| rfc9977v2.txt | rfc9977.txt | |||
|---|---|---|---|---|
| skipping to change at line 202 ¶ | skipping to change at line 202 ¶ | |||
| 192.0.2.0/24,26,1000 | 192.0.2.0/24,26,1000 | |||
| It is important to note that the third field denoting the number of | It is important to note that the third field denoting the number of | |||
| CGN end-sites is referring to the prefix length specified in the | CGN end-sites is referring to the prefix length specified in the | |||
| second field. | second field. | |||
| Note that this specification can be applied to IPv6 networks as well. | Note that this specification can be applied to IPv6 networks as well. | |||
| 3.3. Longest Prefix Matching | 3.3. Longest Prefix Matching | |||
| Prefix length files can contain sub-prefixes entries of a parent | Prefix length files can contain sub-prefix entries of a parent | |||
| prefix, which needs to be taken into account when processing these | prefix; this needs to be taken into account when processing these | |||
| files. For example, if a cloud provider assigns /120 IPv6 prefixes | files. For example, if a cloud provider assigns /120 IPv6 prefixes | |||
| to each customer VM and a /64 prefix to premium customers, it would | to each customer VM and a /64 prefix to premium customers, it would | |||
| create a prefix length file containing the following example entries: | create a prefix length file containing the following example entries: | |||
| 2001:db8::/32,120, | 2001:db8::/32,120, | |||
| 2001:db8:abcd::/48,64, | 2001:db8:abcd::/48,64, | |||
| Note that the second entry in the above example is a subprefix of the | Note that the second entry in the above example is a subprefix of the | |||
| first entry. Therefore, longest prefix matching has to be performed | first entry. Therefore, longest prefix matching has to be performed | |||
| when parsing prefixlen files. | when parsing prefixlen files. | |||
| skipping to change at line 957 ¶ | skipping to change at line 957 ¶ | |||
| YW1wbGUubmV0L3JlcG9zaXRvcnkvMCcGCCsGAQUFBwEHAQH/BBgwFjAJBAIAATAD | YW1wbGUubmV0L3JlcG9zaXRvcnkvMCcGCCsGAQUFBwEHAQH/BBgwFjAJBAIAATAD | |||
| AwEAMAkEAgACMAMDAQAwIQYIKwYBBQUHAQgBAf8EEjAQoA4wDDAKAgEAAgUA//// | AwEAMAkEAgACMAMDAQAwIQYIKwYBBQUHAQgBAf8EEjAQoA4wDDAKAgEAAgUA//// | |||
| /zANBgkqhkiG9w0BAQsFAAOCAQEAa9eLY9QAmnlZOIyOzbpta5wqcOUQV/yR7o/0 | /zANBgkqhkiG9w0BAQsFAAOCAQEAa9eLY9QAmnlZOIyOzbpta5wqcOUQV/yR7o/0 | |||
| 1zkEZaSavKBt19lMK6AXZurx1T5jyjIwG7bEtZZThjtH2m80V5kc2tsFjSq/yp7N | 1zkEZaSavKBt19lMK6AXZurx1T5jyjIwG7bEtZZThjtH2m80V5kc2tsFjSq/yp7N | |||
| JBclMHVd3tXse9If3nXYF4bxRIcir1lXlAbYN+Eo1U3i5qJO+fxouzt7Merk2Dih | JBclMHVd3tXse9If3nXYF4bxRIcir1lXlAbYN+Eo1U3i5qJO+fxouzt7Merk2Dih | |||
| nsenTeXKzN7tfmuCYZZHCC8viCoJWdH+o1uRM4TiQApZsUJ8sF4TABrrRJmA/Ed5 | nsenTeXKzN7tfmuCYZZHCC8viCoJWdH+o1uRM4TiQApZsUJ8sF4TABrrRJmA/Ed5 | |||
| v0CTBbgqTx7yg0+VarFLPdnjYgtpoCJqwE2C1UpX15rZSaLVuGXtbwXd/cHEg5vF | v0CTBbgqTx7yg0+VarFLPdnjYgtpoCJqwE2C1UpX15rZSaLVuGXtbwXd/cHEg5vF | |||
| W6QTsMeMQFEUa6hkicDGtxLTUdhckBgmCGoF2nlZii5f1BTWAg== | W6QTsMeMQFEUa6hkicDGtxLTUdhckBgmCGoF2nlZii5f1BTWAg== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| Figure 1 | ||||
| The CRL issued by the trust anchor. | The CRL issued by the trust anchor. | |||
| -----BEGIN X509 CRL----- | -----BEGIN X509 CRL----- | |||
| MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEX | MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMTCmV4YW1wbGUtdGEX | |||
| DTI2MDUwNzIxMjI0OVoXDTI2MDYwNjIxMjI0OVqgLzAtMB8GA1UdIwQYMBaAFMC9 | DTI2MDUwNzIxMjI0OVoXDTI2MDYwNjIxMjI0OVqgLzAtMB8GA1UdIwQYMBaAFMC9 | |||
| Ul2+0niyFuyzo0OV0gYLmQgyMAoGA1UdFAQDAgEMMA0GCSqGSIb3DQEBCwUAA4IB | Ul2+0niyFuyzo0OV0gYLmQgyMAoGA1UdFAQDAgEMMA0GCSqGSIb3DQEBCwUAA4IB | |||
| AQCkHXyCcQHejmVdHOL5Diafa3ys4HTb2eRqeNaMzwfY6T1D26hX6XuUyu0C7LV2 | AQCkHXyCcQHejmVdHOL5Diafa3ys4HTb2eRqeNaMzwfY6T1D26hX6XuUyu0C7LV2 | |||
| OThlAL8JWiN2afgfs5juBAWdauwY5YSKAvQpXidFeCIXpSWLHmk545p7t9og6qpy | OThlAL8JWiN2afgfs5juBAWdauwY5YSKAvQpXidFeCIXpSWLHmk545p7t9og6qpy | |||
| 840l+N+J2WnP9iGNCqgKG06CiRAoPtZZQCqqLZVcrELtDAOFNmZF0Bf+cE2SmsZO | 840l+N+J2WnP9iGNCqgKG06CiRAoPtZZQCqqLZVcrELtDAOFNmZF0Bf+cE2SmsZO | |||
| 8N/ab/fw05Ptm/IBqN3j+ekaILELFRWUGPaAXMimWYn6sNmzYdihUn2fNff294PZ | 8N/ab/fw05Ptm/IBqN3j+ekaILELFRWUGPaAXMimWYn6sNmzYdihUn2fNff294PZ | |||
| Mygxfw8dpWlA01QQt8d9V+3NklyOKEB3X+X12eA4KYaVDCt4USWMlnlETNO3XwDe | Mygxfw8dpWlA01QQt8d9V+3NklyOKEB3X+X12eA4KYaVDCt4USWMlnlETNO3XwDe | |||
| Cg5BBjoh5EtXzsNWf2ipZTNb | Cg5BBjoh5EtXzsNWf2ipZTNb | |||
| -----END X509 CRL----- | -----END X509 CRL----- | |||
| Figure 2 | ||||
| The CA certificate is issued by the trust anchor. This certificate | The CA certificate is issued by the trust anchor. This certificate | |||
| grants authority over one IPv4 address block (192.0.2.0/24), one IPv6 | grants authority over one IPv4 address block (192.0.2.0/24), one IPv6 | |||
| address block(2001:db8::/32), and two AS numbers (64496 and 64497). | address block(2001:db8::/32), and two AS numbers (64496 and 64497). | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIE+zCCA+OgAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDMIwDQYJKoZIhvcNAQEL | MIIE+zCCA+OgAwIBAgIUcyCzS10hdfG65kbRq7toQAvRDMIwDQYJKoZIhvcNAQEL | |||
| BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yNjA1MDcyMTIyNDlaFw0yNzA1 | BQAwFTETMBEGA1UEAxMKZXhhbXBsZS10YTAeFw0yNjA1MDcyMTIyNDlaFw0yNzA1 | |||
| MDcyMTIyNDlaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG | MDcyMTIyNDlaMDMxMTAvBgNVBAMTKDNBQ0UyQ0VGNEZCMjFCN0QxMUUzRTE4NEVG | |||
| QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc | QzFFMjk3QjM3Nzg2NDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc | |||
| zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7 | zz1qwTxC2ocw5rqp8ktm2XyYkl8riBVuqlXwfefTxsR2YFpgz9vkYUd5Az9EVEG7 | |||
| skipping to change at line 1009 ¶ | skipping to change at line 1005 ¶ | |||
| b3NpdG9yeS8wLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBADAAAIwDQQCAAIw | b3NpdG9yeS8wLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBADAAAIwDQQCAAIw | |||
| BwMFACABDbgwIQYIKwYBBQUHAQgBAf8EEjAQoA4wDDAKAgMA+/ACAwD78TANBgkq | BwMFACABDbgwIQYIKwYBBQUHAQgBAf8EEjAQoA4wDDAKAgMA+/ACAwD78TANBgkq | |||
| hkiG9w0BAQsFAAOCAQEAipx10/ZrY11NYH+iVRtq32hAFGGaXysLWrjFVYd05+25 | hkiG9w0BAQsFAAOCAQEAipx10/ZrY11NYH+iVRtq32hAFGGaXysLWrjFVYd05+25 | |||
| 2nPtZYPmtLRf7TWMSwF27AkGPzvonjsRF2a7wdMAPDIW2nKctmDS1nFGWw+6vXyN | 2nPtZYPmtLRf7TWMSwF27AkGPzvonjsRF2a7wdMAPDIW2nKctmDS1nFGWw+6vXyN | |||
| Di+jhwHm7+FyFWh3u2ilzop+o6ecUiCF8rkE22TWHRkBJforN0eqUjJi0R/o4oaB | Di+jhwHm7+FyFWh3u2ilzop+o6ecUiCF8rkE22TWHRkBJforN0eqUjJi0R/o4oaB | |||
| q9sZs+Jr3vTmelRYjvP8Eej3AWRm+rilbP8yW3OOvV3sTvgJc4DmbFNJ2LBJ+cLx | q9sZs+Jr3vTmelRYjvP8Eej3AWRm+rilbP8yW3OOvV3sTvgJc4DmbFNJ2LBJ+cLx | |||
| 1fjl+Wf/YHPo2kHw8f1TJsgXSI6kYBUradIyXIW1HGrWdiKiY+oXp+jVbf8cMvp/ | 1fjl+Wf/YHPo2kHw8f1TJsgXSI6kYBUradIyXIW1HGrWdiKiY+oXp+jVbf8cMvp/ | |||
| KkLf1UqqCjgdu3GGQuukKjbNHeJPMuHmVw5Qa3iGzg== | KkLf1UqqCjgdu3GGQuukKjbNHeJPMuHmVw5Qa3iGzg== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| Figure 3 | ||||
| The CRL issued by the CA. | The CRL issued by the CA. | |||
| -----BEGIN X509 CRL----- | -----BEGIN X509 CRL----- | |||
| MIIBrTCBlgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygzQUNFMkNFRjRG | MIIBrTCBlgIBATANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygzQUNFMkNFRjRG | |||
| QjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyFw0yNjA1MDcyMTIyNDlaFw0y | QjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyFw0yNjA1MDcyMTIyNDlaFw0y | |||
| NjA2MDYyMTIyNDlaoC8wLTAfBgNVHSMEGDAWgBQ6zizvT7IbfRHj4YTvweKXs3eG | NjA2MDYyMTIyNDlaoC8wLTAfBgNVHSMEGDAWgBQ6zizvT7IbfRHj4YTvweKXs3eG | |||
| QjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAFEEWr/QvDz2efRDS9mep | QjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAFEEWr/QvDz2efRDS9mep | |||
| GSpNS2QPbeV7Oz+rO5sZAIxrpuBZObe0NRlZaMamM0X+lSgKnEai2Ep5Pm4NzG6M | GSpNS2QPbeV7Oz+rO5sZAIxrpuBZObe0NRlZaMamM0X+lSgKnEai2Ep5Pm4NzG6M | |||
| Z1dHSrp196l65o0CTiPK0r4IqEUfY1Q6tkzXzc/6c9kUxMerE1saY/OlN29yYJ4F | Z1dHSrp196l65o0CTiPK0r4IqEUfY1Q6tkzXzc/6c9kUxMerE1saY/OlN29yYJ4F | |||
| IDHrczvK5y1ddK8g3FB7fNjti4RCFAec8RsyizemDwS4JLd1R3y1+olJ5OH6Gvqq | IDHrczvK5y1ddK8g3FB7fNjti4RCFAec8RsyizemDwS4JLd1R3y1+olJ5OH6Gvqq | |||
| uMTSAJHl4LL5DeAZm3WLzL49PJWcaKoNe0oAPDdEalW5GXlAMsbQw9W8mOvBKotP | uMTSAJHl4LL5DeAZm3WLzL49PJWcaKoNe0oAPDdEalW5GXlAMsbQw9W8mOvBKotP | |||
| 5Q9k8VVXaILSFn2+AzPKX7fQXoA954KMVnDAgN0r8Fa743J7TlbFbk+l5+V/+88f | 5Q9k8VVXaILSFn2+AzPKX7fQXoA954KMVnDAgN0r8Fa743J7TlbFbk+l5+V/+88f | |||
| cA== | cA== | |||
| -----END X509 CRL----- | -----END X509 CRL----- | |||
| Figure 4 | ||||
| The end-entity certificate is issued by the CA. This certificate | The end-entity certificate is issued by the CA. This certificate | |||
| grants signature authority for one IPv4 address block (192.0.2.0/24). | grants signature authority for one IPv4 address block (192.0.2.0/24). | |||
| Signature authority for the IPv6 address block and the AS numbers is | Signature authority for the IPv6 address block and the AS numbers is | |||
| not needed for the prefixlen file that will be signed, so these items | not needed for the prefixlen file that will be signed, so these items | |||
| are not included in the end-entity certificate. | are not included in the end-entity certificate. | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIEVjCCAz6gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZvswDQYJKoZIhvcNAQEL | MIIEVjCCAz6gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZvswDQYJKoZIhvcNAQEL | |||
| BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC | BQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExRTNFMTg0RUZDMUUyOTdC | |||
| Mzc3ODY0MjAeFw0yNjA1MDcyMTIyNDlaFw0yNzAzMDMyMTIyNDlaMDMxMTAvBgNV | Mzc3ODY0MjAeFw0yNjA1MDcyMTIyNDlaFw0yNzAzMDMyMTIyNDlaMDMxMTAvBgNV | |||
| skipping to change at line 1061 ¶ | skipping to change at line 1053 ¶ | |||
| RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNlcjAfBggrBgEFBQcB | RjRGQjIxQjdEMTFFM0UxODRFRkMxRTI5N0IzNzc4NjQyLmNlcjAfBggrBgEFBQcB | |||
| BwEB/wQQMA4wDAQCAAEwBgMEAMAAAjANBgkqhkiG9w0BAQsFAAOCAQEAUIykBaqY | BwEB/wQQMA4wDAQCAAEwBgMEAMAAAjANBgkqhkiG9w0BAQsFAAOCAQEAUIykBaqY | |||
| nR/U+AXYzCqRbMqdygFY9R11fiNQubpkf5kEYHFxTut0CZLz9dToxuHRDLbPhjJv | nR/U+AXYzCqRbMqdygFY9R11fiNQubpkf5kEYHFxTut0CZLz9dToxuHRDLbPhjJv | |||
| Ci3cDkb2ICy1Fdcit5oi9jFl1MD/sFa4l/FWGM07PhgKY+Isz3DXEw9furF7Al3I | Ci3cDkb2ICy1Fdcit5oi9jFl1MD/sFa4l/FWGM07PhgKY+Isz3DXEw9furF7Al3I | |||
| gbB0and5HQrvQbO6AnqixSYDffANsnZssojMzlHJIA9OLHIuhGZ66t+yh2VclhwV | gbB0and5HQrvQbO6AnqixSYDffANsnZssojMzlHJIA9OLHIuhGZ66t+yh2VclhwV | |||
| 7JdS+0EdyA0npIrTGyp//pD5vrigF04y+J4Y61jFXfmbWZbNJF/bMzFeBxD2PKaE | 7JdS+0EdyA0npIrTGyp//pD5vrigF04y+J4Y61jFXfmbWZbNJF/bMzFeBxD2PKaE | |||
| uwixf65s3yI0JDjBbXjUtUhqyty0IZqV2HcuWU7MKH9Qc/wvrJDd4K4xTbkWWYgA | uwixf65s3yI0JDjBbXjUtUhqyty0IZqV2HcuWU7MKH9Qc/wvrJDd4K4xTbkWWYgA | |||
| ql7bgmJTHpW2Gw== | ql7bgmJTHpW2Gw== | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| Figure 5 | ||||
| The end-entity certificate is displayed below in detail. For | The end-entity certificate is displayed below in detail. For | |||
| brevity, the other two certificates are not. | brevity, the other two certificates are not. | |||
| 0 1110: SEQUENCE { | 0 1110: SEQUENCE { | |||
| 4 830: SEQUENCE { | 4 830: SEQUENCE { | |||
| 8 3: [0] { | 8 3: [0] { | |||
| 10 1: INTEGER 2 | 10 1: INTEGER 2 | |||
| : } | : } | |||
| 13 20: INTEGER | 13 20: INTEGER | |||
| : 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 | : 27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9 | |||
| skipping to change at line 1216 ¶ | skipping to change at line 1206 ¶ | |||
| 807 8: OBJECT IDENTIFIER | 807 8: OBJECT IDENTIFIER | |||
| : ipAddrBlocks (1 3 6 1 5 5 7 1 7) | : ipAddrBlocks (1 3 6 1 5 5 7 1 7) | |||
| 817 1: BOOLEAN TRUE | 817 1: BOOLEAN TRUE | |||
| 820 16: OCTET STRING, encapsulates { | 820 16: OCTET STRING, encapsulates { | |||
| 822 14: SEQUENCE { | 822 14: SEQUENCE { | |||
| 824 12: SEQUENCE { | 824 12: SEQUENCE { | |||
| 826 2: OCTET STRING 00 01 | 826 2: OCTET STRING 00 01 | |||
| 830 6: SEQUENCE { | 830 6: SEQUENCE { | |||
| 832 4: BIT STRING | 832 4: BIT STRING | |||
| : '010000000000000000000011'B | : '010000000000000000000011'B | |||
| : Error: Spurious zero bits in bitstring. | ||||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| 838 13: SEQUENCE { | 838 13: SEQUENCE { | |||
| 840 9: OBJECT IDENTIFIER | 840 9: OBJECT IDENTIFIER | |||
| skipping to change at line 1249 ¶ | skipping to change at line 1238 ¶ | |||
| : CC CE 51 C9 20 0F 4E 2C 72 2E 84 66 7A EA DF B2 | : CC CE 51 C9 20 0F 4E 2C 72 2E 84 66 7A EA DF B2 | |||
| : 87 65 5C 96 1C 15 EC 97 52 FB 41 1D C8 0D 27 A4 | : 87 65 5C 96 1C 15 EC 97 52 FB 41 1D C8 0D 27 A4 | |||
| : 8A D3 1B 2A 7F FE 90 F9 BE B8 A0 17 4E 32 F8 9E | : 8A D3 1B 2A 7F FE 90 F9 BE B8 A0 17 4E 32 F8 9E | |||
| : 18 EB 58 C5 5D F9 9B 59 96 CD 24 5F DB 33 31 5E | : 18 EB 58 C5 5D F9 9B 59 96 CD 24 5F DB 33 31 5E | |||
| : 07 10 F6 3C A6 84 BB 08 B1 7F AE 6C DF 22 34 24 | : 07 10 F6 3C A6 84 BB 08 B1 7F AE 6C DF 22 34 24 | |||
| : 38 C1 6D 78 D4 B5 48 6A CA DC B4 21 9A 95 D8 77 | : 38 C1 6D 78 D4 B5 48 6A CA DC B4 21 9A 95 D8 77 | |||
| : 2E 59 4E CC 28 7F 50 73 FC 2F AC 90 DD E0 AE 31 | : 2E 59 4E CC 28 7F 50 73 FC 2F AC 90 DD E0 AE 31 | |||
| : 4D B9 16 59 88 00 AA 5E DB 82 62 53 1E 95 B6 1B | : 4D B9 16 59 88 00 AA 5E DB 82 62 53 1E 95 B6 1B | |||
| : } | : } | |||
| Figure 6 | ||||
| To allow reproduction of the signature results, the end-entity | To allow reproduction of the signature results, the end-entity | |||
| private key is provided. For brevity, the other two private keys are | private key is provided. For brevity, the other two private keys are | |||
| not. | not. | |||
| -----BEGIN RSA PRIVATE KEY----- | -----BEGIN RSA PRIVATE KEY----- | |||
| MIIEpQIBAAKCAQEAsnE0Kzm/6gdlt4tyovD4QPwxFsootk4BqPaYAsDvZbCESOmW | MIIEpQIBAAKCAQEAsnE0Kzm/6gdlt4tyovD4QPwxFsootk4BqPaYAsDvZbCESOmW | |||
| /5Pmkollj/ZEnM5XEILTwlcK+toU0GQiKMATdAS9HCtP+ZNYpiXYuanTN57yrMDP | /5Pmkollj/ZEnM5XEILTwlcK+toU0GQiKMATdAS9HCtP+ZNYpiXYuanTN57yrMDP | |||
| Ap6EddbwfKUBcK7mZq+caYV0bxPps7iVS4LtldbqZgV7lpaHsprnYellifhg48D1 | Ap6EddbwfKUBcK7mZq+caYV0bxPps7iVS4LtldbqZgV7lpaHsprnYellifhg48D1 | |||
| zt0YlwXowazhTV4WhS3tPMuAz36/0v7VyTgZu0M0KbZmzy2LRn6a2LuOZYhRaqj/ | zt0YlwXowazhTV4WhS3tPMuAz36/0v7VyTgZu0M0KbZmzy2LRn6a2LuOZYhRaqj/ | |||
| eFHi6SEn13d+gChs6kxQnHNxFvZeVBRNTBS5Z6BKIKraC6CgAbdCJDhRingvxIHm | eFHi6SEn13d+gChs6kxQnHNxFvZeVBRNTBS5Z6BKIKraC6CgAbdCJDhRingvxIHm | |||
| skipping to change at line 1283 ¶ | skipping to change at line 1270 ¶ | |||
| O2TPSfZhF/zPo3pCWQ78/QDb+Zdw4IEiqoBA7F4NPVLg9Y/H8UTx9r/veqe7hPOo | O2TPSfZhF/zPo3pCWQ78/QDb+Zdw4IEiqoBA7F4NPVLg9Y/H8UTx9r/veqe7hPOo | |||
| Ok7NpIzSmKTHkc5XfZ60Zn9OLFoKbaQ40a1kXoJdWEu2YROaUlAe9F6/Rog6PHYz | Ok7NpIzSmKTHkc5XfZ60Zn9OLFoKbaQ40a1kXoJdWEu2YROaUlAe9F6/Rog6PHYz | |||
| vLE5qscRbu0XQhLkN+z7bg5bAoGBAKDsbDEb/dbqbyaAYpmwhH2sdRSkphg7Niwc | vLE5qscRbu0XQhLkN+z7bg5bAoGBAKDsbDEb/dbqbyaAYpmwhH2sdRSkphg7Niwc | |||
| DNm9qWa1J6Zw1+M87I6Q8naRREuU1IAVqqWHVLr/ROBQ6NTJ1Uc5/qFeT2XXUgkf | DNm9qWa1J6Zw1+M87I6Q8naRREuU1IAVqqWHVLr/ROBQ6NTJ1Uc5/qFeT2XXUgkf | |||
| taMKv61tuyjZK3sTmznMh0HfzUpWjEhWnCEuB+ZYVdmO52ZGw2A75RdrILL2+9Dc | taMKv61tuyjZK3sTmznMh0HfzUpWjEhWnCEuB+ZYVdmO52ZGw2A75RdrILL2+9Dc | |||
| PvDXVubRAoGAdqXeSWoLxuzZXzl8rsaKrQsTYaXnOWaZieU1SL5vVe8nK257UDqZ | PvDXVubRAoGAdqXeSWoLxuzZXzl8rsaKrQsTYaXnOWaZieU1SL5vVe8nK257UDqZ | |||
| E3ng2j5XPTUWli+aNGFEJGRoNtcQvO60O/sFZUhu52sqq9mWVYZNh1TB5aP8X+pV | E3ng2j5XPTUWli+aNGFEJGRoNtcQvO60O/sFZUhu52sqq9mWVYZNh1TB5aP8X+pV | |||
| iFcZOLUvQEcN6PA+YQK5FU11rAI1M0Gm5RDnVnUl0L2xfCYxb7FzV6Y= | iFcZOLUvQEcN6PA+YQK5FU11rAI1M0Gm5RDnVnUl0L2xfCYxb7FzV6Y= | |||
| -----END RSA PRIVATE KEY----- | -----END RSA PRIVATE KEY----- | |||
| Figure 7 | ||||
| Signing of "192.0.2.0/24,32,1" (terminated by CR and LF), yields the | Signing of "192.0.2.0/24,32,1" (terminated by CR and LF), yields the | |||
| following detached CMS signature. | following detached CMS signature. | |||
| # RPKI Signature: 192.0.2.0 - 192.0.2.255 | # RPKI Signature: 192.0.2.0 - 192.0.2.255 | |||
| # MIIGQAYJKoZIhvcNAQcCoIIGMTCCBi0CAQMxDTALBglghkgBZQMEAgEwDQYLKoZ | # MIIGQAYJKoZIhvcNAQcCoIIGMTCCBi0CAQMxDTALBglghkgBZQMEAgEwDQYLKoZ | |||
| # IhvcNAQkQATmgggRaMIIEVjCCAz6gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZv | # IhvcNAQkQATmgggRaMIIEVjCCAz6gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZv | |||
| # swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExR | # swDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoM0FDRTJDRUY0RkIyMUI3RDExR | |||
| # TNFMTg0RUZDMUUyOTdCMzc3ODY0MjAeFw0yNjA1MDcyMTIyNDlaFw0yNzAzMDMy | # TNFMTg0RUZDMUUyOTdCMzc3ODY0MjAeFw0yNjA1MDcyMTIyNDlaFw0yNzAzMDMy | |||
| # MTIyNDlaMDMxMTAvBgNVBAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM | # MTIyNDlaMDMxMTAvBgNVBAMTKDkxNDY1MkEzQkQ1MUMxNDQyNjAxOTg4ODlGNUM | |||
| # 0NUFCRjA1M0ExODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycT | # 0NUFCRjA1M0ExODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCycT | |||
| skipping to change at line 1325 ¶ | skipping to change at line 1310 ¶ | |||
| # iG9w0BCQMxDQYLKoZIhvcNAQkQATkwHAYJKoZIhvcNAQkFMQ8XDTI2MDUwNzIxM | # iG9w0BCQMxDQYLKoZIhvcNAQkQATkwHAYJKoZIhvcNAQkFMQ8XDTI2MDUwNzIxM | |||
| # jI0OVowLwYJKoZIhvcNAQkEMSIEIGMBdMKw5mjZYL9qP4ivwgMt8g2+qEO0+Dcn | # jI0OVowLwYJKoZIhvcNAQkEMSIEIGMBdMKw5mjZYL9qP4ivwgMt8g2+qEO0+Dcn | |||
| # N5vQO1bNMA0GCSqGSIb3DQEBAQUABIIBAKzRicWBpSyN5nw39eDNfVai2H1mO0n | # N5vQO1bNMA0GCSqGSIb3DQEBAQUABIIBAKzRicWBpSyN5nw39eDNfVai2H1mO0n | |||
| # APgZUmVF/vgSCWtR0da1iZots4qwn0XwvvIgu5eZ7edhn9axLXhjTAOQajT4cOw | # APgZUmVF/vgSCWtR0da1iZots4qwn0XwvvIgu5eZ7edhn9axLXhjTAOQajT4cOw | |||
| # 9+raD7+SYdBIAUgZpuFy3Olnu4HykCd8Ub44lPfZVG1lF1LeN248+rWgozpE7xz | # 9+raD7+SYdBIAUgZpuFy3Olnu4HykCd8Ub44lPfZVG1lF1LeN248+rWgozpE7xz | |||
| # Dv5G83OslbvVzGXaVShJM4fsDfpkpKoQ4LszlBeqguU2yTm3XWVjkxH7VJvTtIT | # Dv5G83OslbvVzGXaVShJM4fsDfpkpKoQ4LszlBeqguU2yTm3XWVjkxH7VJvTtIT | |||
| # SzO3jAqwqnCjfu3mnxCoz7LKES4DPZERsFoJv1zyDdHIXjPnfZuTBjjCOubjaQx | # SzO3jAqwqnCjfu3mnxCoz7LKES4DPZERsFoJv1zyDdHIXjPnfZuTBjjCOubjaQx | |||
| # rRwgZtQ8Ljz3gpz1VzL9mKAv0pUzcyxtQfakHwdYtxyO33z2InljtTFJCroI= | # rRwgZtQ8Ljz3gpz1VzL9mKAv0pUzcyxtQfakHwdYtxyO33z2InljtTFJCroI= | |||
| # End Signature: 192.0.2.0 - 192.0.2.255 | # End Signature: 192.0.2.0 - 192.0.2.255 | |||
| Figure 8 | ||||
| Acknowledgments | Acknowledgments | |||
| Thanks to the authors of [RFC8805] and [RFC9632] and the folk they | Thanks to the authors of [RFC8805] and [RFC9632] and the folk they | |||
| acknowledge from whom ideas and text have been liberally | acknowledge from whom ideas and text have been liberally | |||
| expropriated. Thanks to John R. Levine for providing useful feedback | expropriated. Thanks to John R. Levine for providing useful feedback | |||
| on the document. | on the document. | |||
| Authors' Addresses | Authors' Addresses | |||
| Oliver Gasser | Oliver Gasser | |||
| End of changes. 10 change blocks. | ||||
| 19 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||