…od-cms-2009(58) } IPAddressOrRange, ASIdOrRange FROM IPAddrAndASCertExtn -- in [RFC3779] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) mod(0) id-mod-ip-addr-and-as-ident(30) } ; ct-rpkiSignedChecklist CONTENT-TYPE ::= { TYPE RpkiSignedCh…

…l extensions, the IP Address Delegation or AS Identifier Delegation Extensions [RFC3779], enumerate the INRs that were allocated or assigned by the issuer to the subject. Relying party (RP) validation of a resource certificate is performed in the manner specified in Section 7.1. …

… extensions, the IP Address Delegation or AS Identifier Delegation Extensions [ RFC3779 ], enumerate the INRs that were allocated or assigned by the issuer to the subject. Relying party (RP) validation of a resource certificate is performed in the manner specified in Section 7.1 …

…CRL) Profile RFC5280 and " X.509 Extensions for IP Addresses and AS Identifiers RFC3779 Additionally, this document makes use of the RPKI signed object profile RFC6488 ; thus, familiarity with that document is assumed. Note that the RPKI signed object profile makes use of certifi…

…pecific validation steps: The Autonomous System Identifier Delegation Extension RFC3779 MUST be present in the end-entity (EE) certificate (contained within the ASPA), and the Customer ASID in the ASPA eContent MUST match the ASId specified by the EE certificate's Autonomous Syst…

…Object Class ADDRESS-FAMILY. The type is a BIT STRING, see Section 2.2.3.8 of [ RFC3779 for more information on encoding IP prefixes. 3.3.2. Canonical form for prefixBlocks As the data structure described by the SignedPrefixList Section 3 module allows for many different ways to …

… extensions for IP addresses and AS numbers representation defined in RFC 3779 [RFC3779]. Also, Cryptographic Message Syntax (CMS) [RFC5652] is used as the syntax Lepinski & Kent Informational [Page 3] RFC 6480 RPKI Architecture February 2012 for the newly defined signed objects …

…extensions for IP addresses and AS numbers representation defined in RFC 3779 [ RFC3779 ]. Also, Cryptographic Message Syntax (CMS) [ RFC5652 ] is used as the syntax Lepinski & Kent Informational [Page 3] RFC 6480 RPKI Architecture February 2012 for the newly defined signed objec…

…e extensions for IP addresses and AS numbers representation defined in RFC 3779 RFC3779 ]. Also, Cryptographic Message Syntax (CMS) [ RFC5652 ] is used as the syntax Lepinski & Kent Informational [Page 3] RFC 6480 RPKI Architecture February 2012 for the newly defined signed objec…

…the various RPKI objects, uses, and interpretations described in the following: RFC3779 RFC6480 RFC6481 RFC6487 , and RFC6488 A process to construct and sign RPKI Trust Anchor constraints is specified in I-D.nro-sidrops-ta-constraints Such signed distributed constraints can serve…

…ibute the TA per se. In the RPKI, certificates contain one or more extensions [ RFC3779 ] that can contain a set of IP Address Delegations and/or Autonomous System Identifier Delegations. In this document, we refer to these delegations as the Internet Number Resources (INRs) cont…

…ion ( Section 4.2.1.4 of [ RFC5280 ), and the Internet Number Resources (INR) ( RFC3779 ). Relying Parties periodically fetch TA certificates from online locations and verify that the key of the self-signed certificate matches the key embedded in its associated Trust Anchor Locat…

…hose described in Section 9 of [ RFC6487 ] . ¶ The Security Considerations of [ RFC3779 ] , [ RFC5280 ] , and [ RFC6487 ] apply to Resource Certificates and CRLs. ¶ This document explicates that, in the RPKI, the CRL listed on the certificate issuer's current manifest is the one …

…name attribute contain the literal string "ROUTER-" followed by the 32-bit ASN [RFC3779] encoded as eight hexadecimal digits and that the serial number attribute contain the 32-bit BGP Identifier [RFC4271] (i.e., the router ID) encoded as eight hexadecimal digits. If there is mor…

…ame attribute contain the literal string "ROUTER-" followed by the 32-bit ASN [ RFC3779 ] encoded as eight hexadecimal digits and that the serial number attribute contain the 32-bit BGP Identifier [ RFC4271 ] (i.e., the router ID) encoded as eight hexadecimal digits. If there is …