diff --git a/draft-ymbk-9092update.xml b/draft-ymbk-9092update.xml
index ed3bf33..1756bdd 100644
--- a/draft-ymbk-9092update.xml
+++ b/draft-ymbk-9092update.xml
@@ -457,19 +457,19 @@
         public RPKI, has the needed public key.
       </t>
       <t>
-        The appendix <bcp14>MUST</bcp14> be hidden as a series of "#" comments at the
-        end of the geofeed file.  The following is a cryptographically
-        incorrect, albeit simple, example.  A correct and full example is
-        in <xref target="example" format="default"/>.
+        The appendix <bcp14>MUST</bcp14> be hidden as a series of "#"
+        comments at the end of the geofeed file. The following is a
+        cryptographically incorrect, albeit simple, example. A correct
+        and full example is in <xref target="example" format="default"/>.
       </t>
       <sourcecode type=""><![CDATA[
-    # RPKI Signature: 192.0.2.0 - 192.0.2.255
-    # MIIGlwYJKoZIhvcNAQcCoIIGiDCCBoQCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
-    # IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
+    # RPKI Signature: 2001:db8::/32
+    # MIIGLgYJKoZIhvcNAQcCoIIGHzCCBhsCAQMxDTALBglghkgBZQMEAgEwDQYLKoZI
+    # hvcNAQkQAS+gggRIMIIERDCCAyygAwIBAgIBADANBgkqhkiG9w0BAQsFADAzMTEw
     ...
-    # imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa
-    # O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk=
-    # End Signature: 192.0.2.0 - 192.0.2.255
+    # oD+3aK++ef1zZdMXuyn7qE/z2ITT+98MY+GVIouFrL7+tMKOj8rhCnvZtlkrv9lz
+    # RvA=
+    # End Signature: 2001:db8::/32
         ]]></sourcecode>
       <t>
         The signature does not cover the signature lines.
@@ -764,299 +764,214 @@
       address blocks, all IPv6 address blocks, and all Autonomous System (AS) numbers.
       </t>
       <sourcecode type=""><![CDATA[
-    -----BEGIN CERTIFICATE-----
-    MIIEPjCCAyagAwIBAgIUPsUFJ4e/7pKZ6E14aBdkbYzms1gwDQYJKoZIhvcNAQEL
-    BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMDA5MDMxODU0NTRaFw0zMDA5
-    MDExODU0NTRaMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEwggEiMA0GCSqGSIb3DQEB
-    AQUAA4IBDwAwggEKAoIBAQCelMmMDCGBhqn/a3VrNAoKMr1HVLKxGoG7VF/13HZJ
-    0twObUZlh3Jz+XeD+kNAURhELWTrsgdTkQQfqinqOuRemxTl55+x7nLpe5nmwaBH
-    XqqDOHubmkbAGanGcm6T/rD9KNk1Z46Uc2p7UYu0fwNO0mo0aqFL2FSyvzZwziNe
-    g7ELYZ4a3LvGn81JfP/JvM6pgtoMNuee5RV6TWaz7LV304ICj8Bhphy/HFpOA1rb
-    O9gs8CUMgqz+RroAIa8cV8gbF/fPCz9Ofl7Gdmib679JxxFrW4wRJ0nMJgJmsZXq
-    jaVc0g7ORc+eIAcHw7Uroc6h7Y7lGjOkDZF75j0mLQa3AgMBAAGjggGEMIIBgDAd
-    BgNVHQ4EFgQU3hNEuwvUGNCHY1TBatcUR03pNdYwHwYDVR0jBBgwFoAU3hNEuwvU
-    GNCHY1TBatcUR03pNdYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-    GAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCBuQYIKwYBBQUHAQsEgawwgakwPgYI
-    KwYBBQUHMAqGMnJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5L2V4
-    YW1wbGUtdGEubWZ0MDUGCCsGAQUFBzANhilodHRwczovL3JyZHAuZXhhbXBsZS5u
-    ZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcwBYYkcnN5bmM6Ly9ycGtpLmV4
-    YW1wbGUubmV0L3JlcG9zaXRvcnkvMCcGCCsGAQUFBwEHAQH/BBgwFjAJBAIAATAD
-    AwEAMAkEAgACMAMDAQAwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgEAAgUA/////zAN
-    BgkqhkiG9w0BAQsFAAOCAQEAgZFQ0Sf3CI5Hwev61AUWHYOFniy69PuDTq+WnhDe
-    xX5rpjSDRrs5L756KSKJcaOJ36lzO45lfOPSY9fH6x30pnipaqRA7t5rApky24jH
-    cSUA9iRednzxhVyGjWKnfAKyNo2MYfaOAT0db1GjyLKbOADI9FowtHBUu+60ykcM
-    Quz66XrzxtmxlrRcAnbv/HtV17qOd4my6q5yjTPR1dmYN9oR/2ChlXtGE6uQVguA
-    rvNZ5CwiJ1TgGGTB7T8ORHwWU6dGTc0jk2rESAaikmLi1roZSNC21fckhapEit1a
-    x8CyiVxjcVc5e0AmS1rJfL6LIfwmtive/N/eBtIM92HkBA==
-    -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApleGFt
+ cGxlLXRhMB4XDTIyMTIwNzEwMTkxNFoXDTMyMTIwNDEwMTkxNFowFTETMBEGA1UE
+ AwwKZXhhbXBsZS10YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdb
+ hyqTPhg4o1dG+TfogdLiiDVGi56jVcrjMt3umDfcdup5NuDu3l5tJQlXSIe3NmwB
+ 3jjuE0YV1sqIqbt7tflnA8MFczOrrn12I8WHi6Gy23n1x0bw96hmHXgXcJfOohS9
+ ktR2Y3BKIjvfjK7ru7ojFMCGEq/wtZkjA9mYN9TG0FUXLR08OXs9/xRefiLomNuP
+ wGp27NPx3/lV2AmeBtLJYdDXpmBoXO4vQ1FdFHNQuZ9SxE22SOTX/Ow1uUtLZf6L
+ 3PkFU/KJyuUqUckzpVMqNzZmhQWt3CpiYh3kBARGosbU5xVbZoFmAyhDh6xZhvCc
+ UQ79m/aUOCaStUJxRqsCAwEAAaOCASYwggEiMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+ VR0OBBYEFMQZWCDkIcMYkD1pYn8h16RoGd/YMA4GA1UdDwEB/wQEAwIBBjB6Bggr
+ BgEFBQcBCwRuMGwwMAYIKwYBBQUHMAWGJHJzeW5jOi8vcnBraS5leGFtcGxlLm5l
+ dC9yZXBvc2l0b3J5LzA4BggrBgEFBQcwCoYscnN5bmM6Ly9ycGtpLmV4YW1wbGUu
+ bmV0L3JlcG9zaXRvcnkvcm9vdC5tZnQwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcO
+ AjAhBggrBgEFBQcBCAEB/wQSMBCgDjAMMAoCAQACBQD/////MCcGCCsGAQUFBwEH
+ AQH/BBgwFjAJBAIAATADAwEAMAkEAgACMAMDAQAwDQYJKoZIhvcNAQELBQADggEB
+ ABQi1zxIoHao95LHXrn2dZVoIS3ZcHxcHIAvjXO0gr1F9P+ydTpurm0G02G3bwL0
+ 58pirQYG7dRecSdU6GEk07FOwmYpwYFx9DgkLuok4w9PdYvIDOwP6Rv3EWR7CxbW
+ kcHpOy+eMyIwbX+90z7tajJWK6aAUI/AEjQFL6P7hBqodujpgMoUu8u2FImslhYK
+ vKHXgSMMiBin6/IiMiZKcWsUoxtcL8ZECFyPXQieuyRGubPg9Q6lAPYMrJ8WqngH
+ GmOy5TmbIHhxz5Aej/7lqXIRcoIHh7e+P0dPWSrdTS+zhJhdKTOW+Ctpf1dXXfX+
+ vXXiZtI/UPe3iyRVQeErym0=
+ -----END CERTIFICATE-----
 ]]></sourcecode>
 
       <t>
    The CA certificate is issued by the trust anchor.  This
    certificate grants authority over one IPv4 address block
-   (192.0.2.0/24) and two AS numbers (64496 and 64497).</t>
+   (192.0.2.0/24), one IPv6 address block (2001:db8::/32),
+   and one AS numbers (64496).</t>
       <sourcecode type=""><![CDATA[
-    -----BEGIN CERTIFICATE-----
-    MIIFBzCCA++gAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDKowDQYJKoZIhvcNAQEL
-    BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yMDA5MDMxOTAyMTlaFw0yMTA5
-    MDMxOTAyMTlaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG
-    QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
-    zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7
-    6wGIyZbtmhK63eEeaqbKz2GHub467498BXeVrYysO+YuIGgCEYKznNDZ4j5aaDbo
-    j5+4/z0Qvv6HEsxQd0f8br6lKJwgeRM6+fm7796HNPB0aqD7Zj9NRCLXjbB0DCgJ
-    liH6rXMKR86ofgll9V2mRjesvhdKYgkGbOif9rvxVpLJ/6zdru5CE9yeuJZ59l+n
-    YH/r6PzdJ4Q7yKrJX8qD6A60j4+biaU4MQ72KpsjhQNTTqF/HRwi0N54GDaknEwE
-    TnJQHgLJDYqww9yKWtjjAgMBAAGjggIvMIICKzAdBgNVHQ4EFgQUOs4s70+yG30R
-    4+GE78Hil7N3hkIwHwYDVR0jBBgwFoAU3hNEuwvUGNCHY1TBatcUR03pNdYwDwYD
-    VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwGAYDVR0gAQH/BA4wDDAKBggr
-    BgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5u
-    ZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0Iz
-    Nzc4NjQyLmNybDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMnJzeW5jOi8v
-    cnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5L2V4YW1wbGUtdGEuY2VyMIG5Bggr
-    BgEFBQcBCwSBrDCBqTA+BggrBgEFBQcwCoYycnN5bmM6Ly9ycGtpLmV4YW1wbGUu
-    bmV0L3JlcG9zaXRvcnkvZXhhbXBsZS1jYS5tZnQwNQYIKwYBBQUHMA2GKWh0dHBz
-    Oi8vcnJkcC5leGFtcGxlLm5ldC9ub3RpZmljYXRpb24ueG1sMDAGCCsGAQUFBzAF
-    hiRyc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8wHwYIKwYBBQUH
-    AQcBAf8EEDAOMAwEAgABMAYDBADAAAIwHgYIKwYBBQUHAQgEEjAQoA4wDDAKAgMA
-    +/ACAwD78TANBgkqhkiG9w0BAQsFAAOCAQEAnLu+d1ZsUTiX3YWGueTHIalW4ad0
-    Kupi7pYMV2nXbxNGmdJMol9BkzVz9tj55ReMghUU4YLm/ICYe4fz5e0T8o9s/vIm
-    cGS29+WoGuiznMitpvbS/379gaMezk6KpqjH6Brw6meMqy09phmcmvm3x3WTmx09
-    mLlQneMptwk8qSYcnMUmGLJs+cVqmkOa3sWRdw8WrGu6QqYtQz3HFZQojF06YzEq
-    V/dBdCFdEOwTfVl2n2XqhoJl/oEBdC4uu2G0qRk3+WVs+uwVHP0Ttsbt7TzFgZfY
-    yxqvOg6QoldxZVZmHHncKmETu/BqCDGJot9may31ukrx34Bu+XFMVihm0w==
-    -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIEojCCA4qgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApleGFt
+ cGxlLXRhMB4XDTIyMTIwNzEwMTkxNVoXDTI0MTIwNjEwMTkxNVowMzExMC8GA1UE
+ AwwoM0M2QjMzRTU3MDlDMDczQTg2OEM5NUQ5NTVCMEY1NkUzNzgyMUQ3QjCCASIw
+ DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL7A4NZ/AgbMO8SJIlYWlC+rL8AC
+ N5jHzuHGlKsXsTjKg4Pwlq2O02VfroMi4LOe9jnNR/JTt3YAer+lHAFdB4XBHQgM
+ Es/JfSdSfNEZrwkrZ9rTiY21c3naSPj64HeXmTxl4Z0eTQKhPoiKgG582lCubdO6
+ ws6FZTeS91sXUY8VH9pP+W+e5Xs8YYkCl3co9N0voOaUjpjexZ5Nrx2dJIUf0MGz
+ j7Ncagd2vXU47GduTRtW/cSDLMigl0oAUh/Coa4KcbL6fTyoe39LNGfkFlIkkdGG
+ gYQFNxWkfCLZTHM/VjVbkomJoEM0vnQa0xGMt+aUHP1jRCoF+UF1z57wTV0CAwEA
+ AaOCAd0wggHZMB0GA1UdDgQWBBQ4FgEDRqNA4XXaFVAKyLrqmhhO/DAfBgNVHSME
+ GDAWgBTEGVgg5CHDGJA9aWJ/IdekaBnf2DAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+ DwEB/wQEAwIBBjBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAKGMnJzeW5jOi8v
+ cnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5L2V4YW1wbGUtdGEuY2VyMIGABggr
+ BgEFBQcBCwR0MHIwMAYIKwYBBQUHMAWGJHJzeW5jOi8vcnBraS5leGFtcGxlLm5l
+ dC9yZXBvc2l0b3J5LzA+BggrBgEFBQcwCoYycnN5bmM6Ly9ycGtpLmV4YW1wbGUu
+ bmV0L3JlcG9zaXRvcnkvZXhhbXBsZS1jYS5tZnQwPQYDVR0fBDYwNDAyoDCgLoYs
+ cnN5bmM6Ly9ycGtpLmV4YW1wbGUubmV0L3JlcG9zaXRvcnkvcm9vdC5jcmwwGAYD
+ VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMA
+ +/AwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBADAAAIwDQQCAAIwBwMFACAB
+ DbgwDQYJKoZIhvcNAQELBQADggEBACU1s/+CGThdasY1e5E4o3La2y94Leb5EPzO
+ 51ARVinKkJSmmDJWtTTUlZnGHV0Tggp7uN/CVSPu5dWrt7zEHa+Tycwe2r6Mz3BM
+ IPGI0RUKKebS9lSnEWFn01u2TrM7gEBe8X6fF55qoH8pnut7d5N1V+CnAd6720zf
+ ob/MENQ4r4ZU6pVj2c3R0MLLEX/rz1wbr/f7N1Cjij0vnTHHD+ViqgJO+ZxboYOn
+ RZFPG3uQM5xBKH36a32ON4B5xUb9DDdOOlXqbmW7BUDXgUSN1MheuXgCVExuxTTn
+ MF+ONSJCk8UqgGA7TlXusYO8wygQQgZLUGq6a8Ls6oYF7UJlvB4=
+ -----END CERTIFICATE-----
 ]]></sourcecode>
+
       <t>
-   The end-entity certificate is issued by the CA.  This
-   certificate grants signature authority for one IPv4 address block
-   (192.0.2.0/24).  Signature authority for AS numbers is not needed for
-   geofeed data signatures, so no AS numbers are included in the
-   certificate.</t>
+   The CRL 'root.crl' referenced by the above CA certificate.</t>
       <sourcecode type=""><![CDATA[
-    -----BEGIN CERTIFICATE-----
-    MIIEpTCCA42gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZuQwDQYJKoZIhvcNAQEL
-    BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC
-    Mzc3ODY0MjAeFw0yMTA1MjAxNjA1NDVaFw0yMjAzMTYxNjA1NDVaMDMxMTAvBgNV
-    BAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM0NUFCRjA1M0ExODcwggEi
-    MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycTQrOb/qB2W3i3Ki8PhA/DEW
-    yii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQgtPCVwr62hTQZCIowBN0BL0c
-    K0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZmr5xphXRvE+mzuJVLgu2V1upm
-    BXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXhaFLe08y4DPfr/S/tXJOBm7QzQp
-    tmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKGzqTFCcc3EW9l5UFE1MFLlnoEog
-    qtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQft5w6g6cmxG+aYDdIEB34zrAgMB
-    AAGjggGvMIIBqzAdBgNVHQ4EFgQUkUZSo71RwUQmAZiIn1xFq/BToYcwHwYDVR0j
-    BBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkIwDAYDVR0TAQH/BAIwADAOBgNVHQ8B
-    Af8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBgNVHR8EWjBYMFag
-    VKBShlByc3luYzovL3Jwa2kuZXhhbXBsZS5uZXQvcmVwb3NpdG9yeS8zQUNFMkNF
-    RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNybDBsBggrBgEFBQcB
-    AQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBv
-    c2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIu
-    Y2VyMBkGCCsGAQUFBwEHAQH/BAowCDAGBAIAAQUAMEUGCCsGAQUFBwELBDkwNzA1
-    BggrBgEFBQcwDYYpaHR0cHM6Ly9ycmRwLmV4YW1wbGUubmV0L25vdGlmaWNhdGlv
-    bi54bWwwDQYJKoZIhvcNAQELBQADggEBAEjC98gVp0Mb7uiKaHylP0453mtJ+AkN
-    07fsK/qGw/e90DJv7cp1hvjj4uy3sgf7PJQ7cKNGrgybq/lE0jce+ARgVjbi2Brz
-    ZsWAnB846Snwsktw6cenaif6Aww6q00NspAepMBd2Vg/9sKFvOwJFVOgNcqiQiXP
-    5rGJPWBcOMv52a/7adjfXwpnOijiTOgMloQGmC2TPZpydZKjlxEATdFEQssa33xD
-    nlpp+/r9xuNVYRtRcC36oWraVA3jzN6F6rDE8r8xs3ylISVz6JeCQ4YRYwbMsjjc
-    /tiJLM7ZYxIe5IrYz1ZtN6n/SEssJAswRIgps2EhCt/HS2xAmGCOhgU=
-    -----END CERTIFICATE-----
+ -----BEGIN X509 CRL-----
+ MIIBgjBsAgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMMCmV4YW1wbGUtdGEX
+ DTIyMTIwNzEwMTkxNFoXDTIyMTIwOTEwMTkxNFqgIzAhMB8GA1UdIwQYMBaAFMQZ
+ WCDkIcMYkD1pYn8h16RoGd/YMA0GCSqGSIb3DQEBCwUAA4IBAQC5r9IizRpG6Epw
+ w2S03J8iLaJyxWT7anAweZO0KS7XbjuD5ZgrPd3O4UZ9kDs9G1RxVR1wfLYU6caI
+ BydGYr/n5ClRUq+4d4+0GxfJT4QcIT7/MSHupHywY/GsJFPWMzkox2it+TRt0S+a
+ W0o7d8Cs0beTJKAwTvPsx+vPzJaQvoo44pgKfKsvTbvMi9RY2T8ktU7y03M/yMkF
+ Oo0Q5XF1TEnPlSd+pkhVBH1BDzYLJSGI4wPMLI7CO7evkD9dQlCX0JHhGw4NOl8W
+ w/Ln909WZIbntBF5uER23KFhdRkrkMTN7fkTULXbVQlEANQmdd2QUvjEmGnZo+Ln
+ ltXaR53q
+ -----END X509 CRL-----
 ]]></sourcecode>
+
+      <t>
+   The CRL '3C6B33E5709C073A868C95D955B0F56E37821D7B.crl' referenced by
+   the below EE certificate.</t>
+      <sourcecode type=""><![CDATA[
+ -----BEGIN X509 CRL-----
+ MIIBoTCBigIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDDCgzQzZCMzNFNTcw
+ OUMwNzNBODY4Qzk1RDk1NUIwRjU2RTM3ODIxRDdCFw0yMjEyMDcxMDE5MTVaFw0y
+ MjEyMDkxMDE5MTVaoCMwITAfBgNVHSMEGDAWgBQ4FgEDRqNA4XXaFVAKyLrqmhhO
+ /DANBgkqhkiG9w0BAQsFAAOCAQEAJysjVqBT8CgYA2PHdtGOeNR17Qz70yp2yBn3
+ plfdEvRHc2mtyuWt1uUNkCeZCninNhyAQi+In7az42rNomWYUBoqzQAAEmvxwgkA
+ zM0Mnt9nbWO00coUl4+tx61LArUMq7EYXWX8Bi49O2jBUZ23+HL+ViXVbZzI5nYQ
+ SZ3o7pN28on6dNgJs1NyfAJ6RjeIc5d11JpFgWIu9zIGkS1kCK3+HghOvKPlug94
+ De/pWbK7PwHXPKSxrsLef12ZWTAaRS6ceCmd58ng8agHb3rUuPMlOyLQA/6kM7DL
+ KJT4BxPuo9wA0zJyTWOy+7aiZ9YbxGRkzTL5VUe9eLj1oQbLGg==
+ -----END X509 CRL-----
+]]></sourcecode>
+
       <t>
       The end-entity certificate is displayed below in detail.  For
       brevity, the other two certificates are not.
       </t>
       <sourcecode type=""><![CDATA[
-    0 1189: SEQUENCE {
-    4  909:  SEQUENCE {
-    8    3:   [0] {
-   10    1:    INTEGER 2
-          :     }
-   13   20:   INTEGER 27AD394083D7F2B5B99B8670C775B2B96EE166E4
-   35   13:   SEQUENCE {
-   37    9:    OBJECT IDENTIFIER
-          :     sha256WithRSAEncryption (1 2 840 113549 1 1 11)
-   48    0:    NULL
-          :     }
-   50   51:   SEQUENCE {
-   52   49:    SET {
-   54   47:     SEQUENCE {
-   56    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
-   61   40:      PrintableString
-          :       '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
-          :       }
-          :      }
-          :     }
-  103   30:   SEQUENCE {
-  105   13:    UTCTime 20/05/2021 16:05:45 GMT
-  120   13:    UTCTime 16/03/2022 16:05:45 GMT
-          :     }
-  135   51:   SEQUENCE {
-  137   49:    SET {
-  139   47:     SEQUENCE {
-  141    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
-  146   40:      PrintableString
-          :       '914652A3BD51C144260198889F5C45ABF053A187'
-          :       }
-          :      }
-          :     }
-  188  290:   SEQUENCE {
-  192   13:    SEQUENCE {
-  194    9:     OBJECT IDENTIFIER rsaEncryption
-          :      (1 2 840 113549 1 1 1)
-  205    0:     NULL
-          :      }
-  207  271:    BIT STRING, encapsulates {
-  212  266:     SEQUENCE {
-  216  257:      INTEGER
-          :       00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8
-          :       40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
-          :       B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
-          :       57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
-          :       74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
-          :       9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
-          :       E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
-          :       95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
-          :       F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
-          :       16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
-          :       BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
-          :       88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
-          :       6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
-          :       67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
-          :       78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
-          :       FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
-          :       EB
-  477    3:      INTEGER 65537
-          :       }
-          :      }
-          :     }
-  482  431:   [3] {
-  486  427:    SEQUENCE {
-  490   29:     SEQUENCE {
-  492    3:      OBJECT IDENTIFIER subjectKeyIdentifier (2 5 29 14)
-  497   22:      OCTET STRING, encapsulates {
-  499   20:       OCTET STRING
-          :        91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
-          :        F0 53 A1 87
-          :        }
-          :       }
-  521   31:     SEQUENCE {
-  523    3:      OBJECT IDENTIFIER authorityKeyIdentifier (2 5 29 35)
-  528   24:      OCTET STRING, encapsulates {
-  530   22:       SEQUENCE {
-  532   20:        [0]
-          :         3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
-          :         B3 77 86 42
-          :         }
-          :        }
-          :       }
-  554   12:     SEQUENCE {
-  556    3:      OBJECT IDENTIFIER basicConstraints (2 5 29 19)
-  561    1:      BOOLEAN TRUE
-  564    2:      OCTET STRING, encapsulates {
-  566    0:       SEQUENCE {}
-          :        }
-          :       }
-  568   14:     SEQUENCE {
-  570    3:      OBJECT IDENTIFIER keyUsage (2 5 29 15)
-  575    1:      BOOLEAN TRUE
-  578    4:      OCTET STRING, encapsulates {
-  580    2:       BIT STRING 7 unused bits
-          :        '1'B (bit 0)
-          :        }
-          :       }
-  584   24:     SEQUENCE {
-  586    3:      OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
-  591    1:      BOOLEAN TRUE
-  594   14:      OCTET STRING, encapsulates {
-  596   12:       SEQUENCE {
-  598   10:        SEQUENCE {
-  600    8:         OBJECT IDENTIFIER
-          :          resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
-          :          }
-          :         }
-          :        }
-          :       }
-  610   97:     SEQUENCE {
-  612    3:      OBJECT IDENTIFIER cRLDistributionPoints (2 5 29 31)
-  617   90:      OCTET STRING, encapsulates {
-  619   88:       SEQUENCE {
-  621   86:        SEQUENCE {
-  623   84:         [0] {
-  625   82:          [0] {
-  627   80:           [6]
-          :          'rsync://rpki.example.net/repository/3ACE2CEF4F'
-          :          'B21B7D11E3E184EFC1E297B3778642.crl'
-          :            }
-          :           }
-          :          }
-          :         }
-          :        }
-          :       }
-  709  108:     SEQUENCE {
-  711    8:      OBJECT IDENTIFIER authorityInfoAccess
-          :       (1 3 6 1 5 5 7 1 1)
-  721   96:      OCTET STRING, encapsulates {
-  723   94:       SEQUENCE {
-  725   92:        SEQUENCE {
-  727    8:         OBJECT IDENTIFIER caIssuers (1 3 6 1 5 5 7 48 2)
-  737   80:         [6]
-          :          'rsync://rpki.example.net/repository/3ACE2CEF4F'
-          :          'B21B7D11E3E184EFC1E297B3778642.cer'
-          :          }
-          :         }
-          :        }
-          :       }
-  819   25:     SEQUENCE {
-  821    8:      OBJECT IDENTIFIER ipAddrBlocks (1 3 6 1 5 5 7 1 7)
-  831    1:      BOOLEAN TRUE
-  834   10:      OCTET STRING, encapsulates {
-  836    8:       SEQUENCE {
-  838    6:        SEQUENCE {
-  840    2:         OCTET STRING 00 01
-  844    0:         NULL
-          :          }
-          :         }
-          :        }
-          :       }
-  846   69:     SEQUENCE {
-  848    8:      OBJECT IDENTIFIER subjectInfoAccess
-          :       (1 3 6 1 5 5 7 1 11)
-  858   57:      OCTET STRING, encapsulates {
-  860   55:       SEQUENCE {
-  862   53:        SEQUENCE {
-  864    8:         OBJECT IDENTIFIER '1 3 6 1 5 5 7 48 13'
-  874   41:         [6]
-          :          'https://rrdp.example.net/notification.xml'
-          :          }
-          :         }
-          :        }
-          :       }
-          :      }
-          :     }
-          :    }
-  917   13:  SEQUENCE {
-  919    9:   OBJECT IDENTIFIER sha256WithRSAEncryption
-          :    (1 2 840 113549 1 1 11)
-  930    0:   NULL
-          :    }
-  932  257:  BIT STRING
-          :   48 C2 F7 C8 15 A7 43 1B EE E8 8A 68 7C A5 3F 4E
-          :   39 DE 6B 49 F8 09 0D D3 B7 EC 2B FA 86 C3 F7 BD
-          :   D0 32 6F ED CA 75 86 F8 E3 E2 EC B7 B2 07 FB 3C
-          :   94 3B 70 A3 46 AE 0C 9B AB F9 44 D2 37 1E F8 04
-          :   60 56 36 E2 D8 1A F3 66 C5 80 9C 1F 38 E9 29 F0
-          :   B2 4B 70 E9 C7 A7 6A 27 FA 03 0C 3A AB 4D 0D B2
-          :   90 1E A4 C0 5D D9 58 3F F6 C2 85 BC EC 09 15 53
-          :   A0 35 CA A2 42 25 CF E6 B1 89 3D 60 5C 38 CB F9
-          :   D9 AF FB 69 D8 DF 5F 0A 67 3A 28 E2 4C E8 0C 96
-          :   84 06 98 2D 93 3D 9A 72 75 92 A3 97 11 00 4D D1
-          :   44 42 CB 1A DF 7C 43 9E 5A 69 FB FA FD C6 E3 55
-          :   61 1B 51 70 2D FA A1 6A DA 54 0D E3 CC DE 85 EA
-          :   B0 C4 F2 BF 31 B3 7C A5 21 25 73 E8 97 82 43 86
-          :   11 63 06 CC B2 38 DC FE D8 89 2C CE D9 63 12 1E
-          :   E4 8A D8 CF 56 6D 37 A9 FF 48 4B 2C 24 0B 30 44
-          :   88 29 B3 61 21 0A DF C7 4B 6C 40 98 60 8E 86 05
-          :   }
+    0:d=0  hl=4 l=1092 cons: SEQUENCE          
+    4:d=1  hl=4 l= 812 cons:  SEQUENCE          
+    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]        
+   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+   16:d=2  hl=2 l=  13 cons:   SEQUENCE          
+   18:d=3  hl=2 l=   9 prim:    OBJECT            :sha256WithRSAEncryption
+   29:d=3  hl=2 l=   0 prim:    NULL              
+   31:d=2  hl=2 l=  51 cons:   SEQUENCE          
+   33:d=3  hl=2 l=  49 cons:    SET               
+   35:d=4  hl=2 l=  47 cons:     SEQUENCE          
+   37:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
+   42:d=5  hl=2 l=  40 prim:      UTF8STRING        :3C6B33E5709C073A868C95D955B0F56E37821D7B
+   84:d=2  hl=2 l=  30 cons:   SEQUENCE          
+   86:d=3  hl=2 l=  13 prim:    UTCTIME           :221207101915Z
+  101:d=3  hl=2 l=  13 prim:    UTCTIME           :231207101915Z
+  116:d=2  hl=2 l=  51 cons:   SEQUENCE          
+  118:d=3  hl=2 l=  49 cons:    SET               
+  120:d=4  hl=2 l=  47 cons:     SEQUENCE          
+  122:d=5  hl=2 l=   3 prim:      OBJECT            :commonName
+  127:d=5  hl=2 l=  40 prim:      UTF8STRING        :BAB90687EB8CC6BA4D9F455D3FD4FA37C0C372C6
+  169:d=2  hl=4 l= 290 cons:   SEQUENCE          
+  173:d=3  hl=2 l=  13 cons:    SEQUENCE          
+  175:d=4  hl=2 l=   9 prim:     OBJECT            :rsaEncryption
+  186:d=4  hl=2 l=   0 prim:     NULL              
+  188:d=3  hl=4 l= 271 prim:    BIT STRING        
+      0000 - 00 30 82 01 0a 02 82 01-01 00 ad 90 8a 95 f4 72   .0.............r
+      0010 - c8 86 b7 8e e3 46 f2 68-b9 41 82 e5 ca 21 68 a0   .....F.h.A...!h.
+      0020 - 38 17 96 c8 9e a8 81 c2-c0 78 c6 a7 51 21 94 28   8........x..Q!.(
+      0030 - 03 97 7a 50 d6 18 1f 87-ef 28 5d 31 41 65 8e 42   ..zP.....(]1Ae.B
+      0040 - 52 44 5a d6 d6 3d 9b 53-a8 03 1e 7e ad b5 0d 84   RDZ..=.S...~....
+      0050 - 77 ed 92 60 05 2b aa b0-58 a3 ee b6 5f 6b cd 04   w..`.+..X..._k..
+      0060 - 55 3a 71 40 a9 ae eb a1-85 be c9 3c a8 98 bd 14   U:q@.......<....
+      0070 - 28 c6 b0 fd 3d 8c 7f 5d-80 62 0a c5 13 ab 9a 1c   (...=..].b......
+      0080 - e4 1e d9 eb 51 61 ba 66-f9 41 82 49 d1 18 35 bc   ....Qa.f.A.I..5.
+      0090 - 83 a0 5a 09 07 f0 13 3d-92 19 c4 28 26 f2 06 1e   ..Z....=...(&...
+      00a0 - 34 90 73 79 8f 18 a5 a2-11 f6 a8 36 e5 eb 02 82   4.sy.......6....
+      00b0 - 40 58 c7 2c f0 2f 20 9e-a2 ab 95 8d 13 cc f0 5b   @X.,./ ........[
+      00c0 - 35 62 67 7f 77 41 5f b4-df f0 73 0c 25 e5 45 eb   5bg.wA_...s.%.E.
+      00d0 - 7c 60 52 ca 23 36 e1 0a-ae 54 5f 44 ca fe fe a8   |`R.#6...T_D....
+      00e0 - 77 21 ec b8 9b 36 b7 d0-7e 30 7f e1 02 2c cf 37   w!...6..~0...,.7
+      00f0 - 17 1a b7 30 c2 e5 ef 3b-e6 1c c5 be ce d3 f4 13   ...0...;........
+      0100 - 53 8c a5 66 54 c2 96 a3-37 05 02 03 01 00 01      S..fT...7......
+  463:d=2  hl=4 l= 353 cons:   cont [ 3 ]        
+  467:d=3  hl=4 l= 349 cons:    SEQUENCE          
+  471:d=4  hl=2 l=  29 cons:     SEQUENCE          
+  473:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Subject Key Identifier
+  478:d=5  hl=2 l=  22 prim:      OCTET STRING      
+      0000 - 04 14 07 e9 9a fe a1 8e-1c b6 e1 5c 2d d6 b8 8a   ...........\-...
+      0010 - 7e b8 1c 7d 83 c0                                 ~..}..
+  502:d=4  hl=2 l=  31 cons:     SEQUENCE          
+  504:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Authority Key Identifier
+  509:d=5  hl=2 l=  24 prim:      OCTET STRING      
+      0000 - 30 16 80 14 38 16 01 03-46 a3 40 e1 75 da 15 50   0...8...F.@.u..P
+      0010 - 0a c8 ba ea 9a 18 4e fc-                          ......N.
+  535:d=4  hl=2 l=  24 cons:     SEQUENCE          
+  537:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Certificate Policies
+  542:d=5  hl=2 l=   1 prim:      BOOLEAN           :255
+  545:d=5  hl=2 l=  14 prim:      OCTET STRING      
+      0000 - 30 0c 30 0a 06 08 2b 06-01 05 05 07 0e 02         0.0...+.......
+  561:d=4  hl=2 l=  97 cons:     SEQUENCE          
+  563:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 CRL Distribution Points
+  568:d=5  hl=2 l=  90 prim:      OCTET STRING      
+      0000 - 30 58 30 56 a0 54 a0 52-86 50 72 73 79 6e 63 3a   0X0V.T.R.Prsync:
+      0010 - 2f 2f 72 70 6b 69 2e 65-78 61 6d 70 6c 65 2e 6e   //rpki.example.n
+      0020 - 65 74 2f 72 65 70 6f 73-69 74 6f 72 79 2f 33 43   et/repository/3C
+      0030 - 36 42 33 33 45 35 37 30-39 43 30 37 33 41 38 36   6B33E5709C073A86
+      0040 - 38 43 39 35 44 39 35 35-42 30 46 35 36 45 33 37   8C95D955B0F56E37
+      0050 - 38 32 31 44 37 42 2e 63-72 6c                     821D7B.crl
+  660:d=4  hl=2 l= 108 cons:     SEQUENCE          
+  662:d=5  hl=2 l=   8 prim:      OBJECT            :Authority Information Access
+  672:d=5  hl=2 l=  96 prim:      OCTET STRING      
+      0000 - 30 5e 30 5c 06 08 2b 06-01 05 05 07 30 02 86 50   0^0\..+.....0..P
+      0010 - 72 73 79 6e 63 3a 2f 2f-72 70 6b 69 2e 65 78 61   rsync://rpki.exa
+      0020 - 6d 70 6c 65 2e 6e 65 74-2f 72 65 70 6f 73 69 74   mple.net/reposit
+      0030 - 6f 72 79 2f 33 43 36 42-33 33 45 35 37 30 39 43   ory/3C6B33E5709C
+      0040 - 30 37 33 41 38 36 38 43-39 35 44 39 35 35 42 30   073A868C95D955B0
+      0050 - 46 35 36 45 33 37 38 32-31 44 37 42 2e 63 65 72   F56E37821D7B.cer
+  770:d=4  hl=2 l=  14 cons:     SEQUENCE          
+  772:d=5  hl=2 l=   3 prim:      OBJECT            :X509v3 Key Usage
+  777:d=5  hl=2 l=   1 prim:      BOOLEAN           :255
+  780:d=5  hl=2 l=   4 prim:      OCTET STRING      
+      0000 - 03 02 07 80                                       ....
+  786:d=4  hl=2 l=  32 cons:     SEQUENCE          
+  788:d=5  hl=2 l=   8 prim:      OBJECT            :sbgp-ipAddrBlock
+  798:d=5  hl=2 l=   1 prim:      BOOLEAN           :255
+  801:d=5  hl=2 l=  17 prim:      OCTET STRING      
+      0000 - 30 0f 30 0d 04 02 00 02-30 07 03 05 00 20 01 0d   0.0.....0.... ..
+      0010 - b8                                                .
+  820:d=1  hl=2 l=  13 cons:  SEQUENCE          
+  822:d=2  hl=2 l=   9 prim:   OBJECT            :sha256WithRSAEncryption
+  833:d=2  hl=2 l=   0 prim:   NULL              
+  835:d=1  hl=4 l= 257 prim:  BIT STRING        
+      0000 - 00 7f 98 3a d7 0d 44 2b-0c ec 55 53 40 72 fc c4   ...:..D+..US@r..
+      0010 - f6 4e 7b b9 09 70 73 8d-e2 69 77 af 56 84 56 d4   .N{..ps..iw.V.V.
+      0020 - 5e 06 4b 57 81 54 29 a5-d4 e6 47 25 a8 65 58 41   ^.KW.T)...G%.eXA
+      0030 - e3 5d 36 5e 6c 13 d1 f9-54 af b8 4d 5f 8b 42 06   .]6^l...T..M_.B.
+      0040 - f8 c3 b1 7f 10 11 b5 11-62 8b 57 36 15 f1 63 59   ........b.W6..cY
+      0050 - e1 e0 64 16 5a 1e de 23-01 51 08 ef e4 c4 65 51   ..d.Z..#.Q....eQ
+      0060 - 71 80 2e 7b 92 3e 3d 2b-ad 82 61 13 dd e3 a9 17   q..{.>=+..a.....
+      0070 - 10 69 1e 12 4f 54 e2 74-a0 b2 f9 59 37 0e 3c ea   .i..OT.t...Y7.<.
+      0080 - 66 a4 2f 97 5b ea 5b 90-ea 59 06 c8 9e 87 f4 cb   f./.[.[..Y......
+      0090 - b2 24 62 24 f2 10 9c 79-85 0e 05 90 21 52 4a 76   .$b$...y....!RJv
+      00a0 - 0e 24 0d f5 72 bd 8a 7c-94 44 31 86 1f 20 bb 02   .$..r..|.D1.. ..
+      00b0 - 96 d7 29 bd fc 03 b2 28-94 65 97 28 a7 00 96 4a   ..)....(.e.(...J
+      00c0 - a0 31 76 f0 03 e3 d0 f6-af 99 4a bb d0 16 d7 e5   .1v.......J.....
+      00d0 - e0 0c 0e e1 1f e6 84 fc-b1 0f f9 ff c9 72 12 af   .............r..
+      00e0 - 52 07 9d 18 88 34 49 0e-34 0f fb 69 9d 26 1e 27   R....4I.4..i.&.'
+      00f0 - 1b 59 c9 63 60 b3 6a 8b-25 01 42 e5 aa 7d 5b 16   .Y.c`.j.%.B..}[.
+      0100 - 48                                                H
 ]]></sourcecode>
       <t>
 To allow reproduction of the signature results, the end-entity
@@ -1064,75 +979,75 @@ private key is provided.  For brevity, the other two private
 keys are not.</t>
       <sourcecode type=""><![CDATA[
  -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAsnE0Kzm/6gdlt4tyovD4QPwxFsootk4BqPaYAsDvZbCESOmW
- /5Pmkollj/ZEnM5XEILTwlcK+toU0GQiKMATdAS9HCtP+ZNYpiXYuanTN57yrMDP
- Ap6EddbwfKUBcK7mZq+caYV0bxPps7iVS4LtldbqZgV7lpaHsprnYellifhg48D1
- zt0YlwXowazhTV4WhS3tPMuAz36/0v7VyTgZu0M0KbZmzy2LRn6a2LuOZYhRaqj/
- eFHi6SEn13d+gChs6kxQnHNxFvZeVBRNTBS5Z6BKIKraC6CgAbdCJDhRingvxIHm
- gXVi3uOvXXQva0H7ecOoOnJsRvmmA3SBAd+M6wIDAQABAoIBAQCyB0FeMuKm8bRo
- 18aKjFGSPEoZi53srIz5bvUgIi92TBLez7ZnzL6Iym26oJ+5th+lCHGO/dqlhXio
- pI50C5Yc9TFbblb/ECOsuCuuqKFjZ8CD3GVsHozXKJeMM+/o5YZXQrORj6UnwT0z
- ol/JE5pIGUCIgsXX6tz9s5BP3lUAvVQHsv6+vEVKLxQ3wj/1vIL8O/CN036EV0GJ
- mpkwmygPjfECT9wbWo0yn3jxJb36+M/QjjUP28oNIVn/IKoPZRXnqchEbuuCJ651
- IsaFSqtiThm4WZtvCH/IDq+6/dcMucmTjIRcYwW7fdHfjplllVPve9c/OmpWEQvF
- t3ArWUt5AoGBANs4764yHxo4mctLIE7G7l/tf9bP4KKUiYw4R4ByEocuqMC4yhmt
- MPCfOFLOQet71OWCkjP2L/7EKUe9yx7G5KmxAHY6jOjvcRkvGsl6lWFOsQ8p126M
- Y9hmGzMOjtsdhAiMmOWKzjvm4WqfMgghQe+PnjjSVkgTt+7BxpIuGBAvAoGBANBg
- 26FF5cDLpixOd3Za1YXsOgguwCaw3Plvi7vUZRpa/zBMELEtyOebfakkIRWNm07l
- nE+lAZwxm+29PTD0nqCFE91teyzjnQaLO5kkAdJiFuVV3icLOGo399FrnJbKensm
- FGSli+3KxQhCNIJJfgWzq4bE0ioAMjdGbYXzIYQFAoGBAM6tuDJ36KDU+hIS6wu6
- O2TPSfZhF/zPo3pCWQ78/QDb+Zdw4IEiqoBA7F4NPVLg9Y/H8UTx9r/veqe7hPOo
- Ok7NpIzSmKTHkc5XfZ60Zn9OLFoKbaQ40a1kXoJdWEu2YROaUlAe9F6/Rog6PHYz
- vLE5qscRbu0XQhLkN+z7bg5bAoGBAKDsbDEb/dbqbyaAYpmwhH2sdRSkphg7Niwc
- DNm9qWa1J6Zw1+M87I6Q8naRREuU1IAVqqWHVLr/ROBQ6NTJ1Uc5/qFeT2XXUgkf
- taMKv61tuyjZK3sTmznMh0HfzUpWjEhWnCEuB+ZYVdmO52ZGw2A75RdrILL2+9Dc
- PvDXVubRAoGAdqXeSWoLxuzZXzl8rsaKrQsTYaXnOWaZieU1SL5vVe8nK257UDqZ
- E3ng2j5XPTUWli+aNGFEJGRoNtcQvO60O/sFZUhu52sqq9mWVYZNh1TB5aP8X+pV
- iFcZOLUvQEcN6PA+YQK5FU11rAI1M0Gm5RDnVnUl0L2xfCYxb7FzV6Y=
+ MIIEpAIBAAKCAQEArZCKlfRyyIa3juNG8mi5QYLlyiFooDgXlsieqIHCwHjGp1Eh
+ lCgDl3pQ1hgfh+8oXTFBZY5CUkRa1tY9m1OoAx5+rbUNhHftkmAFK6qwWKPutl9r
+ zQRVOnFAqa7roYW+yTyomL0UKMaw/T2Mf12AYgrFE6uaHOQe2etRYbpm+UGCSdEY
+ NbyDoFoJB/ATPZIZxCgm8gYeNJBzeY8YpaIR9qg25esCgkBYxyzwLyCeoquVjRPM
+ 8Fs1Ymd/d0FftN/wcwwl5UXrfGBSyiM24QquVF9Eyv7+qHch7LibNrfQfjB/4QIs
+ zzcXGrcwwuXvO+Ycxb7O0/QTU4ylZlTClqM3BQIDAQABAoIBAHDMX0TVeUOZSfIz
+ AwjHxp4s0+ppi/WUfsAf4fzhWBB+bZyPvaLr3mmztJVvWA6f/zuRp065BaExi1fU
+ JHWuCKL+TpXV9NMCngNjI/kdFT6GS716hjTXfAxfTgb5B2oR4cwm/+tD9rYJaz0p
+ owWjXqxZE3uVKrNcDjDSHjHFUubp+b/Pge/Ygsh31uzI5vBX8zxz/GhfqwFBYXLz
+ VPf1AsX0M4NtvgyoFtnKxrXhltQuGCTX12BL/DVxEyYiWrTgDdUc53pLQ4Kd/s7I
+ f36ZRxsQVQtFwXkDojnqB7aSNyXZz/X5d8UNT7EYrJV6xDePeJAHpzm+wu16xnrN
+ vgnbkIECgYEA3n8is+zhh0G1wOLgQ6X1Os5BXbNPwBO+v55fGDXExNuymkkDmvRy
+ Z2adIGGAX57FucTQu3sf3Qelq8GKVImKieEuJFexPiGDjaL+kt5PEzMEFGak6dZk
+ O+kc4iPjpHDHva+pADlTGZkgRURMu4FYMWWIMhqabfIaC3puRUBcMAcCgYEAx7Mp
+ F4vSaTnwEOqXrKCoxjgFmlYzdltoSS31rRZeMskUCkuJukrVnYHTgt1ZAVYwN/1x
+ caxphuQyrUubug5Sf9S8Xh6up+LV1mLqeB2C1Rf7sXnswe5RDUP3pmnNKl55Kx0Y
+ qKbJIXuTqgPX8RHy/dfYa3o6UK3RsBpTAq1AhZMCgYBa8dSZfuXgh3dnVFUe0aMf
+ WldVmYmrlWaOpIlyN+gqHzMt5VJX8DsjEMqBBdmXPCrN+CjpuTYY/ps1TXLhgybh
+ nO1jZYTJRKGlL06ncb8Yte2g+SPHgR6PboWj2c+e04qRek+2C7hv6itKpNRIgGIw
+ LrQw5rbg4ejLcEvKergz2QKBgQDCmIz0SuXQcArFETSXnT6ZWUHscQ9YyB3JIaYC
+ 8ob8SgDjP1SIWh/qifYH0ZXHvarjBG8la/Kw5XGUeNbY6NfvhOfBd3iOVHY3oNAG
+ GAvDhslW2g6hs477tD2AxhyMqt676nB693uKyxbLV093tBvqzAgyQzrMH3Tze9Nk
+ CluTTQKBgQCpwcrHmOB8+jZhwjz1tEfGdgJWylxeIc0so799joTK7NoUCsUdPstx
+ Xvnfrz/l2zu5mZDg5KnOgv6rT9Dq6Ks4sYoYcvGv/rY8gZSIakWPwjktNkwr/uhW
+ cy8osak23bfcGfgNsjgE2kOZlu92TwmT8ANOtDao8dvdeUPQKMxErQ==
  -----END RSA PRIVATE KEY-----
 ]]></sourcecode>
+
       <t>
-Signing of "192.0.2.0/24,US,WA,Seattle," (terminated by CR and LF) yields the
-following detached CMS signature.</t>
+Signing of the two lines "2001:db8::/32,NL,,," and
+"2001:db8::/48,NL,NL-NH,Amsterdam," (both terminated by CR and LF)
+yields the following detached CMS signature.</t>
       <sourcecode type=""><![CDATA[
- # RPKI Signature: 192.0.2.0 - 192.0.2.255
- # MIIGjwYJKoZIhvcNAQcCoIIGgDCCBnwCAQMxDTALBglghkgBZQMEAgEwDQYLKoZ
- # IhvcNAQkQAS+gggSpMIIEpTCCA42gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
- # QwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExR
- # TNFMTg0RUZDMUUyOTdCMzc3ODY0MjAeFw0yMTA1MjAxNjA1NDVaFw0yMjAzMTYx
- # NjA1NDVaMDMxMTAvBgNVBAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM
- # 0NUFCRjA1M0ExODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycT
- # QrOb/qB2W3i3Ki8PhA/DEWyii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQg
- # tPCVwr62hTQZCIowBN0BL0cK0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZm
- # r5xphXRvE+mzuJVLgu2V1upmBXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXha
- # FLe08y4DPfr/S/tXJOBm7QzQptmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKG
- # zqTFCcc3EW9l5UFE1MFLlnoEogqtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQ
- # ft5w6g6cmxG+aYDdIEB34zrAgMBAAGjggGvMIIBqzAdBgNVHQ4EFgQUkUZSo71R
- # wUQmAZiIn1xFq/BToYcwHwYDVR0jBBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkI
- # wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwGAYDVR0gAQH/BA4wDDAKBg
- # grBgEFBQcOAjBhBgNVHR8EWjBYMFagVKBShlByc3luYzovL3Jwa2kuZXhhbXBsZ
- # S5uZXQvcmVwb3NpdG9yeS8zQUNFMkNFRjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5
- # N0IzNzc4NjQyLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUHJzeW5
- # jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0b3J5LzNBQ0UyQ0VGNEZCMjFCN0
- # QxMUUzRTE4NEVGQzFFMjk3QjM3Nzg2NDIuY2VyMBkGCCsGAQUFBwEHAQH/BAowC
- # DAGBAIAAQUAMEUGCCsGAQUFBwELBDkwNzA1BggrBgEFBQcwDYYpaHR0cHM6Ly9y
- # cmRwLmV4YW1wbGUubmV0L25vdGlmaWNhdGlvbi54bWwwDQYJKoZIhvcNAQELBQA
- # DggEBAEjC98gVp0Mb7uiKaHylP0453mtJ+AkN07fsK/qGw/e90DJv7cp1hvjj4u
- # y3sgf7PJQ7cKNGrgybq/lE0jce+ARgVjbi2BrzZsWAnB846Snwsktw6cenaif6A
- # ww6q00NspAepMBd2Vg/9sKFvOwJFVOgNcqiQiXP5rGJPWBcOMv52a/7adjfXwpn
- # OijiTOgMloQGmC2TPZpydZKjlxEATdFEQssa33xDnlpp+/r9xuNVYRtRcC36oWr
- # aVA3jzN6F6rDE8r8xs3ylISVz6JeCQ4YRYwbMsjjc/tiJLM7ZYxIe5IrYz1ZtN6
- # n/SEssJAswRIgps2EhCt/HS2xAmGCOhgUxggGqMIIBpgIBA4AUkUZSo71RwUQmA
- # ZiIn1xFq/BToYcwCwYJYIZIAWUDBAIBoGswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3
- # DQEJEAEvMBwGCSqGSIb3DQEJBTEPFw0yMTA1MjAxNjI4MzlaMC8GCSqGSIb3DQE
- # JBDEiBCAr4vKeUvHJINsE0YQwUMxoo48qrOU+iPuFbQR8qX3BFjANBgkqhkiG9w
- # 0BAQEFAASCAQB85HsCBrU3EcVOcf4nC6Z3jrOjT+fVlyTDAObF6GTNWgrxe7jSA
- # Inyf51UzuIGqhVY3sQiiXbdWcVYtPb4118KvyeXh8A/HLp4eeAJntl9D3igt38M
- # o84q5pf9pTQXx3hbsm51ilpOip/TKVMqzE42s6OPox3M0+6eKH3/vBKnw1s1ayM
- # 0MUnPDTBfZL3JJEGPWfIZHEcrypevbqR7Jjsz5vp0qyF2D9v+w+nyhZOPmuePm7
- # YqLyOw/E99PVBs9uI+hmBiCz/BK2Z3VRjrrlrUU+49eldSTkZ2sJyhCbbV2Ufgi
- # S2FOquAgJzjilyN3BDQLV8Rp9cGh0PpVslKH2na
- # End Signature: 192.0.2.0 - 192.0.2.255
+ # RPKI Signature: 2001:db8::/32
+ # MIIGLgYJKoZIhvcNAQcCoIIGHzCCBhsCAQMxDTALBglghkgBZQMEAgEwDQYLKoZI
+ # hvcNAQkQAS+gggRIMIIERDCCAyygAwIBAgIBADANBgkqhkiG9w0BAQsFADAzMTEw
+ # LwYDVQQDDCgzQzZCMzNFNTcwOUMwNzNBODY4Qzk1RDk1NUIwRjU2RTM3ODIxRDdC
+ # MB4XDTIyMTIwNzEwMTkxNVoXDTIzMTIwNzEwMTkxNVowMzExMC8GA1UEAwwoQkFC
+ # OTA2ODdFQjhDQzZCQTREOUY0NTVEM0ZENEZBMzdDMEMzNzJDNjCCASIwDQYJKoZI
+ # hvcNAQEBBQADggEPADCCAQoCggEBAK2QipX0csiGt47jRvJouUGC5cohaKA4F5bI
+ # nqiBwsB4xqdRIZQoA5d6UNYYH4fvKF0xQWWOQlJEWtbWPZtTqAMefq21DYR37ZJg
+ # BSuqsFij7rZfa80EVTpxQKmu66GFvsk8qJi9FCjGsP09jH9dgGIKxROrmhzkHtnr
+ # UWG6ZvlBgknRGDW8g6BaCQfwEz2SGcQoJvIGHjSQc3mPGKWiEfaoNuXrAoJAWMcs
+ # 8C8gnqKrlY0TzPBbNWJnf3dBX7Tf8HMMJeVF63xgUsojNuEKrlRfRMr+/qh3Iey4
+ # mza30H4wf+ECLM83Fxq3MMLl7zvmHMW+ztP0E1OMpWZUwpajNwUCAwEAAaOCAWEw
+ # ggFdMB0GA1UdDgQWBBQH6Zr+oY4ctuFcLda4in64HH2DwDAfBgNVHSMEGDAWgBQ4
+ # FgEDRqNA4XXaFVAKyLrqmhhO/DAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGEG
+ # A1UdHwRaMFgwVqBUoFKGUHJzeW5jOi8vcnBraS5leGFtcGxlLm5ldC9yZXBvc2l0
+ # b3J5LzNDNkIzM0U1NzA5QzA3M0E4NjhDOTVEOTU1QjBGNTZFMzc4MjFEN0IuY3Js
+ # MGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQcnN5bmM6Ly9ycGtpLmV4YW1w
+ # bGUubmV0L3JlcG9zaXRvcnkvM0M2QjMzRTU3MDlDMDczQTg2OEM5NUQ5NTVCMEY1
+ # NkUzNzgyMUQ3Qi5jZXIwDgYDVR0PAQH/BAQDAgeAMCAGCCsGAQUFBwEHAQH/BBEw
+ # DzANBAIAAjAHAwUAIAENuDANBgkqhkiG9w0BAQsFAAOCAQEAf5g61w1EKwzsVVNA
+ # cvzE9k57uQlwc43iaXevVoRW1F4GS1eBVCml1OZHJahlWEHjXTZebBPR+VSvuE1f
+ # i0IG+MOxfxARtRFii1c2FfFjWeHgZBZaHt4jAVEI7+TEZVFxgC57kj49K62CYRPd
+ # 46kXEGkeEk9U4nSgsvlZNw486makL5db6luQ6lkGyJ6H9MuyJGIk8hCceYUOBZAh
+ # Ukp2DiQN9XK9inyURDGGHyC7ApbXKb38A7IolGWXKKcAlkqgMXbwA+PQ9q+ZSrvQ
+ # Ftfl4AwO4R/mhPyxD/n/yXISr1IHnRiINEkONA/7aZ0mHicbWcljYLNqiyUBQuWq
+ # fVsWSDGCAaowggGmAgEDgBQH6Zr+oY4ctuFcLda4in64HH2DwDALBglghkgBZQME
+ # AgGgazAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAS8wHAYJKoZIhvcNAQkFMQ8X
+ # DTIyMTIwNzEwMTkxNVowLwYJKoZIhvcNAQkEMSIEIHHgork/z1WyatmZx/c9FGUG
+ # +Ev7SDajfxTeQwmQwS9xMA0GCSqGSIb3DQEBAQUABIIBAHOegVJi2amezico1ivI
+ # EbouVZG7nfzY+Ym3i+rXzqIGLAuvtpFxtorCvr35wctPW27G5ux1Rx9cdmaxJEsl
+ # NAPPSlUCktzb4lo+FF2t2gXG47Ly8WotYn1oOK0c3Veh2GTvwU0fH+/cmhXf93ol
+ # X91of7RxKDlZKWvDOzx6VH1hfRcVW2754HR67IRQpRH5uQbIMONbEpVsahanmXhU
+ # TE7STNdO3CQPuZYafNfdqBbfnKqjvru23qxtyaY/cH0g+7fX9KWxmxD3VsFhIDIP
+ # oD+3aK++ef1zZdMXuyn7qE/z2ITT+98MY+GVIouFrL7+tMKOj8rhCnvZtlkrv9lz
+ # RvA=
+ # End Signature: 2001:db8::/32
 ]]></sourcecode>
     </section>