A Profile for Autonomous System Provider Authorization
draft-ietf-sidrops-aspa-profile-15
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
---|---|---|---|
Authors | Alexander Azimov , Eugene Uskov , Randy Bush , Job Snijders , Russ Housley , Ben Maddison | ||
Last updated | 2023-06-08 | ||
Replaces | draft-azimov-sidrops-aspa-profile | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | In WG Last Call | |
Document shepherd | Chris Morrow | ||
IESG | IESG state | I-D Exists | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | morrowc@ops-netman.net |
draft-ietf-sidrops-aspa-profile-15
Appendix A. Example ASPA eContent Payload Below an example of a DER encoded ASPA eContent is provided with annotation following the '#' character. $ echo 301da00302010102023cca301202020b620202205b020300c790020303259e \ | xxd -r -ps | openssl asn1parse -inform DER -dump -i 0:d=0 hl=2 l= 29 cons: SEQUENCE 2:d=1 hl=2 l= 3 cons: cont [ 0 ] 4:d=2 hl=2 l= 1 prim: INTEGER :01 7:d=1 hl=2 l= 2 prim: INTEGER :3CCA # Customer ASID 15562 11:d=1 hl=2 l= 18 cons: SEQUENCE 13:d=2 hl=2 l= 2 prim: INTEGER :0B62 # ProviderAS 2914 17:d=2 hl=2 l= 2 prim: INTEGER :205B # ProviderAS 8283 21:d=2 hl=2 l= 3 prim: INTEGER :C790 # ProviderAS 51088 26:d=2 hl=2 l= 3 prim: INTEGER :03259E # ProviderAS 206238 Below is a complete Base64 [RFC4648] encoded RPKI ASPA Signed Object. Azimov, et al. Expires 10 December 2023 [Page 11] Internet-Draft RPKI ASPA Profile June 2023 MIIGoQYJKoZIhvcNAQcCoIIGkjCCBo4CAQMxDTALBglghkgBZQMEAgEwMAYLKoZIhvcNAQkQ ATGgIQQfMB2gAwIBAQICPMowEgICC2ICAiBbAgMAx5ACAwMlnqCCBJgwggSUMIIDfKADAgEC AgoAocd1L/ix0uAfMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNhYTgwNWRiYWMzNjQ3 NDliOWIxMTU1OTBhYjZlZjBmOTcwY2RiZDgwHhcNMjMwNjA3MDkwODE0WhcNMjQwNjA2MDkw ODE0WjAVMRMwEQYDVQQDDAoxNjg2MTI4MDAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEA9YsEEF6Mb6Rhj7W35W9F8vT9OnGpMopJDL9y05Tms49iQ5hnZKXiabmwPKEn9Uat QU4Klff/2XkFXrjnmGcA/jb5C/22JlM1WRZcFfKwJXGWBf9HW2qlz9KTKT07vkFFp8+H6NTu MPX/nuEFFMlgWVV/dS5x5gjFuGmhBpXiKhIiNAhTqFdXQwJoI3BCngt4G4rLhu0zHsAH9/El s4XWk57HoKScj2mKAoHMWrLJxC9BRiqVXfZ7xAbuYDnrHFuGpZKp+BCB4mVJIT/a5LnUH/kp 6Dih5833FbWZ0Au9pKqUBYD7J0QT/LGqvHSTX0zS9xGr5z3vg8glCecoAOIylQIDAQABo4IB xjCCAcIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTmbzR/BjCz/cWIUPsmJCMCpnVFhDAf BgNVHSMEGDAWgBTKqAXbrDZHSbmxFVkKtu8Plwzb2DAYBgNVHSABAf8EDjAMMAoGCCsGAQUF Bw4CMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAjzKMGQGCCsGAQUFBwEBBFgwVjBUBggrBgEF BQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC95cWdGMjZ3 MlIwbTVzUlZaQ3JidkQ1Y00yOWcuY2VyMGQGA1UdHwRdMFswWaBXoFWGU3JzeW5jOi8vY2hs b2Uuc29ib3Jub3N0Lm5ldC9ycGtpL1JJUEUtbmxqb2JzbmlqZGVycy95cWdGMjZ3MlIwbTVz UlZaQ3JidkQ1Y00yOWcuY3JsMG8GCCsGAQUFBwELBGMwYTBfBggrBgEFBQcwC4ZTcnN5bmM6 Ly9jaGxvZS5zb2Jvcm5vc3QubmV0L3Jwa2kvUklQRS1ubGpvYnNuaWpkZXJzLzVtODBmd1l3 c18zRmlGRDdKaVFqQXFaMVJZUS5hc2EwDQYJKoZIhvcNAQELBQADggEBADMA9gmyYb+tw623 Y0hiwMkfh8UIWBLl8TzuE/oV1+lV1vMmoZN2DZvS0DTBGHyDJosSxCfFIVgiBxyZ4Hz+5Kz3 p+SCiv+W4Xm4/2IR9KZpd4XFldvz0m82rtjadiD9pP2pEoQ7hpv/QjJwWA2Lo8BgSUTF6x/E 1nIhvLqmQTNyW/McSIyT3zctekg2lJVYUhIgMdO7HI0gzDKY8iPcTTGa9hzQBt5r0j1ukfgy 9mRnLB6u1v6qa1VKIgxsCO5r4X4ClvQeFdhgx1XqZ2YAB0fhfK+ouIk52gIXnfDD6T3O1wU7 3bNDRqNBPb3B6fGV+XtAszI4lzQcgmWz1Vel7EExggGqMIIBpgIBA4AU5m80fwYws/3FiFD7 JiQjAqZ1RYQwCwYJYIZIAWUDBAIBoGswGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAExMBwG CSqGSIb3DQEJBTEPFw0yMzA2MDcwOTA4NDFaMC8GCSqGSIb3DQEJBDEiBCAJcXvBATD7chRb oBj7Kghjf+uaiuybzdAcFPCzBXweYDANBgkqhkiG9w0BAQEFAASCAQDRbk4QaP0AdYgtgxds 3T/qgz0+m0RT2ue/5vqnhqCIqJBUjjrVOi2kgR3xhXFJfwz0pMuvUD6ikMdb9OsjvkpGqprN xepbslSGf2OrrYHa36qF38KsXrPNASslNDCn7eN/TBoOV+8tacOFcPEyC7stuFw5GtvL37RS /ZvyDm8NMo06JynhZ2me3sTJVpqTopv0vqVQi0VLCNEq+CQiDPEdqGEVDT9y2dVIVZ3J54Lq v76sXvhswso7CpMzTJyEx2VcIXwADMKZF/nWciTrkNzLfahVsL6UzflvMqNo3nVYJIsnF6U3 O3Niq7vO05r1PyS/pZqe+uwbV2gGQMcXwrvt The above should decode as following: Azimov, et al. Expires 10 December 2023 [Page 12] Internet-Draft RPKI ASPA Profile June 2023 Object SHA256 hash: s25yLaks3OXBzJcW3ZgvlLDiPUpyZbQk2jDHaPDgn1w= EE Subject key identifier: E6:6F:34:7F:06:30:B3:FD:C5:88:50:FB:26:24:23:02:A6:75:45:84 EE Certificate issuer: /CN=caa805dbac364749b9b115590ab6ef0f970cdbd8 EE Certificate serial: A1C7752FF8B1D2E01F EE Authority key identifier: CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8 EE Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer EE Subject info access: rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/5m80fwYws_3FiFD7JiQjAqZ1RYQ.asa CMS Signing time: Wed 07 Jun 2023 09:08:41 +0000 EE notBefore: Wed 07 Jun 2023 09:08:14 +0000 EE notAfter: Thu 06 Jun 2024 09:08:14 +0000 ASPA eContent: Customer AS: 15562 Provider Set: 1: AS: 2914 2: AS: 8283 3: AS: 51088 4: AS: 206238 Authors' Addresses Alexander Azimov Yandex Email: a.e.azimov@gmail.com Eugene Uskov JetLend Email: eu@jetlend.ru Randy Bush Internet Initiative Japan Email: randy@psg.com Job Snijders Fastly Amsterdam Netherlands Email: job@fastly.com Russ Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 United States of America Azimov, et al. Expires 10 December 2023 [Page 13] Internet-Draft RPKI ASPA Profile June 2023 Email: housley@vigilsec.com Ben Maddison Workonline Cape Town South Africa Email: benm@workonline.africa Azimov, et al. Expires 10 December 2023 [Page 14]