvcNAQEL
|
BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMDA5MDMxODU0NTRaFw0zMDA5
|
||||||
BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMDA5MDMxODU0NTRaFw0zMDA5
|
MDExODU0NTRaMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEwggEiMA0GCSqGSIb3DQEB
|
||||||
MDExODU0NTRaMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEwggEiMA0GCSqGSIb3DQEB
|
AQUAA4IBDwAwggEKAoIBAQCelMmMDCGBhqn/a3VrNAoKMr1HVLKxGoG7VF/13HZJ
|
||||||
AQUAA4IBDwAwggEKAoIBAQCelMmMDCGBhqn/a3VrNAoKMr1HVLKxGoG7VF/13HZJ
|
0twObUZlh3Jz+XeD+kNAURhELWTrsgdTkQQfqinqOuRemxTl55+x7nLpe5nmwaBH
|
||||||
0twObUZlh3Jz+XeD+kNAURhELWTrsgdTkQQfqinqOuRemxTl55+x7nLpe5nmwaBH
|
XqqDOHubmkbAGanGcm6T/rD9KNk1Z46Uc2p7UYu0fwNO0mo0aqFL2FSyvzZwziNe
|
||||||
XqqDOHubmkbAGanGcm6T/rD9KNk1Z46Uc2p7UYu0fwNO0mo0aqFL2FSyvzZwziNe
|
g7ELYZ4a3LvGn81JfP/JvM6pgtoMNuee5RV6TWaz7LV304ICj8Bhphy/HFpOA1rb
|
||||||
g7ELYZ4a3LvGn81JfP/JvM6pgtoMNuee5RV6TWaz7LV304ICj8Bhphy/HFpOA1rb
|
O9gs8CUMgqz+RroAIa8cV8gbF/fPCz9Ofl7Gdmib679JxxFrW4wRJ0nMJgJmsZXq
|
||||||
O9gs8CUMgqz+RroAIa8cV8gbF/fPCz9Ofl7Gdmib679JxxFrW4wRJ0nMJgJmsZXq
|
jaVc0g7ORc+eIAcHw7Uroc6h7Y7lGjOkDZF75j0mLQa3AgMBAAGjggGEMIIBgDAd
|
||||||
jaVc0g7ORc+eIAcHw7Uroc6h7Y7lGjOkDZF75j0mLQa3AgMBAAGjggGEMIIBgDAd
|
BgNVHQ4EFgQU3hNEuwvUGNCHY1TBatcUR03pNdYwHwYDVR0jBBgwFoAU3hNEuwvU
|
||||||
BgNVHQ4EFgQU3hNEuwvUGNCHY1TBatcUR03pNdYwHwYDVR0jBBgwFoAU3hNEuwvU
|
GNCHY1TBatcUR03pNdYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
|
||||||
GNCHY1TBatcUR03pNdYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
|
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCBuQYIKwYBBQUHAQsEgawwgakwPgYI
|
||||||
GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCBuQYIKwYBBQUHAQsEgawwgakwPgYI
|
KwYBBQUHMAqGMnJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5L2V4
|
||||||
KwYBBQUHMAqGMnJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5L2V4
|
YW1wbGUtdGEubWZ0MDUGCCsGAQUFBzANhilodHRwczovL3JyZHAuZXhhbXBsZS5u
|
||||||
YW1wbGUtdGEubWZ0MDUGCCsGAQUFBzANhilodHRwczovL3JyZHAuZXhhbXBsZS5u
|
ZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcwBYYkcnN5bmM6Ly9ycGtpLmV4
|
||||||
ZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcwBYYkcnN5bmM6Ly9ycGtpLmV4
|
YW1wbGUubmV0L3JlcG9zaXRvcnkvMCcGCCsGAQUFBwEHAQH/BBgwFjAJBAIAATAD
|
||||||
YW1wbGUubmV0L3JlcG9zaXRvcnkvMCcGCCsGAQUFBwEHAQH/BBgwFjAJBAIAATAD
|
AwEAMAkEAgACMAMDAQAwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgEAAgUA/////zAN
|
||||||
AwEAMAkEAgACMAMDAQAwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgEAAgUA/////zAN
|
BgkqhkiG9w0BAQsFAAOCAQEAgZFQ0Sf3CI5Hwev61AUWHYOFniy69PuDTq+WnhDe
|
||||||
BgkqhkiG9w0BAQsFAAOCAQEAgZFQ0Sf3CI5Hwev61AUWHYOFniy69PuDTq+WnhDe
|
xX5rpjSDRrs5L756KSKJcaOJ36lzO45lfOPSY9fH6x30pnipaqRA7t5rApky24jH
|
||||||
xX5rpjSDRrs5L756KSKJcaOJ36lzO45lfOPSY9fH6x30pnipaqRA7t5rApky24jH
|
cSUA9iRednzxhVyGjWKnfAKyNo2MYfaOAT0db1GjyLKbOADI9FowtHBUu+60ykcM
|
||||||
cSUA9iRednzxhVyGjWKnfAKyNo2MYfaOAT0db1GjyLKbOADI9FowtHBUu+60ykcM
|
Quz66XrzxtmxlrRcAnbv/HtV17qOd4my6q5yjTPR1dmYN9oR/2ChlXtGE6uQVguA
|
||||||
Quz66XrzxtmxlrRcAnbv/HtV17qOd4my6q5yjTPR1dmYN9oR/2ChlXtGE6uQVguA
|
rvNZ5CwiJ1TgGGTB7T8ORHwWU6dGTc0jk2rESAaikmLi1roZSNC21fckhapEit1a
|
||||||
rvNZ5CwiJ1TgGGTB7T8ORHwWU6dGTc0jk2rESAaikmLi1roZSNC21fckhapEit1a
|
x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
||||||
x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
|
-----END CERTIFICATE-----
|
||||||
-----END CERTIFICATE-----
|
]]></artwork></figure>
|
||||||
]]></sourcecode>
|
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
The CA certificate is issued by the trust anchor. This
|
The CA certificate is issued by the trust anchor. This
|
||||||
certificate grants authority over one IPv4 address block
|
certificate grants authority over one IPv4 address block
|
||||||
(192.0.2.0/24) and two AS numbers (64496 and 64497).</t>
|
(192.0.2.0/24) and two AS numbers (64496 and 64497).</t>
|
||||||
<sourcecode type=""><![CDATA[
|
|
||||||
|
<figure><artwork><![CDATA[
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIFBzCCA++gAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDKowDQYJKoZIhvcNAQEL
|
MIIFBzCCA++gAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDLUwDQYJKoZIhvcNAQEL
|
||||||
BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMDA5MDMxOTAyMTlaFw0yMTA5
|
BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMzA5MTYyMTAzMjhaFw0yNDA5
|
||||||
MDMxOTAyMTlaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG
|
MTUyMTAzMjhaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG
|
||||||
QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
|
QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
|
||||||
zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7
|
zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7
|
||||||
6wGIyZbtmhK63eEeaqbKz2GHub467498BXeVrYysO+YuIGgCEYKznNDZ4j5aaDbo
|
6wGIyZbtmhK63eEeaqbKz2GHub467498BXeVrYysO+YuIGgCEYKznNDZ4j5aaDbo
|
||||||
|
|
@ -972,25 +991,27 @@
|
||||||
Oi8vcnJkcC5leGFtcGxlLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBzAF
|
Oi8vcnJkcC5leGFtcGxlLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBzAF
|
||||||
hiRyc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8wHwYIKwYBBQUH
|
hiRyc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8wHwYIKwYBBQUH
|
||||||
AQcBAf8EEDAOMAwEAgABMAYDBADAAAIwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgMA
|
AQcBAf8EEDAOMAwEAgABMAYDBADAAAIwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgMA
|
||||||
+/ACAwD78TANBgkqhkiG9w0BAQsFAAOCAQEAnLu+d1ZsUTiX3YWGueTHIalW4ad0
|
+/ACAwD78TANBgkqhkiG9w0BAQsFAAOCAQEAkWoRJBJRgIMRkTUgPDG/rqcd/fz+
|
||||||
Kupi7pYMV2nXbxNGmdJMol9BkzVz9tj55ReMghUU4YLm/ICYe4fz5e0T8o9s/vIm
|
eN8L3Yme1hNJuAnkf6S3pr5GT1NG9hVTphLFPI4jPSoPZSEQtZ6gsswU3KacnS2A
|
||||||
cGS29+WoGuiznMitpvbS/379gaMezk6KpqjH6Brw6meMqy09phmcmvm3x3WTmx09
|
VtgHYfZA9gfRHhURuiWvFNSp+d7A2MeBmmRyBOD3a5v4f+wNoXPgPhUTZUsXh2Q4
|
||||||
mLlQneMptwk8qSYcnMUmGLJs+cVqmkOa3sWRdw8WrGu6QqYtQz3HFZQojF06YzEq
|
q7WFgiQp6P8vdIXjZDKFB7Xtu7Fl1S5RVowV68DexjVfmaPTPZjetHaAqpz6C4/E
|
||||||
V/dBdCFdEOwTfVl2n2XqhoJl/oEBdC4uu2G0qRk3+WVs+uwVHP0Ttsbt7TzFgZfY
|
s4NArJzIL+8sqmIeuWUD11WXQ3wsC0IWuPMi6XOJQnPQQFtMPr79cftsw+Ynr/vc
|
||||||
yxqvOg6QoldxZVZmHHncKmETu/BqCDGJot9may31ukrx34Bu+XFMVihm0w==
|
F+WPd2Mdaby93ASOE2MyXdaaOf8Av3wIpMvhMuAuM03V/mPVksqxUbfOLw==
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
]]></sourcecode>
|
]]></artwork></figure>
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
The end-entity certificate is issued by the CA. This certificate
|
The end-entity certificate is issued by the CA. This
|
||||||
grants signature authority for one IPv4 address block (192.0.2.0/24).
|
certificate grants signature authority for one IPv4 address block
|
||||||
Signature authority for AS numbers is not needed for geofeed data
|
(192.0.2.0/24). Signature authority for AS numbers is not needed
|
||||||
signatures, so AS numbers MUST NOT be included in the certificate.
|
for geofeed data signatures, so no AS numbers are included in the
|
||||||
</t>
|
end-entity certificate.</t>
|
||||||
<sourcecode type=""><![CDATA[
|
|
||||||
|
<figure><artwork><![CDATA[
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIEXjCCA0agAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuUwDQYJKoZIhvcNAQEL
|
MIIEZDCCA0ygAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuwwDQYJKoZIhvcNAQEL
|
||||||
BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
|
BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
|
||||||
Mzc3ODY0MjAeFw0yMzA5MTIyMTI0MzJaFw0yNDA3MDgyMTI0MzJaMDMxMTAvBgNV
|
Mzc3ODY0MjAeFw0yMzA5MTYyMTAzMjhaFw0yNDA3MTIyMTAzMjhaMDMxMTAvBgNV
|
||||||
BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
|
BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
|
||||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
|
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
|
||||||
yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
|
yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
|
||||||
|
|
@ -998,33 +1019,36 @@
|
||||||
BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
|
BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
|
||||||
tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
|
tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
|
||||||
qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
|
qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
|
||||||
AAGjggFoMIIBZDAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
|
AAGjggFuMIIBajAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
|
||||||
BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
|
BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
|
||||||
Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
|
Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
|
||||||
VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
|
VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
|
||||||
RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
|
RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
|
||||||
AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
|
AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
|
||||||
c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
|
c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
|
||||||
Y2VyMBkGCCsGAQUFBwEHAQH/BAowCDAGBAIAAQUAMA0GCSqGSIb3DQEBCwUAA4IB
|
Y2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwAACMA0GCSqGSIb3DQEB
|
||||||
AQDQhboLqwjpRHppCszugzqgaH29mEzCDvkbtWbfo97u2Edf/gRtfUoJ0hxherfH
|
CwUAA4IBAQAIdkoBMQydWkkaE91zFTX6xIzzDhllfDR5bgw8C2XrAkTiWlMce+/A
|
||||||
faBdkS/yCQSgZXnA1UwnsnkavoRlOtlKLMicZ/Al6O8ef9DPpm01yz09Zu94UFie
|
794a7j3+fIAyDrQ1fjgPLof6I7xMaiqyNtb+5GqXNk+sHwjg6AnInZV2Xgz2X6lJ
|
||||||
TCRJQorJ3d4aURC/7Ox/MXoQRdffwT2swSKkWst/r7FL6JN5ZdIznWjnOErQXXbM
|
dtNck25zGwfj/RZ8BxO+UUzP0JUOCTAaCed2KOVF9qWfmXeZ2HPvZVD+01G0PNKd
|
||||||
Dxp361/3TXUjX5fvNkKf/tivaOCngoBpG1FLSN62gAiVWQhunXO7nP+1ugw+aCvP
|
DGKzBmtWKzXsWVk00fvm+xaDs/sBTf28O907AUM+2ipuFYfWYc2mPaT3C4uK0udl
|
||||||
5l7FXEvVmTscrmy5SETQiDKIDwB+BlwfFdHufmKSpsaasRGbIe6e1SzmpBsymj+Z
|
3/FhUzH6loqs/c1jIsL3mWd8iR2eAwBa+rsp9sc3wbnPCjFOuFZKN85nnXzrbJ6d
|
||||||
ppLVbCS7uCs/8yKfjZdkVI7K
|
FjqNix9Z2it7TCmU89JltreRt5Q1xX+m
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
]]></sourcecode>
|
]]></artwork></figure>
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
The end-entity certificate is displayed below in detail. For
|
The end-entity certificate is displayed below in detail. For
|
||||||
brevity, the other two certificates are not.
|
brevity, the other two certificates are not.</t>
|
||||||
</t>
|
|
||||||
<sourcecode type=""><![CDATA[
|
<figure><artwork><![CDATA[
|
||||||
0 1118: SEQUENCE {
|
0 1124: SEQUENCE {
|
||||||
4 838: SEQUENCE {
|
4 844: SEQUENCE {
|
||||||
8 3: [0] {
|
8 3: [0] {
|
||||||
10 1: INTEGER 2
|
10 1: INTEGER 2
|
||||||
: }
|
: }
|
||||||
13 20: INTEGER 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 6E E1 66 E5
|
13 20: INTEGER
|
||||||
|
: 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2
|
||||||
|
: B9 6E E1 66 EC
|
||||||
35 13: SEQUENCE {
|
35 13: SEQUENCE {
|
||||||
37 9: OBJECT IDENTIFIER
|
37 9: OBJECT IDENTIFIER
|
||||||
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
|
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
|
||||||
|
|
@ -1034,25 +1058,28 @@
|
||||||
52 49: SET {
|
52 49: SET {
|
||||||
54 47: SEQUENCE {
|
54 47: SEQUENCE {
|
||||||
56 3: OBJECT IDENTIFIER commonName (2 5 4 3)
|
56 3: OBJECT IDENTIFIER commonName (2 5 4 3)
|
||||||
61 40: PrintableString '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
|
61 40: PrintableString
|
||||||
|
: '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
103 30: SEQUENCE {
|
103 30: SEQUENCE {
|
||||||
105 13: UTCTime 12/09/2023 21:24:32 GMT
|
105 13: UTCTime 16/09/2023 21:03:28 GMT
|
||||||
120 13: UTCTime 08/07/2024 21:24:32 GMT
|
120 13: UTCTime 12/07/2024 21:03:28 GMT
|
||||||
: }
|
: }
|
||||||
135 51: SEQUENCE {
|
135 51: SEQUENCE {
|
||||||
137 49: SET {
|
137 49: SET {
|
||||||
139 47: SEQUENCE {
|
139 47: SEQUENCE {
|
||||||
141 3: OBJECT IDENTIFIER commonName (2 5 4 3)
|
141 3: OBJECT IDENTIFIER commonName (2 5 4 3)
|
||||||
146 40: PrintableString '914652A3BD51C144260198889F5C45ABF053A187'
|
146 40: PrintableString
|
||||||
|
: '914652A3BD51C144260198889F5C45ABF053A187'
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
188 290: SEQUENCE {
|
188 290: SEQUENCE {
|
||||||
192 13: SEQUENCE {
|
192 13: SEQUENCE {
|
||||||
194 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
|
194 9: OBJECT IDENTIFIER
|
||||||
|
: rsaEncryption (1 2 840 113549 1 1 1)
|
||||||
205 0: NULL
|
205 0: NULL
|
||||||
: }
|
: }
|
||||||
207 271: BIT STRING, encapsulates {
|
207 271: BIT STRING, encapsulates {
|
||||||
|
|
@ -1079,10 +1106,11 @@
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
482 360: [3] {
|
482 366: [3] {
|
||||||
486 356: SEQUENCE {
|
486 362: SEQUENCE {
|
||||||
490 29: SEQUENCE {
|
490 29: SEQUENCE {
|
||||||
492 3: OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
|
492 3: OBJECT IDENTIFIER
|
||||||
|
: subjectKeyIdentifier (2 5 29 14)
|
||||||
497 22: OCTET STRING, encapsulates {
|
497 22: OCTET STRING, encapsulates {
|
||||||
499 20: OCTET STRING
|
499 20: OCTET STRING
|
||||||
: 91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
|
: 91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
|
||||||
|
|
@ -1090,7 +1118,8 @@
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
521 31: SEQUENCE {
|
521 31: SEQUENCE {
|
||||||
523 3: OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
|
523 3: OBJECT IDENTIFIER
|
||||||
|
: authorityKeyIdentifier (2 5 29 35)
|
||||||
528 24: OCTET STRING, encapsulates {
|
528 24: OCTET STRING, encapsulates {
|
||||||
530 22: SEQUENCE {
|
530 22: SEQUENCE {
|
||||||
532 20: [0]
|
532 20: [0]
|
||||||
|
|
@ -1127,15 +1156,16 @@
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
610 97: SEQUENCE {
|
610 97: SEQUENCE {
|
||||||
612 3: OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
|
612 3: OBJECT IDENTIFIER
|
||||||
|
: cRLDistributionPoints (2 5 29 31)
|
||||||
617 90: OCTET STRING, encapsulates {
|
617 90: OCTET STRING, encapsulates {
|
||||||
619 88: SEQUENCE {
|
619 88: SEQUENCE {
|
||||||
621 86: SEQUENCE {
|
621 86: SEQUENCE {
|
||||||
623 84: [0] {
|
623 84: [0] {
|
||||||
625 82: [0] {
|
625 82: [0] {
|
||||||
627 80: [6]
|
627 80: [6]
|
||||||
: 'rsync://rpki.example.net/repository/3ACE2CEF4FB2'
|
: 'rsync://rpki.example.net/repository/3ACE'
|
||||||
: '1B7D11E3E184EFC1E297B3778642.crl'
|
: '2CEF4FB21B7D11E3E184EFC1E297B3778642.crl'
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
|
|
@ -1143,26 +1173,31 @@
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
709 108: SEQUENCE {
|
709 108: SEQUENCE {
|
||||||
711 8: OBJECT IDENTIFIER authorityInfoAccess (1 3 6 1 5 5 7 1 1)
|
711 8: OBJECT IDENTIFIER
|
||||||
|
: authorityInfoAccess (1 3 6 1 5 5 7 1 1)
|
||||||
721 96: OCTET STRING, encapsulates {
|
721 96: OCTET STRING, encapsulates {
|
||||||
723 94: SEQUENCE {
|
723 94: SEQUENCE {
|
||||||
725 92: SEQUENCE {
|
725 92: SEQUENCE {
|
||||||
727 8: OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2)
|
727 8: OBJECT IDENTIFIER
|
||||||
|
: caIssuers (1 3 6 1 5 5 7 48 2)
|
||||||
737 80: [6]
|
737 80: [6]
|
||||||
: 'rsync://rpki.example.net/repository/3ACE2CEF4FB2'
|
: 'rsync://rpki.example.net/repository/3ACE'
|
||||||
: '1B7D11E3E184EFC1E297B3778642.cer'
|
: '2CEF4FB21B7D11E3E184EFC1E297B3778642.cer'
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
819 25: SEQUENCE {
|
819 31: SEQUENCE {
|
||||||
821 8: OBJECT IDENTIFIER ipAddrBlocks (1 3 6 1 5 5 7 1 7)
|
821 8: OBJECT IDENTIFIER
|
||||||
|
: ipAddrBlocks (1 3 6 1 5 5 7 1 7)
|
||||||
831 1: BOOLEAN TRUE
|
831 1: BOOLEAN TRUE
|
||||||
834 10: OCTET STRING, encapsulates {
|
834 16: OCTET STRING, encapsulates {
|
||||||
836 8: SEQUENCE {
|
836 14: SEQUENCE {
|
||||||
838 6: SEQUENCE {
|
838 12: SEQUENCE {
|
||||||
840 2: OCTET STRING 00 01
|
840 2: OCTET STRING 00 01
|
||||||
844 0: NULL
|
844 6: SEQUENCE {
|
||||||
|
846 4: BIT STRING
|
||||||
|
: '010000000000000000000011'B
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
|
|
@ -1170,34 +1205,38 @@
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
: }
|
: }
|
||||||
846 13: SEQUENCE {
|
|
||||||
848 9: OBJECT IDENTIFIER sha256WithRSAEncryption (1 2 840 113549 1 1 11)
|
|
||||||
859 0: NULL
|
|
||||||
: }
|
: }
|
||||||
861 257: BIT STRING
|
852 13: SEQUENCE {
|
||||||
: D0 85 BA 0B AB 08 E9 44 7A 69 0A CC EE 83 3A A0
|
854 9: OBJECT IDENTIFIER
|
||||||
: 68 7D BD 98 4C C2 0E F9 1B B5 66 DF A3 DE EE D8
|
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
|
||||||
: 47 5F FE 04 6D 7D 4A 09 D2 1C 61 7A B7 C7 7D A0
|
865 0: NULL
|
||||||
: 5D 91 2F F2 09 04 A0 65 79 C0 D5 4C 27 B2 79 1A
|
|
||||||
: BE 84 65 3A D9 4A 2C C8 9C 67 F0 25 E8 EF 1E 7F
|
|
||||||
: D0 CF A6 6D 35 CB 3D 3D 66 EF 78 50 58 9E 4C 24
|
|
||||||
: 49 42 8A C9 DD DE 1A 51 10 BF EC EC 7F 31 7A 10
|
|
||||||
: 45 D7 DF C1 3D AC C1 22 A4 5A CB 7F AF B1 4B E8
|
|
||||||
: 93 79 65 D2 33 9D 68 E7 38 4A D0 5D 76 CC 0F 1A
|
|
||||||
: 77 EB 5F F7 4D 75 23 5F 97 EF 36 42 9F FE D8 AF
|
|
||||||
: 68 E0 A7 82 80 69 1B 51 4B 48 DE B6 80 08 95 59
|
|
||||||
: 08 6E 9D 73 BB 9C FF B5 BA 0C 3E 68 2B CF E6 5E
|
|
||||||
: C5 5C 4B D5 99 3B 1C AE 6C B9 48 44 D0 88 32 88
|
|
||||||
: 0F 00 7E 06 5C 1F 15 D1 EE 7E 62 92 A6 C6 9A B1
|
|
||||||
: 11 9B 21 EE 9E D5 2C E6 A4 1B 32 9A 3F 99 A6 92
|
|
||||||
: D5 6C 24 BB B8 2B 3F F3 22 9F 8D 97 64 54 8E CA
|
|
||||||
: }
|
: }
|
||||||
]]></sourcecode>
|
867 257: BIT STRING
|
||||||
|
: 08 76 4A 01 31 0C 9D 5A 49 1A 13 DD 73 15 35 FA
|
||||||
|
: C4 8C F3 0E 19 65 7C 34 79 6E 0C 3C 0B 65 EB 02
|
||||||
|
: 44 E2 5A 53 1C 7B EF C0 EF DE 1A EE 3D FE 7C 80
|
||||||
|
: 32 0E B4 35 7E 38 0F 2E 87 FA 23 BC 4C 6A 2A B2
|
||||||
|
: 36 D6 FE E4 6A 97 36 4F AC 1F 08 E0 E8 09 C8 9D
|
||||||
|
: 95 76 5E 0C F6 5F A9 49 76 D3 5C 93 6E 73 1B 07
|
||||||
|
: E3 FD 16 7C 07 13 BE 51 4C CF D0 95 0E 09 30 1A
|
||||||
|
: 09 E7 76 28 E5 45 F6 A5 9F 99 77 99 D8 73 EF 65
|
||||||
|
: 50 FE D3 51 B4 3C D2 9D 0C 62 B3 06 6B 56 2B 35
|
||||||
|
: EC 59 59 34 D1 FB E6 FB 16 83 B3 FB 01 4D FD BC
|
||||||
|
: 3B DD 3B 01 43 3E DA 2A 6E 15 87 D6 61 CD A6 3D
|
||||||
|
: A4 F7 0B 8B 8A D2 E7 65 DF F1 61 53 31 FA 96 8A
|
||||||
|
: AC FD CD 63 22 C2 F7 99 67 7C 89 1D 9E 03 00 5A
|
||||||
|
: FA BB 29 F6 C7 37 C1 B9 CF 0A 31 4E B8 56 4A 37
|
||||||
|
: CE 67 9D 7C EB 6C 9E 9D 16 3A 8D 8B 1F 59 DA 2B
|
||||||
|
: 7B 4C 29 94 F3 D2 65 B6 B7 91 B7 94 35 C5 7F A6
|
||||||
|
: }
|
||||||
|
]]></artwork></figure>
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
To allow reproduction of the signature results, the end-entity
|
To allow reproduction of the signature results, the end-entity
|
||||||
private key is provided. For brevity, the other two private
|
private key is provided. For brevity, the other two private
|
||||||
keys are not.</t>
|
keys are not.</t>
|
||||||
<sourcecode type=""><![CDATA[
|
|
||||||
|
<figure><artwork><![CDATA[
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
MIIEpQIBAAKCAQEAsnE0Kzm/6gdlt4tyovD4QPwxFsootk4BqPaYAsDvZbCESOmW
|
MIIEpQIBAAKCAQEAsnE0Kzm/6gdlt4tyovD4QPwxFsootk4BqPaYAsDvZbCESOmW
|
||||||
/5Pmkollj/ZEnM5XEILTwlcK+toU0GQiKMATdAS9HCtP+ZNYpiXYuanTN57yrMDP
|
/5Pmkollj/ZEnM5XEILTwlcK+toU0GQiKMATdAS9HCtP+ZNYpiXYuanTN57yrMDP
|
||||||
|
|
@ -1225,81 +1264,53 @@ keys are not.</t>
|
||||||
E3ng2j5XPTUWli+aNGFEJGRoNtcQvO60O/sFZUhu52sqq9mWVYZNh1TB5aP8X+pV
|
E3ng2j5XPTUWli+aNGFEJGRoNtcQvO60O/sFZUhu52sqq9mWVYZNh1TB5aP8X+pV
|
||||||
iFcZOLUvQEcN6PA+YQK5FU11rAI1M0Gm5RDnVnUl0L2xfCYxb7FzV6Y=
|
iFcZOLUvQEcN6PA+YQK5FU11rAI1M0Gm5RDnVnUl0L2xfCYxb7FzV6Y=
|
||||||
-----END RSA PRIVATE KEY-----
|
-----END RSA PRIVATE KEY-----
|
||||||
]]></sourcecode>
|
]]></artwork></figure>
|
||||||
|
|
||||||
<t>
|
<t>
|
||||||
Signing of "192.0.2.0/24,US,WA,Seattle," (terminated by CR and LF) yields the
|
Signing of "192.0.2.0/24,US,WA,Seattle," (terminated by CR and LF),
|
||||||
following detached CMS signature.</t>
|
yields the following detached CMS signature.</t>
|
||||||
<sourcecode type=""><![CDATA[
|
|
||||||
# RPKI Signature: 192.0.2.0 - 192.0.2.255
|
<figure><artwork><![CDATA[
|
||||||
# MIIGjwYJKoZIhvcNAQcCoIIGgDCCBnwCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
|
# RPKI Signature: 192.0.2.0/24
|
||||||
# IhvcNAQkQAS+gggSpMIIEpTCCA42gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
|
# MIIGTgYJKoZIhvcNAQcCoIIGPzCCBjsCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
|
||||||
# QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExR
|
# IhvcNAQkQAS+gggRoMIIEZDCCA0ygAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
|
||||||
# TNFMTg0RUZDMUUyOTdCMzc3ODY0MjAeFw0yMTA1MjAxNjA1NDVaFw0yMjAzMTYx
|
# wwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExR
|
||||||
# NjA1NDVaMDMxMTAvBgNVBAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM
|
# TNFMTg0RUZDMUUyOTdCMzc3ODY0MjAeFw0yMzA5MTYyMTAzMjhaFw0yNDA3MTIy
|
||||||
|
# MTAzMjhaMDMxMTAvBgNVBAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM
|
||||||
# 0NUFCRjA1M0ExODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycT
|
# 0NUFCRjA1M0ExODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycT
|
||||||
# QrOb/qB2W3i3Ki8PhA/DEWyii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQg
|
# QrOb/qB2W3i3Ki8PhA/DEWyii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQg
|
||||||
# tPCVwr62hTQZCIowBN0BL0cK0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZm
|
# tPCVwr62hTQZCIowBN0BL0cK0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZm
|
||||||
# r5xphXRvE+mzuJVLgu2V1upmBXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXha
|
# r5xphXRvE+mzuJVLgu2V1upmBXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXha
|
||||||
# FLe08y4DPfr/S/tXJOBm7QzQptmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKG
|
# FLe08y4DPfr/S/tXJOBm7QzQptmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKG
|
||||||
# zqTFCcc3EW9l5UFE1MFLlnoEogqtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQ
|
# zqTFCcc3EW9l5UFE1MFLlnoEogqtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQ
|
||||||
# ft5w6g6cmxG+aYDdIEB34zrAgMBAAGjggGvMIIBqzAdBgNVHQ4EFgQUkUZSo71R
|
# ft5w6g6cmxG+aYDdIEB34zrAgMBAAGjggFuMIIBajAdBgNVHQ4EFgQUkUZSo71R
|
||||||
# wUQmAZiIn1xFq/BToYcwHwYDVR0jBBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkI
|
# wUQmAZiIn1xFq/BToYcwHwYDVR0jBBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkI
|
||||||
# wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBg
|
# wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBg
|
||||||
# grBgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZ
|
# grBgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZ
|
||||||
# S5uZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5
|
# S5uZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5
|
||||||
# N0IzNzc4NjQyLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5
|
# N0IzNzc4NjQyLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5
|
||||||
# jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0
|
# jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0
|
||||||
# QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIuY2VyMBkGCCsGAQUFBwEHAQH/BAowC
|
# QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIuY2VyMB8GCCsGAQUFBwEHAQH/BBAwD
|
||||||
# DAGBAIAAQUAMEUGCCsGAQUFBwELBDkwNzA1BggrBgEFBQcwDYYpaHR0cHM6Ly9y
|
# jAMBAIAATAGAwQAwAACMA0GCSqGSIb3DQEBCwUAA4IBAQAIdkoBMQydWkkaE91z
|
||||||
# cmRwLmV4YW1wbGUubmV0L25vdGlmaWNhdGlvbi54bWwwDQYJKoZIhvcNAQELBQA
|
# FTX6xIzzDhllfDR5bgw8C2XrAkTiWlMce+/A794a7j3+fIAyDrQ1fjgPLof6I7x
|
||||||
# DggEBAEjC98gVp0Mb7uiKaHylP0453mtJ+AkN07fsK/qGw/e90DJv7cp1hvjj4u
|
# MaiqyNtb+5GqXNk+sHwjg6AnInZV2Xgz2X6lJdtNck25zGwfj/RZ8BxO+UUzP0J
|
||||||
# y3sgf7PJQ7cKNGrgybq/lE0jce+ARgVjbi2BrzZsWAnB846Snwsktw6cenaif6A
|
# UOCTAaCed2KOVF9qWfmXeZ2HPvZVD+01G0PNKdDGKzBmtWKzXsWVk00fvm+xaDs
|
||||||
# ww6q00NspAepMBd2Vg/9sKFvOwJFVOgNcqiQiXP5rGJPWBcOMv52a/7adjfXwpn
|
# /sBTf28O907AUM+2ipuFYfWYc2mPaT3C4uK0udl3/FhUzH6loqs/c1jIsL3mWd8
|
||||||
# OijiTOgMloQGmC2TPZpydZKjlxEATdFEQssa33xDnlpp+/r9xuNVYRtRcC36oWr
|
# iR2eAwBa+rsp9sc3wbnPCjFOuFZKN85nnXzrbJ6dFjqNix9Z2it7TCmU89Jltre
|
||||||
# aVA3jzN6F6rDE8r8xs3ylISVz6JeCQ4YRYwbMsjjc/tiJLM7ZYxIe5IrYz1ZtN6
|
# Rt5Q1xX+mMYIBqjCCAaYCAQOAFJFGUqO9UcFEJgGYiJ9cRavwU6GHMAsGCWCGSA
|
||||||
# n/SEssJAswRIgps2EhCt/HS2xAmGCOhgUxggGqMIIBpgIBA4AUkUZSo71RwUQmA
|
# FlAwQCAaBrMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABLzAcBgkqhkiG9w0BC
|
||||||
# ZiIn1xFq/BToYcwCwYJYIZIAWUDBAIBoGswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3
|
# QUxDxcNMjMwOTE2MjEwMzI4WjAvBgkqhkiG9w0BCQQxIgQgK+LynlLxySDbBNGE
|
||||||
# DQEJEAEvMBwGCSqGSIb3DQEJBTEPFw0yMTA1MjAxNjI4MzlaMC8GCSqGSIb3DQE
|
# MFDMaKOPKqzlPoj7hW0EfKl9wRYwDQYJKoZIhvcNAQEBBQAEggEAm1SGhxyTWRb
|
||||||
# JBDEiBCAr4vKeUvHJINsE0YQwUMxoo48qrOU+iPuFbQR8qX3BFjANBgkqhkiG9w
|
# jf+ewdePchggMKR8zY7FRy+Z5ietrNaWkF2ZgqluVmm3mRDpQDeqTYrcTcBdR3o
|
||||||
# 0BAQEFAASCAQB85HsCBrU3EcVOcf4nC6Z3jrOjT+fVlyTDAObF6GTNWgrxe7jSA
|
# szs89XxWNf81Afs1mBcUdgPHxcghJNoVsDFmcPd+LEFikOtGjaFCwS2meF3RYaM
|
||||||
# Inyf51UzuIGqhVY3sQiiXbdWcVYtPb4118KvyeXh8A/HLp4eeAJntl9D3igt38M
|
# 51jKer8SObP9nqV1JdPYzaArIpzhjHUA1wktTblEmg9lEOJPqALMI9uL7ngcKaE
|
||||||
# o84q5pf9pTQXx3hbsm51ilpOip/TKVMqzE42s6OPox3M0+6eKH3/vBKnw1s1ayM
|
# w4omrcNSBXt9vqge/I5wG7q9tMw2RRcYXTj1XG6nSm7bo9L4JQfBrsubaANmGO9
|
||||||
# 0MUnPDTBfZL3JJEGPWfIZHEcrypevbqR7Jjsz5vp0qyF2D9v+w+nyhZOPmuePm7
|
# NEAZeHyTQq7TzO9w7KBsB3Cg8qRhCzAY8bznt+r1DVPpQj4EHUBizYUMQRCxD5o
|
||||||
# YqLyOw/E99PVBs9uI+hmBiCz/BK2Z3VRjrrlrUU+49eldSTkZ2sJyhCbbV2Ufgi
|
# IUjEELzssfleF8pQ==
|
||||||
# S2FOquAgJzjilyN3BDQLV8Rp9cGh0PpVslKH2na
|
# End Signature: 192.0.2.0/24
|
||||||
# End Signature: 192.0.2.0 - 192.0.2.255
|
]]></artwork></figure>
|
||||||
]]></sourcecode>
|
|
||||||
</section>
|
|
||||||
|
|
||||||
<section anchor="ack" numbered="false" toc="default">
|
|
||||||
<name>Acknowledgments</name>
|
|
||||||
<t>
|
|
||||||
Thanks to <contact fullname="Rob Austein"/> for CMS and detached
|
|
||||||
signature clue, <contact fullname="George Michaelson"/> for the
|
|
||||||
first and substantial external review, and <contact
|
|
||||||
fullname="Erik Kline"/> who was too shy to agree to
|
|
||||||
coauthorship. Additionally, we express our gratitude to early
|
|
||||||
implementors, including <contact fullname="Menno Schepers"/>;
|
|
||||||
<contact fullname="Flavio Luciani"/>; <contact fullname="Eric
|
|
||||||
Dugas"/>; <contact fullname="Job Snijders"/>, who also found an
|
|
||||||
ASN.1 'inherit' issue; and <contact fullname="Kevin Pack"/>.
|
|
||||||
Also, thanks to the following geolocation providers who are
|
|
||||||
consuming geofeeds with this described solution: <contact
|
|
||||||
fullname="Jonathan Kosgei"/> (ipdata.co), <contact fullname="Ben
|
|
||||||
Dowling"/> (ipinfo.io), and <contact fullname="Pol Nisenblat"/>
|
|
||||||
(bigdatacloud.com). For an amazing number of helpful reviews,
|
|
||||||
we thank <contact fullname="Adrian Farrel"/>, <contact
|
|
||||||
fullname="Antonio Prado"/>, <contact fullname="Francesca
|
|
||||||
Palombini"/>, <contact fullname="Jean-Michel Combes"/> (INTDIR),
|
|
||||||
<contact fullname="Joe Clarke"/>, <contact fullname="John
|
|
||||||
Scudder"/>, <contact fullname="Kyle Rose"/> (SECDIR), <contact
|
|
||||||
fullname="Martin Duke"/>, <contact fullname="Murray
|
|
||||||
Kucherawy"/>, <contact fullname="Mohamed Boucadair"/>, <contact
|
|
||||||
fullname="Paul Kyzivat"/> (GENART), <contact fullname="Rob
|
|
||||||
Wilton"/>, <contact fullname="Roman Danyliw"/>, and <contact
|
|
||||||
fullname="Ties de Kock"/>.
|
|
||||||
</t>
|
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
</back>
|
</back>
|
||||||
</rfc>
|
|
||||||
|
</rfc>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue