randy/draft-9092update
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

new example from russ and job, -03 published

Browse source
This commit is contained in:
Randy Bush 2023-09-20 12:38:10 -07:00
parent 00e77361f5
commit b13d97fdc9
1 changed files with 232 additions and 241 deletions
Download patch file Download diff file Expand all files Collapse all files

473
draft-ietf-opsawg-9092-update.xml
View file

@ -941,17 +941,17 @@
<section title="Example" anchor="example">
<t>
This appendix provides an example, including a trust anchor, a
CRL signed by the trust anchor, a CA certificate subordinate to
the trust anchor, a CRL signed by the CA, an end-entity
certificate subordinate to the CA for signing the geofeed, and a
detached signature.</t>
<t>
This appendix provides an example, including a trust anchor, a
CRL signed by the trust anchor, a CA certificate subordinate to
the trust anchor, a CRL signed by the CA, an end-entity
certificate subordinate to the CA for signing the geofeed, and a
detached signature.</t>
<t>
The trust anchor is represented by a self-signed certificate. As
usual in the RPKI, the trust anchor has authority over all IPv4
address blocks, all IPv6 address blocks, and all AS numbers.</t>
<t>
The trust anchor is represented by a self-signed certificate. As
usual in the RPKI, the trust anchor has authority over all IPv4
address blocks, all IPv6 address blocks, and all AS numbers.</t>
<figure><artwork><![CDATA[
-----BEGIN CERTIFICATE-----
@ -984,18 +984,18 @@ x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
<t>
The CRL issued by the trust anchor.</t>
<figure><artwork><![CDATA[
-----BEGIN X509 CRL-----
MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEX
DTIzMDkyMDE4MDkxMVoXDTIzMTAyMDE4MDkxMVqgLzAtMB8GA1UdIwQYMBaAFMC9
Ul2+0niyFuyzo0OV0gYLmQgyMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
AQALdNwYgIPHVauhT9yGV2Oj28aj6yI8X/xQz53Gh7zqz4AfKSA3rmFUiQiPnLiA
oO+oI83tzoTwxwVRdGpzc8ZhZ5yCwAQYZdiGteagLFi1zghWbRNWH/m7q/ypw1xd
GZs3ow6b29OMr9ue/5s++bWMQ6oHh24cVB5S9kX3v7N0OeE0/SGcKtaeT+WE5SWC
hudIB52s5NPcKu1SEnn/D8JLGoadxatmFEGMfRX2Wo9dcntcyCr/MPl6ZhvM9tsF
Oxoom7RRnAfz+AWwptYrCkvKFdk974UCe9Bq2Bq3xuhrLs1kT6+yy0U9y7hyJYK/
Dq9IJ9RuBsQagykwbwLbzlTr
-----END X509 CRL-----
<figure><artwork><![CDATA[
-----BEGIN X509 CRL-----
MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEX
DTIzMDkyMDE4MDkxMVoXDTIzMTAyMDE4MDkxMVqgLzAtMB8GA1UdIwQYMBaAFMC9
Ul2+0niyFuyzo0OV0gYLmQgyMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
AQALdNwYgIPHVauhT9yGV2Oj28aj6yI8X/xQz53Gh7zqz4AfKSA3rmFUiQiPnLiA
oO+oI83tzoTwxwVRdGpzc8ZhZ5yCwAQYZdiGteagLFi1zghWbRNWH/m7q/ypw1xd
GZs3ow6b29OMr9ue/5s++bWMQ6oHh24cVB5S9kX3v7N0OeE0/SGcKtaeT+WE5SWC
hudIB52s5NPcKu1SEnn/D8JLGoadxatmFEGMfRX2Wo9dcntcyCr/MPl6ZhvM9tsF
Oxoom7RRnAfz+AWwptYrCkvKFdk974UCe9Bq2Bq3xuhrLs1kT6+yy0U9y7hyJYK/
Dq9IJ9RuBsQagykwbwLbzlTr
-----END X509 CRL-----
]]></artwork></figure>
<t>
@ -1005,17 +1005,17 @@ Dq9IJ9RuBsQagykwbwLbzlTr
<figure><artwork><![CDATA[
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDLUwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMzA5MTYyMTAzMjhaFw0yNDA5
MTUyMTAzMjhaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG
MIIFCjCCA/KgAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDLYwDQYJKoZIhvcNAQEL
BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMzA5MjAxNjQ5MjhaFw0yNDA5
MTkxNjQ5MjhaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG
QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7
6wGIyZbtmhK63eEeaqbKz2GHub467498BXeVrYysO+YuIGgCEYKznNDZ4j5aaDbo
j5+4/z0Qvv6HEsxQd0f8br6lKJwgeRM6+fm7796HNPB0aqD7Zj9NRCLXjbB0DCgJ
liH6rXMKR86ofgll9V2mRjesvhdKYgkGbOif9rvxVpLJ/6zdru5CE9yeuJZ59l+n
YH/r6PzdJ4Q7yKrJX8qD6A60j4+biaU4MQ72KpsjhQNTTqF/HRwi0N54GDaknEwE
TnJQHgLJDYqww9yKWtjjAgMBAAGjggIvMIICKzAdBgNVHQ4EFgQUOs4s70+yG30R
4+GE78Hil7N3hkIwHwYDVR0jBBgwFoAU3hNEuwvUGNCHY1TBatcUR03pNdYwDwYD
TnJQHgLJDYqww9yKWtjjAgMBAAGjggIyMIICLjAdBgNVHQ4EFgQUOs4s70+yG30R
4+GE78Hil7N3hkIwHwYDVR0jBBgwFoAUwL1SXb7SeLIW7LOjQ5XSBguZCDIwDwYD
VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5u
ZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0Iz
@ -1025,13 +1025,13 @@ BgEFBQcBCwSBrDCBqTA+BggrBgEFBQcwCoYycnN5bmM6Ly9ycGtpLmV4YW1wbGUu
bmV0L3JlcG9zaXRvcnkvZXhhbXBsZS1jYS5tZnQwNQYIKwYBBQUHMA2GKWh0dHBz
Oi8vcnJkcC5leGFtcGxlLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBzAF
hiRyc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8wHwYIKwYBBQUH
AQcBAf8EEDAOMAwEAgABMAYDBADAAAIwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgMA
+/ACAwD78TANBgkqhkiG9w0BAQsFAAOCAQEAkWoRJBJRgIMRkTUgPDG/rqcd/fz+
eN8L3Yme1hNJuAnkf6S3pr5GT1NG9hVTphLFPI4jPSoPZSEQtZ6gsswU3KacnS2A
VtgHYfZA9gfRHhURuiWvFNSp+d7A2MeBmmRyBOD3a5v4f+wNoXPgPhUTZUsXh2Q4
q7WFgiQp6P8vdIXjZDKFB7Xtu7Fl1S5RVowV68DexjVfmaPTPZjetHaAqpz6C4/E
s4NArJzIL+8sqmIeuWUD11WXQ3wsC0IWuPMi6XOJQnPQQFtMPr79cftsw+Ynr/vc
F+WPd2Mdaby93ASOE2MyXdaaOf8Av3wIpMvhMuAuM03V/mPVksqxUbfOLw==
AQcBAf8EEDAOMAwEAgABMAYDBADAAAIwIQYIKwYBBQUHAQgBAf8EEjAQoA4wDDAK
AgMA+/ACAwD78TANBgkqhkiG9w0BAQsFAAOCAQEAGgn+1s4Vbp5CIPVtDG+gSjgU
kUCnUdFK8kE6cHtcwo/RGah2QBEhtUXk7U19OvEjvsGbXKhhVfGkvJV6/rxXxnTF
M+D+//Ef5Lvsxbxc85UDmhT5YDaDkuS9ClSEedZsN9/4bNzOve/JYB0Xj8GnLFH8
OJo38poa5o2veqcmuwNtsAa/hAKRgDAWGD/gMsNZd83zVBgvIVasYDYXyapClD/x
e3YCyWDJBJoJkFCoRB+Fb8lMAUFYx988S+BZGWA4VKGMUtPvdCtDwQak6c4PTziH
/10Tc9Jxst1F0nCdmfFyMWRHNw3e5y8pmEc3WwzihGhuuOvdLzVdoEMRSwQ+/g==
-----END CERTIFICATE-----
]]></artwork></figure>
@ -1062,9 +1062,9 @@ XQ==
<figure><artwork><![CDATA[
-----BEGIN CERTIFICATE-----
MIIEZDCCA0ygAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuwwDQYJKoZIhvcNAQEL
MIIEVjCCAz6gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
Mzc3ODY0MjAeFw0yMzA5MTYyMTAzMjhaFw0yNDA3MTIyMTAzMjhaMDMxMTAvBgNV
Mzc3ODY0MjAeFw0yMzA5MjAxNjQ5MjhaFw0yNDA3MTYxNjQ5MjhaMDMxMTAvBgNV
BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
@ -1072,20 +1072,20 @@ K0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZmr5xphXRvE+mzuJVLgu2V1upm
BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
AAGjggFuMIIBajAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
Y2VyMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwAACMA0GCSqGSIb3DQEB
CwUAA4IBAQAIdkoBMQydWkkaE91zFTX6xIzzDhllfDR5bgw8C2XrAkTiWlMce+/A
794a7j3+fIAyDrQ1fjgPLof6I7xMaiqyNtb+5GqXNk+sHwjg6AnInZV2Xgz2X6lJ
dtNck25zGwfj/RZ8BxO+UUzP0JUOCTAaCed2KOVF9qWfmXeZ2HPvZVD+01G0PNKd
DGKzBmtWKzXsWVk00fvm+xaDs/sBTf28O907AUM+2ipuFYfWYc2mPaT3C4uK0udl
3/FhUzH6loqs/c1jIsL3mWd8iR2eAwBa+rsp9sc3wbnPCjFOuFZKN85nnXzrbJ6d
FjqNix9Z2it7TCmU89JltreRt5Q1xX+m
AAGjggFgMIIBXDAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDgYDVR0PAQH/BAQDAgeAMBgGA1Ud
IAEB/wQOMAwwCgYIKwYBBQUHDgIwYQYDVR0fBFowWDBWoFSgUoZQcnN5bmM6Ly9y
cGtpLmV4YW1wbGUubmV0L3JlcG9zaXRvcnkvM0FDRTJDRUY0RkIyMUI3RDExRTNF
MTg0RUZDMUUyOTdCMzc3ODY0Mi5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUF
BzAChlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNlcjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAMAAAjANBgkqhkiG9w0BAQsFAAOCAQEAD6JvdAdo
vWT72DHKaK4Bw5Yv88g2pPHxWo+sckYyVZzr3yy29JItOHOWXv9WHcsi1mCEmqkn
JMjcCaj5RuHpR3s8EWyi5qomGOsE42w8aBpqfef9rapjW/O7o1p5LDm9qh/arw8O
VNU9+fnVBdbGJSVoDZScDyX+uitGeE9/dzktNeFV4bLivs/9CTXTy9eQ9RKMLkvh
a5sNwNMrSS79ps9+nvFvg3Ynbkc6JGYAQgZ8K0RfQwx37Vn/AmsfvKIJWf4HzMg3
eHQp/BZbbZCbr4FEy2wQhkFqXk5F1xQj91+rlyXpdbhcvbM3SyIhiWBkinVJSA/C
g1oJqaiTsNaoGw==
-----END CERTIFICATE-----
]]></artwork></figure>
@ -1093,197 +1093,188 @@ FjqNix9Z2it7TCmU89JltreRt5Q1xX+m
The end-entity certificate is displayed below in detail. For
brevity, the other two certificates are not.</t>
<figure><artwork><![CDATA[
0 1124: SEQUENCE {
4 844: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 20: INTEGER
: 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 6E
: E1 66 EC
35 13: SEQUENCE {
37 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
48 0: NULL
: }
50 51: SEQUENCE {
52 49: SET {
54 47: SEQUENCE {
56 3: OBJECT IDENTIFIER commonName (2 5 4 3)
61 40: PrintableString
: '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
: }
: }
: }
103 30: SEQUENCE {
105 13: UTCTime 16/09/2023 21:03:28 GMT
120 13: UTCTime 12/07/2024 21:03:28 GMT
: }
135 51: SEQUENCE {
137 49: SET {
139 47: SEQUENCE {
141 3: OBJECT IDENTIFIER commonName (2 5 4 3)
146 40: PrintableString
: '914652A3BD51C144260198889F5C45ABF053A187'
: }
: }
: }
188 290: SEQUENCE {
192 13: SEQUENCE {
194 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
205 0: NULL
: }
207 271: BIT STRING, encapsulates {
212 266: SEQUENCE {
216 257: INTEGER
: 00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8
: 40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
: B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
: 57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
: 74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
: 9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
: E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
: 95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
: F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
: 16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
: BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
: 88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
: 6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
: 67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
: 78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
: FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
: EB
477 3: INTEGER 65537
: }
: }
: }
482 366: [3] {
486 362: SEQUENCE {
490 29: SEQUENCE {
492 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
497 22: OCTET STRING, encapsulates {
499 20: OCTET STRING
: 91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
: F0 53 A1 87
: }
: }
521 31: SEQUENCE {
523 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
528 24: OCTET STRING, encapsulates {
530 22: SEQUENCE {
532 20: [0]
: 3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
: B3 77 86 42
: }
: }
: }
554 12: SEQUENCE {
556 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
561 1: BOOLEAN TRUE
564 2: OCTET STRING, encapsulates {
566 0: SEQUENCE {}
: }
: }
568 14: SEQUENCE {
570 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
575 1: BOOLEAN TRUE
578 4: OCTET STRING, encapsulates {
580 2: BIT STRING 7 unused bits
: '1'B (bit 0)
: }
: }
584 24: SEQUENCE {
586 3: OBJECT IDENTIFIER
: certificatePolicies (2 5 29 32)
591 1: BOOLEAN TRUE
594 14: OCTET STRING, encapsulates {
596 12: SEQUENCE {
598 10: SEQUENCE {
600 8: OBJECT IDENTIFIER
: resourceCertificatePolicy
: (1 3 6 1 5 5 7 14 2)
: }
: }
: }
: }
610 97: SEQUENCE {
612 3: OBJECT IDENTIFIER
: cRLDistributionPoints (2 5 29 31)
617 90: OCTET STRING, encapsulates {
619 88: SEQUENCE {
621 86: SEQUENCE {
623 84: [0] {
625 82: [0] {
627 80: [6]
: 'rsync://rpki.example.net/repository/3ACE'
: '2CEF4FB21B7D11E3E184EFC1E297B3778642.crl'
: }
: }
: }
: }
: }
: }
709 108: SEQUENCE {
711 8: OBJECT IDENTIFIER
: authorityInfoAccess (1 3 6 1 5 5 7 1 1)
721 96: OCTET STRING, encapsulates {
723 94: SEQUENCE {
725 92: SEQUENCE {
727 8: OBJECT IDENTIFIER
: caIssuers (1 3 6 1 5 5 7 48 2)
737 80: [6]
: 'rsync://rpki.example.net/repository/3ACE'
: '2CEF4FB21B7D11E3E184EFC1E297B3778642.cer'
: }
: }
: }
: }
819 31: SEQUENCE {
821 8: OBJECT IDENTIFIER
: ipAddrBlocks (1 3 6 1 5 5 7 1 7)
831 1: BOOLEAN TRUE
834 16: OCTET STRING, encapsulates {
836 14: SEQUENCE {
838 12: SEQUENCE {
840 2: OCTET STRING 00 01
844 6: SEQUENCE {
846 4: BIT STRING
: '010000000000000000000011'B
: }
: }
: }
: }
: }
: }
: }
: }
852 13: SEQUENCE {
854 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
865 0: NULL
: }
867 257: BIT STRING
: 08 76 4A 01 31 0C 9D 5A 49 1A 13 DD 73 15 35 FA
: C4 8C F3 0E 19 65 7C 34 79 6E 0C 3C 0B 65 EB 02
: 44 E2 5A 53 1C 7B EF C0 EF DE 1A EE 3D FE 7C 80
: 32 0E B4 35 7E 38 0F 2E 87 FA 23 BC 4C 6A 2A B2
: 36 D6 FE E4 6A 97 36 4F AC 1F 08 E0 E8 09 C8 9D
: 95 76 5E 0C F6 5F A9 49 76 D3 5C 93 6E 73 1B 07
: E3 FD 16 7C 07 13 BE 51 4C CF D0 95 0E 09 30 1A
: 09 E7 76 28 E5 45 F6 A5 9F 99 77 99 D8 73 EF 65
: 50 FE D3 51 B4 3C D2 9D 0C 62 B3 06 6B 56 2B 35
: EC 59 59 34 D1 FB E6 FB 16 83 B3 FB 01 4D FD BC
: 3B DD 3B 01 43 3E DA 2A 6E 15 87 D6 61 CD A6 3D
: A4 F7 0B 8B 8A D2 E7 65 DF F1 61 53 31 FA 96 8A
: AC FD CD 63 22 C2 F7 99 67 7C 89 1D 9E 03 00 5A
: FA BB 29 F6 C7 37 C1 B9 CF 0A 31 4E B8 56 4A 37
: CE 67 9D 7C EB 6C 9E 9D 16 3A 8D 8B 1F 59 DA 2B
: 7B 4C 29 94 F3 D2 65 B6 B7 91 B7 94 35 C5 7F A6
: }
<figure><artwork><![CDATA[
0 1110: SEQUENCE {
4 830: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 20: INTEGER
: 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9
: 6E E1 66 ED
35 13: SEQUENCE {
37 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
48 0: NULL
: }
50 51: SEQUENCE {
52 49: SET {
54 47: SEQUENCE {
56 3: OBJECT IDENTIFIER commonName (2 5 4 3)
61 40: PrintableString
: '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
: }
: }
: }
103 30: SEQUENCE {
105 13: UTCTime 20/09/2023 16:49:28 GMT
120 13: UTCTime 16/07/2024 16:49:28 GMT
: }
135 51: SEQUENCE {
137 49: SET {
139 47: SEQUENCE {
141 3: OBJECT IDENTIFIER commonName (2 5 4 3)
146 40: PrintableString
: '914652A3BD51C144260198889F5C45ABF053A187'
: }
: }
: }
188 290: SEQUENCE {
192 13: SEQUENCE {
194 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
205 0: NULL
: }
207 271: BIT STRING, encapsulates {
212 266: SEQUENCE {
216 257: INTEGER
: 00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8
: 40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
: B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
: 57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
: 74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
: 9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
: E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
: 95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
: F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
: 16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
: BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
: 88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
: 6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
: 67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
: 78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
: FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
: EB
477 3: INTEGER 65537
: }
: }
: }
482 352: [3] {
486 348: SEQUENCE {
490 29: SEQUENCE {
492 3: OBJECT IDENTIFIER
: subjectKeyIdentifier (2 5 29 14)
497 22: OCTET STRING, encapsulates {
499 20: OCTET STRING
: 91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
: F0 53 A1 87
: }
: }
521 31: SEQUENCE {
523 3: OBJECT IDENTIFIER
: authorityKeyIdentifier (2 5 29 35)
528 24: OCTET STRING, encapsulates {
530 22: SEQUENCE {
532 20: [0]
: 3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
: B3 77 86 42
: }
: }
: }
554 14: SEQUENCE {
556 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
561 1: BOOLEAN TRUE
564 4: OCTET STRING, encapsulates {
566 2: BIT STRING 7 unused bits
: '1'B (bit 0)
: }
: }
570 24: SEQUENCE {
572 3: OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
577 1: BOOLEAN TRUE
580 14: OCTET STRING, encapsulates {
582 12: SEQUENCE {
584 10: SEQUENCE {
586 8: OBJECT IDENTIFIER
: resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
: }
: }
: }
: }
596 97: SEQUENCE {
598 3: OBJECT IDENTIFIER
: cRLDistributionPoints (2 5 29 31)
603 90: OCTET STRING, encapsulates {
605 88: SEQUENCE {
607 86: SEQUENCE {
609 84: [0] {
611 82: [0] {
613 80: [6]
: 'rsync://rpki.example.net/repository/3ACE'
: '2CEF4FB21B7D11E3E184EFC1E297B3778642.crl'
: }
: }
: }
: }
: }
: }
695 108: SEQUENCE {
697 8: OBJECT IDENTIFIER
: authorityInfoAccess (1 3 6 1 5 5 7 1 1)
707 96: OCTET STRING, encapsulates {
709 94: SEQUENCE {
711 92: SEQUENCE {
713 8: OBJECT IDENTIFIER
: caIssuers (1 3 6 1 5 5 7 48 2)
723 80: [6]
: 'rsync://rpki.example.net/repository/3ACE'
: '2CEF4FB21B7D11E3E184EFC1E297B3778642.cer'
: }
: }
: }
: }
805 31: SEQUENCE {
807 8: OBJECT IDENTIFIER
: ipAddrBlocks (1 3 6 1 5 5 7 1 7)
817 1: BOOLEAN TRUE
820 16: OCTET STRING, encapsulates {
822 14: SEQUENCE {
824 12: SEQUENCE {
826 2: OCTET STRING 00 01
830 6: SEQUENCE {
832 4: BIT STRING
: '010000000000000000000011'B
: }
: }
: }
: }
: }
: }
: }
: }
838 13: SEQUENCE {
840 9: OBJECT IDENTIFIER
: sha256WithRSAEncryption (1 2 840 113549 1 1 11)
851 0: NULL
: }
853 257: BIT STRING
: 0F A2 6F 74 07 68 BD 64 FB D8 31 CA 68 AE 01 C3
: 96 2F F3 C8 36 A4 F1 F1 5A 8F AC 72 46 32 55 9C
: EB DF 2C B6 F4 92 2D 38 73 96 5E FF 56 1D CB 22
: D6 60 84 9A A9 27 24 C8 DC 09 A8 F9 46 E1 E9 47
: 7B 3C 11 6C A2 E6 AA 26 18 EB 04 E3 6C 3C 68 1A
: 6A 7D E7 FD AD AA 63 5B F3 BB A3 5A 79 2C 39 BD
: AA 1F DA AF 0F 0E 54 D5 3D F9 F9 D5 05 D6 C6 25
: 25 68 0D 94 9C 0F 25 FE BA 2B 46 78 4F 7F 77 39
: 2D 35 E1 55 E1 B2 E2 BE CF FD 09 35 D3 CB D7 90
: F5 12 8C 2E 4B E1 6B 9B 0D C0 D3 2B 49 2E FD A6
: CF 7E 9E F1 6F 83 76 27 6E 47 3A 24 66 00 42 06
: 7C 2B 44 5F 43 0C 77 ED 59 FF 02 6B 1F BC A2 09
: 59 FE 07 CC C8 37 78 74 29 FC 16 5B 6D 90 9B AF
: 81 44 CB 6C 10 86 41 6A 5E 4E 45 D7 14 23 F7 5F
: AB 97 25 E9 75 B8 5C BD B3 37 4B 22 21 89 60 64
: 8A 75 49 48 0F C2 83 5A 09 A9 A8 93 B0 D6 A8 1B
: }
]]></artwork></figure>
<t>