2735 lines
111 KiB
Plaintext
2735 lines
111 KiB
Plaintext
|
|
running 1 test
|
|
== TAL / TA / TrustAnchor ==
|
|
Fixture (TAL): tests/fixtures/tal/ripe-ncc.tal
|
|
Fixture (TA): tests/fixtures/ta/ripe-ncc-ta.cer
|
|
TA.verify_self_signature=Ok(())
|
|
TalPretty {
|
|
raw: BytesFmt {
|
|
len: 482,
|
|
sha256_hex: "59ca27ef93f23682749fcefe7c6d70fbc723343549ff9e4d3996acaff79817fb",
|
|
head_hex: "68747470733a2f2f72706b692e726970",
|
|
tail_hex: "67424d794c320a56774944415141420a",
|
|
},
|
|
comments: [],
|
|
ta_uris: [
|
|
"https://rpki.ripe.net/ta/ripe-ncc-ta.cer",
|
|
"rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer",
|
|
],
|
|
subject_public_key_info_der: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "5e22b2daa07f1a6b78d2f81b0ca5e06eafc2a9c817d1edfc78021522a987b34e",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "b13e03a38b78013322f6570203010001",
|
|
},
|
|
}
|
|
TaCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1036,
|
|
sha256_hex: "ff8b6776d2525ecf4fba789c61b919d352a59d651ac596a4f006cfc91bdb9150",
|
|
head_hex: "30820408308202f0a003020102020201",
|
|
tail_hex: "00b2f02145586bce21fa17db1da60872",
|
|
},
|
|
rc_ca: ResourceCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1036,
|
|
sha256_hex: "ff8b6776d2525ecf4fba789c61b919d352a59d651ac596a4f006cfc91bdb9150",
|
|
head_hex: "30820408308202f0a003020102020201",
|
|
tail_hex: "00b2f02145586bce21fa17db1da60872",
|
|
},
|
|
tbs: RpkixTbsCertificatePretty {
|
|
version: 2,
|
|
serial_number: "011e",
|
|
signature_algorithm: "1.2.840.113549.1.1.11",
|
|
issuer_dn: "CN=ripe-ncc-ta",
|
|
subject_dn: "CN=ripe-ncc-ta",
|
|
validity_not_before: 2026-01-14 10:50:01.0 +00:00:00,
|
|
validity_not_after: 2026-04-14 10:50:01.0 +00:00:00,
|
|
subject_public_key_info: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "5e22b2daa07f1a6b78d2f81b0ca5e06eafc2a9c817d1edfc78021522a987b34e",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "b13e03a38b78013322f6570203010001",
|
|
},
|
|
extensions: RcExtensionsPretty {
|
|
basic_constraints_ca: true,
|
|
subject_key_identifier: Some(
|
|
BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "7ab8fc2dc07908f8a95c22bc4dd168fed02cc3217f37797047fcbf4a949d82f1",
|
|
head_hex: "e8552b1fd6d1a4f7e404c6d8e5680d1e",
|
|
tail_hex: "d6d1a4f7e404c6d8e5680d1ebc163fc3",
|
|
},
|
|
),
|
|
subject_info_access: Some(
|
|
Ca(
|
|
SubjectInfoAccessCa {
|
|
access_descriptions: [
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.5",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.ripe.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repository/",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.10",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.ripe.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repository/ripe-ncc-ta.mft",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.13",
|
|
access_location: Url {
|
|
scheme: "https",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rrdp.ripe.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/notification.xml",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
),
|
|
),
|
|
certificate_policies_oid: Some(
|
|
"1.3.6.1.5.5.7.14.2",
|
|
),
|
|
ip_resources: Some(
|
|
IpResourceSet {
|
|
families: [
|
|
IpAddressFamily {
|
|
afi: Ipv4,
|
|
choice: AddressesOrRanges(
|
|
[
|
|
Prefix(
|
|
IpPrefix {
|
|
afi: Ipv4,
|
|
prefix_len: 0,
|
|
addr: [
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
),
|
|
],
|
|
),
|
|
},
|
|
IpAddressFamily {
|
|
afi: Ipv6,
|
|
choice: AddressesOrRanges(
|
|
[
|
|
Prefix(
|
|
IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 0,
|
|
addr: [
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
),
|
|
],
|
|
),
|
|
},
|
|
],
|
|
},
|
|
),
|
|
as_resources: Some(
|
|
AsResourceSet {
|
|
asnum: Some(
|
|
AsIdsOrRanges(
|
|
[
|
|
Range {
|
|
min: 0,
|
|
max: 4294967295,
|
|
},
|
|
],
|
|
),
|
|
),
|
|
rdi: None,
|
|
},
|
|
),
|
|
},
|
|
},
|
|
kind: Ca,
|
|
},
|
|
}
|
|
TrustAnchorPretty {
|
|
tal: TalPretty {
|
|
raw: BytesFmt {
|
|
len: 482,
|
|
sha256_hex: "59ca27ef93f23682749fcefe7c6d70fbc723343549ff9e4d3996acaff79817fb",
|
|
head_hex: "68747470733a2f2f72706b692e726970",
|
|
tail_hex: "67424d794c320a56774944415141420a",
|
|
},
|
|
comments: [],
|
|
ta_uris: [
|
|
"https://rpki.ripe.net/ta/ripe-ncc-ta.cer",
|
|
"rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer",
|
|
],
|
|
subject_public_key_info_der: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "5e22b2daa07f1a6b78d2f81b0ca5e06eafc2a9c817d1edfc78021522a987b34e",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "b13e03a38b78013322f6570203010001",
|
|
},
|
|
},
|
|
ta_certificate: TaCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1036,
|
|
sha256_hex: "ff8b6776d2525ecf4fba789c61b919d352a59d651ac596a4f006cfc91bdb9150",
|
|
head_hex: "30820408308202f0a003020102020201",
|
|
tail_hex: "00b2f02145586bce21fa17db1da60872",
|
|
},
|
|
rc_ca: ResourceCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1036,
|
|
sha256_hex: "ff8b6776d2525ecf4fba789c61b919d352a59d651ac596a4f006cfc91bdb9150",
|
|
head_hex: "30820408308202f0a003020102020201",
|
|
tail_hex: "00b2f02145586bce21fa17db1da60872",
|
|
},
|
|
tbs: RpkixTbsCertificatePretty {
|
|
version: 2,
|
|
serial_number: "011e",
|
|
signature_algorithm: "1.2.840.113549.1.1.11",
|
|
issuer_dn: "CN=ripe-ncc-ta",
|
|
subject_dn: "CN=ripe-ncc-ta",
|
|
validity_not_before: 2026-01-14 10:50:01.0 +00:00:00,
|
|
validity_not_after: 2026-04-14 10:50:01.0 +00:00:00,
|
|
subject_public_key_info: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "5e22b2daa07f1a6b78d2f81b0ca5e06eafc2a9c817d1edfc78021522a987b34e",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "b13e03a38b78013322f6570203010001",
|
|
},
|
|
extensions: RcExtensionsPretty {
|
|
basic_constraints_ca: true,
|
|
subject_key_identifier: Some(
|
|
BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "7ab8fc2dc07908f8a95c22bc4dd168fed02cc3217f37797047fcbf4a949d82f1",
|
|
head_hex: "e8552b1fd6d1a4f7e404c6d8e5680d1e",
|
|
tail_hex: "d6d1a4f7e404c6d8e5680d1ebc163fc3",
|
|
},
|
|
),
|
|
subject_info_access: Some(
|
|
Ca(
|
|
SubjectInfoAccessCa {
|
|
access_descriptions: [
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.5",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.ripe.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repository/",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.10",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.ripe.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repository/ripe-ncc-ta.mft",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.13",
|
|
access_location: Url {
|
|
scheme: "https",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rrdp.ripe.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/notification.xml",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
),
|
|
),
|
|
certificate_policies_oid: Some(
|
|
"1.3.6.1.5.5.7.14.2",
|
|
),
|
|
ip_resources: Some(
|
|
IpResourceSet {
|
|
families: [
|
|
IpAddressFamily {
|
|
afi: Ipv4,
|
|
choice: AddressesOrRanges(
|
|
[
|
|
Prefix(
|
|
IpPrefix {
|
|
afi: Ipv4,
|
|
prefix_len: 0,
|
|
addr: [
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
),
|
|
],
|
|
),
|
|
},
|
|
IpAddressFamily {
|
|
afi: Ipv6,
|
|
choice: AddressesOrRanges(
|
|
[
|
|
Prefix(
|
|
IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 0,
|
|
addr: [
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
),
|
|
],
|
|
),
|
|
},
|
|
],
|
|
},
|
|
),
|
|
as_resources: Some(
|
|
AsResourceSet {
|
|
asnum: Some(
|
|
AsIdsOrRanges(
|
|
[
|
|
Range {
|
|
min: 0,
|
|
max: 4294967295,
|
|
},
|
|
],
|
|
),
|
|
),
|
|
rdi: None,
|
|
},
|
|
),
|
|
},
|
|
},
|
|
kind: Ca,
|
|
},
|
|
},
|
|
resolved_ta_uri: Some(
|
|
"https://rpki.ripe.net/ta/ripe-ncc-ta.cer",
|
|
),
|
|
}
|
|
|
|
== ResourceCertificate (example non-TA CA cert) ==
|
|
Fixture (CA cert): tests/fixtures/repository/rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
|
|
ResourceCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1530,
|
|
sha256_hex: "f808d47a98cdda9d12273b76b3cf809f6f8a6c15f92a9fd7fa634bf96726e7fb",
|
|
head_hex: "308205f6308204dea003020102020302",
|
|
tail_hex: "d24798cd14df0f3485322a6af1765703",
|
|
},
|
|
tbs: RpkixTbsCertificatePretty {
|
|
version: 2,
|
|
serial_number: "0285ba",
|
|
signature_algorithm: "1.2.840.113549.1.1.11",
|
|
issuer_dn: "CN=A90DC5BE, serialNumber=0E65A4F5FD36B5BD68EB3C923408978C907AA79F",
|
|
subject_dn: "CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA",
|
|
validity_not_before: 2026-01-13 1:04:39.0 +00:00:00,
|
|
validity_not_after: 2026-09-30 0:00:00.0 +00:00:00,
|
|
subject_public_key_info: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "5768f1fbcdf3bd8425856f04a2b8d2bc716d5b88d78c3301674111f414c8e1c8",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "ea15c1433970ec93a196f70203010001",
|
|
},
|
|
extensions: RcExtensionsPretty {
|
|
basic_constraints_ca: true,
|
|
subject_key_identifier: Some(
|
|
BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "c6e74258f26c93a20e14cbf48b0615f939b9833498223a9fab15a3bacbce6054",
|
|
head_hex: "05fc9c5b88506f7c0d3f862c8895bed6",
|
|
tail_hex: "88506f7c0d3f862c8895bed67e9f8eba",
|
|
},
|
|
),
|
|
subject_info_access: Some(
|
|
Ca(
|
|
SubjectInfoAccessCa {
|
|
access_descriptions: [
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.5",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.cernet.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repo/cernet/0/",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.10",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.cernet.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.13",
|
|
access_location: Url {
|
|
scheme: "https",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.cernet.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/rrdp/notification.xml",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
),
|
|
),
|
|
certificate_policies_oid: Some(
|
|
"1.3.6.1.5.5.7.14.2",
|
|
),
|
|
ip_resources: Some(
|
|
IpResourceSet {
|
|
families: [
|
|
IpAddressFamily {
|
|
afi: Ipv6,
|
|
choice: AddressesOrRanges(
|
|
[
|
|
Prefix(
|
|
IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
32,
|
|
1,
|
|
2,
|
|
83,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
),
|
|
Prefix(
|
|
IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 20,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
),
|
|
],
|
|
),
|
|
},
|
|
],
|
|
},
|
|
),
|
|
as_resources: Some(
|
|
AsResourceSet {
|
|
asnum: Some(
|
|
AsIdsOrRanges(
|
|
[
|
|
Id(
|
|
4538,
|
|
),
|
|
Id(
|
|
23910,
|
|
),
|
|
Range {
|
|
min: 142067,
|
|
max: 142106,
|
|
},
|
|
Range {
|
|
min: 142650,
|
|
max: 146745,
|
|
},
|
|
],
|
|
),
|
|
),
|
|
rdi: None,
|
|
},
|
|
),
|
|
},
|
|
},
|
|
kind: Ca,
|
|
}
|
|
|
|
== Signed Object / Manifest ==
|
|
Fixture (MFT): tests/fixtures/repository/rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
|
|
ManifestObjectPretty {
|
|
signed_object: RpkiSignedObjectPretty {
|
|
raw_der: BytesFmt {
|
|
len: 5092,
|
|
sha256_hex: "fa9d659350a08f9604bf7e396ec3859b9d7fae63304fdbd5847a8d8af36fd234",
|
|
head_hex: "308213e006092a864886f70d010702a0",
|
|
tail_hex: "87d362f615ecfb50b55f88cb1374b36c",
|
|
},
|
|
content_info_content_type: "1.2.840.113549.1.7.2",
|
|
signed_data: SignedDataProfiledPretty {
|
|
version: 3,
|
|
digest_algorithms: [
|
|
"2.16.840.1.101.3.4.2.1",
|
|
],
|
|
encap_content_info: EncapsulatedContentInfoPretty {
|
|
econtent_type: "1.2.840.113549.1.9.16.1.26",
|
|
econtent: BytesFmt {
|
|
len: 3298,
|
|
sha256_hex: "c6fd2742cec79a42298c2436daea32184f66ffa4d35a859f3beb82093738c60b",
|
|
head_hex: "30820cde02010c180f32303236303132",
|
|
tail_hex: "43c532748b7ba6abc129cdf3b90a8cd4",
|
|
},
|
|
},
|
|
certificates: [
|
|
ResourceEeCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1294,
|
|
sha256_hex: "15bf428ab43e1052a3ea4ad84033adb31b5b14cd08b21aaae6dc7f8e11233460",
|
|
head_hex: "3082050a308203f2a003020102021411",
|
|
tail_hex: "53ce0f1ffa2a23ffcf4ec371a6b222d0",
|
|
},
|
|
subject_key_identifier: BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "dfab94827da07e0c6f788db45a9603b92477917c02e8111a37b655f84f7c6857",
|
|
head_hex: "ccc6ae90bfdce2956877d02475a2b5f7",
|
|
tail_hex: "bfdce2956877d02475a2b5f77150b8f3",
|
|
},
|
|
spki_der: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "2acddf7d96da20cf612528f69e1b73145ca322b83ac1aaf751ba9280bce2ace2",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "64f865a58abd34c5885f670203010001",
|
|
},
|
|
sia_signed_object_uris: [
|
|
"rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft",
|
|
],
|
|
resource_cert: ResourceCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1294,
|
|
sha256_hex: "15bf428ab43e1052a3ea4ad84033adb31b5b14cd08b21aaae6dc7f8e11233460",
|
|
head_hex: "3082050a308203f2a003020102021411",
|
|
tail_hex: "53ce0f1ffa2a23ffcf4ec371a6b222d0",
|
|
},
|
|
tbs: RpkixTbsCertificatePretty {
|
|
version: 2,
|
|
serial_number: "11bbdcbd8ee49958f2683fe200bf12196ca8f285",
|
|
signature_algorithm: "1.2.840.113549.1.1.11",
|
|
issuer_dn: "CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA",
|
|
subject_dn: "CN=CCC6AE90BFDCE2956877D02475A2B5F77150B8F3",
|
|
validity_not_before: 2026-01-20 20:26:38.0 +00:00:00,
|
|
validity_not_after: 2026-01-21 21:42:38.0 +00:00:00,
|
|
subject_public_key_info: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "2acddf7d96da20cf612528f69e1b73145ca322b83ac1aaf751ba9280bce2ace2",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "64f865a58abd34c5885f670203010001",
|
|
},
|
|
extensions: RcExtensionsPretty {
|
|
basic_constraints_ca: false,
|
|
subject_key_identifier: Some(
|
|
BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "dfab94827da07e0c6f788db45a9603b92477917c02e8111a37b655f84f7c6857",
|
|
head_hex: "ccc6ae90bfdce2956877d02475a2b5f7",
|
|
tail_hex: "bfdce2956877d02475a2b5f77150b8f3",
|
|
},
|
|
),
|
|
subject_info_access: Some(
|
|
Ee(
|
|
SubjectInfoAccessEe {
|
|
signed_object_uris: [
|
|
Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.cernet.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
],
|
|
access_descriptions: [
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.11",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.cernet.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
),
|
|
),
|
|
certificate_policies_oid: Some(
|
|
"1.3.6.1.5.5.7.14.2",
|
|
),
|
|
ip_resources: Some(
|
|
IpResourceSet {
|
|
families: [
|
|
IpAddressFamily {
|
|
afi: Ipv4,
|
|
choice: Inherit,
|
|
},
|
|
IpAddressFamily {
|
|
afi: Ipv6,
|
|
choice: Inherit,
|
|
},
|
|
],
|
|
},
|
|
),
|
|
as_resources: Some(
|
|
AsResourceSet {
|
|
asnum: Some(
|
|
Inherit,
|
|
),
|
|
rdi: None,
|
|
},
|
|
),
|
|
},
|
|
},
|
|
kind: Ee,
|
|
},
|
|
},
|
|
],
|
|
crls_present: false,
|
|
signer_infos: [
|
|
SignerInfoProfiledPretty {
|
|
version: 3,
|
|
sid_ski: BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "dfab94827da07e0c6f788db45a9603b92477917c02e8111a37b655f84f7c6857",
|
|
head_hex: "ccc6ae90bfdce2956877d02475a2b5f7",
|
|
tail_hex: "bfdce2956877d02475a2b5f77150b8f3",
|
|
},
|
|
digest_algorithm: "2.16.840.1.101.3.4.2.1",
|
|
signature_algorithm: "1.2.840.113549.1.1.1",
|
|
signed_attrs: SignedAttrsProfiledPretty {
|
|
content_type: "1.2.840.113549.1.9.16.1.26",
|
|
message_digest: BytesFmt {
|
|
len: 32,
|
|
sha256_hex: "cdcc92d0f025674ad3250c6d2bab0c78ac0b469a28506f315c59263afe74b1e8",
|
|
head_hex: "c6fd2742cec79a42298c2436daea3218",
|
|
tail_hex: "4f66ffa4d35a859f3beb82093738c60b",
|
|
},
|
|
signing_time: Asn1TimeUtc {
|
|
utc: 0026-01-20 20:31:38.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
other_attrs_present: false,
|
|
},
|
|
unsigned_attrs_present: false,
|
|
signature: BytesFmt {
|
|
len: 256,
|
|
sha256_hex: "852ce31689786d688ac409457f37135ad1d5a433f5cce0567a1a971332d81ca9",
|
|
head_hex: "0bf0a0544cb4cc5f7c50b04a8231a021",
|
|
tail_hex: "87d362f615ecfb50b55f88cb1374b36c",
|
|
},
|
|
signed_attrs_der_for_signature: BytesFmt {
|
|
len: 109,
|
|
sha256_hex: "4787ade978e60d2d693652d87146f219eb59ea1fbb4523f6f3a33ef10f466b63",
|
|
head_hex: "316b301a06092a864886f70d01090331",
|
|
tail_hex: "4f66ffa4d35a859f3beb82093738c60b",
|
|
},
|
|
},
|
|
],
|
|
},
|
|
},
|
|
econtent_type: "1.2.840.113549.1.9.16.1.26",
|
|
manifest: ManifestEContentPretty {
|
|
version: 0,
|
|
manifest_number: "0C",
|
|
this_update: 2026-01-20 20:26:38.0 +00:00:00,
|
|
next_update: 2026-01-21 21:42:38.0 +00:00:00,
|
|
file_hash_alg: "2.16.840.1.101.3.4.2.1",
|
|
files: [
|
|
FileAndHashPretty {
|
|
file_name: "AS142652.roa",
|
|
hash_hex: "2d021e9be5bb590aac6277c0f72e1ce3c136f59a1ceb2d22dd9cc66de529557a",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142101.roa",
|
|
hash_hex: "e8e149aaaafc81ab3403c51527c195e880874a0e51aff54007d8d49bcbc1e002",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142095.roa",
|
|
hash_hex: "ccfcc64efccd58f5fd1faf5c28e0cf0f13a9ca16fadf22e7723ce9baace06999",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144702.roa",
|
|
hash_hex: "c90ae0f87e1f08a582fb4d5d0bec6d166e6be3829a99c55d064d3b5ba872aeb4",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142092.roa",
|
|
hash_hex: "b201324156a82299076cc49e1863a9848df044d446061bd16b0b6206dfcfbd15",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142104.roa",
|
|
hash_hex: "2413c3a28761c5fdeaee9c58f979d932343c4964fd12dc10ebad770f196919af",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142079.roa",
|
|
hash_hex: "53e4a3b3bde9ac3643ead02dd2fdd4a0b951403aeeeda064c370ac817fbe79d1",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142085.roa",
|
|
hash_hex: "fce94c84e2fd678aad061d7e891b976baff2164127aec786aabff878084afca1",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142075.roa",
|
|
hash_hex: "8f24519cce9ba9c8b0b5430957751813d56a88e1fbd78abb354196f3337486a2",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142656.roa",
|
|
hash_hex: "e853607e2527f6b3b564a9732f3448859ae56f545236ff1e8197b91d1bf90efc",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142074.roa",
|
|
hash_hex: "fad617d77b16279b57a411b589ffd1b56c16a8848c7721e0ae9fc5b0a3488497",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144707.roa",
|
|
hash_hex: "137543e13b15bb8a1e677ce2e3643f25bc7eab0813cbc00ec43c9878d25f0e07",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142094.roa",
|
|
hash_hex: "db8b45004808ae0769f265e4b869e320d98a27a635234ec3db9cfbe48228aa73",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142099.roa",
|
|
hash_hex: "d074661bf8ca15fb6c4685506938f79a4104ee965640755949dcca57704af7ce",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142078.roa",
|
|
hash_hex: "bf84b0204969811f5b0fb2eb45634d673a8b857a40d14755837fe06d74f2d296",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142659.roa",
|
|
hash_hex: "1017bb2340fbabe169a3d9d1e854db1b77765304d690288a64a865dc4b114cb9",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142077.roa",
|
|
hash_hex: "da71c05e9ad543bae2fd22e26f7b4e4a8b7fe62da258c83a1a4c7b43e4e8ae23",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144701.roa",
|
|
hash_hex: "79f989c162dfff790bbe82e5bc809f96c8ac3e40ede7088bcd87d7f0ec395cf2",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142082.roa",
|
|
hash_hex: "c5befbc11f4a1d097cbb5171adbac5ff08fbbbb562bf11ac316f6cc37b152cfe",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142653.roa",
|
|
hash_hex: "0861dca303c2a82f25b769f96561144cec750df6969727e61ee89b773d299327",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144699.roa",
|
|
hash_hex: "7244828009953e2e35c2021e854c73c3f79e898e703905a54176e7f751f599ef",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144706.roa",
|
|
hash_hex: "fe6adc1662f9261b1694db2b6c9800933c60a60c05376874c70cb5d20c04d908",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142658.roa",
|
|
hash_hex: "0fbf94093699afa9df25ee75f107973f56f5c09f71fea9e8b13d6fbec727caf8",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142070.roa",
|
|
hash_hex: "fe85f3642f96f7c7e7f78a5654763a409cc077cbe99d01124c073c4049917664",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144703.roa",
|
|
hash_hex: "3b26d68d2e8421d71ce806e726e6736b807bb89693d2bfaea003a1527bbfd261",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142106.roa",
|
|
hash_hex: "0213b0bf39d9a99f47d4f757e48aa99967aefba169247c4d5c73db72c2eabfd2",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144700.roa",
|
|
hash_hex: "c873e91c3c1d56b104da71cae089899940e6737a282edbe36a24f994cb5631d1",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142081.roa",
|
|
hash_hex: "0e3f8e057e7a2eacf3f2706cdccc013b61b51329d78e1c22b06b82a207f829e0",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142102.roa",
|
|
hash_hex: "72d75c5f9a7d83fdcce19b8475cb420fb49c5eb54aba996295108c77786f0970",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142083.roa",
|
|
hash_hex: "cf2d86b3d2d2a5ab9801d11a2662090d76faece8da40e3cefd4f069ace1df391",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142084.roa",
|
|
hash_hex: "b93315b18b1350962ab27d268e4f84cd5640de32f61e0fb4d94dd595892364f7",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142103.roa",
|
|
hash_hex: "02ac124a63aa1089bf294e8a2147f320ef5952ab13c28871cea11d3008b5517b",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142105.roa",
|
|
hash_hex: "8e9736c1b53f6dad6f86767a8aaddd6d963840fe44bd6109b98c6e814a6c71b9",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142087.roa",
|
|
hash_hex: "4b7db03a61edd9dedbdea96453270db5bf182a062d7e3d9e1446cc75eb088ebc",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142068.roa",
|
|
hash_hex: "b88eae74ac6f89904f061e46bded86a12053848346a2e8b92bb8e91df7160edd",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142654.roa",
|
|
hash_hex: "4d197f742717303f917686f4a8637e2ec59a116af65aa7838ec5806f0ad8416f",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142098.roa",
|
|
hash_hex: "987a49344daabfca566b9c84aa3a07622ade9ee5aec6eb393df8d557393e7113",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142100.roa",
|
|
hash_hex: "6c1568843892315f0741b6401ae71eb09dff5a78359add7be3b7e10bf7c02ead",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142090.roa",
|
|
hash_hex: "21d83ef197954e920c7b042bc07f2639df608eaf3f91386c01786f19f7eb682d",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142093.roa",
|
|
hash_hex: "a56b4b58be4834cd38688638f5f9914962a8dd947341d786592b0c4e74599136",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142655.roa",
|
|
hash_hex: "1d41cd1d45d28fac384ae4012845b7789fca5e426509b5a2f77e525b3e845e67",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl",
|
|
hash_hex: "aef128252cc8b23eb92edb18739fe31dea42e7ba3bd1129020bf2b24cc728bfb",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142089.roa",
|
|
hash_hex: "cde2163c08bc1b73acb3ec42d3aaebfd375f57b83f2821b1ff491c75fee2b4e9",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144705.roa",
|
|
hash_hex: "d0de5d8305988fb49eb065298de4f445122cda85075a9d8eea0a0d6397dd406f",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142657.roa",
|
|
hash_hex: "f139314accd423f6d487a86a47cd2c2bd1cc6d17a4c9b785fd93b0e3fa195fb6",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142097.roa",
|
|
hash_hex: "77d36d3e509a3e863b78ddd37108c9a7bd0d7f62ad05cb3434b56ee1bd6baf78",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142072.roa",
|
|
hash_hex: "d9f9f3e232dddf158baa0031cb7ab4c735b9252cd1a6ac9f1817b9e21fbd3135",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142091.roa",
|
|
hash_hex: "6504aa013a99183135692afd64fb68e0a725468ed48fd874dcfa7fe947f1576f",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142096.roa",
|
|
hash_hex: "fdd6829a02ddf80d336fe0ad4ffffd5c9a6061a18eb84696fe128b2090422144",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142088.roa",
|
|
hash_hex: "f52f9f959284e183a3e2672f849fe1fa33dc357b9762c3b8316f7b655318b898",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142080.roa",
|
|
hash_hex: "a949fd1af933423bb25b8cdd57487bf5b268df9c357ea144c192933acd268396",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144698.roa",
|
|
hash_hex: "e1075f996746a3bd5fc1baa3ac0f5911fac7427abb9955845541d387c95daabf",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142076.roa",
|
|
hash_hex: "9ee485f65fb2ba22a9e4bc2f260e4a51a5da2d01a47ca8529f2608fe455a7de1",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142651.roa",
|
|
hash_hex: "184bc245ba4bd52982275d6aed7412456c77a126a6d04c42972927557f211724",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142071.roa",
|
|
hash_hex: "5c8c07ab74ab6574cfb172bb60895ccdf8ef405db98468d9ef7bef8afd187b03",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS144704.roa",
|
|
hash_hex: "c76faf1cf9dc91d0c40aec356b9f32929861cbadc6fe35a2c16762f64f104e87",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS23910.roa",
|
|
hash_hex: "75cffffe656821caa8841802db34b1c15fb37a5210ceea3f66d43b413dee44da",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142069.roa",
|
|
hash_hex: "fa05c5bdf62527c2435e41fdb270987296a25c8f182c3a26f1032f658eccaf43",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS4538.roa",
|
|
hash_hex: "a1a20efbd741a2b8d529397217e60881c0e2dd16724c73ca43d8c065c6a6312d",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142086.roa",
|
|
hash_hex: "a5a6d2376f610d4099a93fac0d9a137460f99720647ab439b6153658c10aea0e",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142067.roa",
|
|
hash_hex: "00a60c9bd40a21d9ee7dee909e5cd47936117e4680bfbbc55495019963fd970c",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142073.roa",
|
|
hash_hex: "7e3870d7a43d3ac160b07da180f45f7a7f3aa5f040d4ea7913fae2ef02bab313",
|
|
},
|
|
FileAndHashPretty {
|
|
file_name: "AS142650.roa",
|
|
hash_hex: "5335f79f866967bdb28d6549a49111f143c532748b7ba6abc129cdf3b90a8cd4",
|
|
},
|
|
],
|
|
},
|
|
}
|
|
Manifest.validate_embedded_ee_cert=Ok(())
|
|
Manifest.verify_signature=Ok(())
|
|
|
|
== Signed Object / ROA ==
|
|
Fixture (ROA): tests/fixtures/repository/rpki.cernet.net/repo/cernet/0/AS4538.roa
|
|
RoaObjectPretty {
|
|
signed_object: RpkiSignedObjectPretty {
|
|
raw_der: BytesFmt {
|
|
len: 1956,
|
|
sha256_hex: "a1a20efbd741a2b8d529397217e60881c0e2dd16724c73ca43d8c065c6a6312d",
|
|
head_hex: "308207a006092a864886f70d010702a0",
|
|
tail_hex: "29ddcb8cd14df5be46ffa5a8cc457d75",
|
|
},
|
|
content_info_content_type: "1.2.840.113549.1.7.2",
|
|
signed_data: SignedDataProfiledPretty {
|
|
version: 3,
|
|
digest_algorithms: [
|
|
"2.16.840.1.101.3.4.2.1",
|
|
],
|
|
encap_content_info: EncapsulatedContentInfoPretty {
|
|
econtent_type: "1.2.840.113549.1.9.16.1.24",
|
|
econtent: BytesFmt {
|
|
len: 200,
|
|
sha256_hex: "072d26630897c3a4ee419fdadaef4b71cc88de7e0e1afc5bcf48d5c5c34ef9c8",
|
|
head_hex: "3081c5020211ba3081be3081bb040200",
|
|
tail_hex: "030500240aa8083007030500240aa809",
|
|
},
|
|
},
|
|
certificates: [
|
|
ResourceEeCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1259,
|
|
sha256_hex: "6595252b039c6d6df41ee70da639e3d066835af961d378c0da40bbdbdfd04a68",
|
|
head_hex: "308204e7308203cfa003020102021432",
|
|
tail_hex: "f3ad13085c0c58793ee7a295e8c1869f",
|
|
},
|
|
subject_key_identifier: BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "ec3946c75d763701a74f1a483dc5e54e277e9a3308c03f870867f263bf25d5c8",
|
|
head_hex: "5d7f32fe5ac5281c2d057c680ab7d4cb",
|
|
tail_hex: "5ac5281c2d057c680ab7d4cb19ebe427",
|
|
},
|
|
spki_der: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "f0f3f5102473cb81c363b156d12b4fbb609ebb0b6d78ccfee803c1c2d87459e9",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "e9aac4696169dd7a3dd4650203010001",
|
|
},
|
|
sia_signed_object_uris: [
|
|
"rsync://rpki.cernet.net/repo/cernet/0/AS4538.roa",
|
|
],
|
|
resource_cert: ResourceCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1259,
|
|
sha256_hex: "6595252b039c6d6df41ee70da639e3d066835af961d378c0da40bbdbdfd04a68",
|
|
head_hex: "308204e7308203cfa003020102021432",
|
|
tail_hex: "f3ad13085c0c58793ee7a295e8c1869f",
|
|
},
|
|
tbs: RpkixTbsCertificatePretty {
|
|
version: 2,
|
|
serial_number: "323d91c7755b93b6c64990354efcb0b28d82a374",
|
|
signature_algorithm: "1.2.840.113549.1.1.11",
|
|
issuer_dn: "CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA",
|
|
subject_dn: "CN=5D7F32FE5AC5281C2D057C680AB7D4CB19EBE427",
|
|
validity_not_before: 2026-01-20 1:05:16.0 +00:00:00,
|
|
validity_not_after: 2027-01-19 1:10:16.0 +00:00:00,
|
|
subject_public_key_info: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "f0f3f5102473cb81c363b156d12b4fbb609ebb0b6d78ccfee803c1c2d87459e9",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "e9aac4696169dd7a3dd4650203010001",
|
|
},
|
|
extensions: RcExtensionsPretty {
|
|
basic_constraints_ca: false,
|
|
subject_key_identifier: Some(
|
|
BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "ec3946c75d763701a74f1a483dc5e54e277e9a3308c03f870867f263bf25d5c8",
|
|
head_hex: "5d7f32fe5ac5281c2d057c680ab7d4cb",
|
|
tail_hex: "5ac5281c2d057c680ab7d4cb19ebe427",
|
|
},
|
|
),
|
|
subject_info_access: Some(
|
|
Ee(
|
|
SubjectInfoAccessEe {
|
|
signed_object_uris: [
|
|
Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.cernet.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repo/cernet/0/AS4538.roa",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
],
|
|
access_descriptions: [
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.11",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"rpki.cernet.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/repo/cernet/0/AS4538.roa",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
),
|
|
),
|
|
certificate_policies_oid: Some(
|
|
"1.3.6.1.5.5.7.14.2",
|
|
),
|
|
ip_resources: Some(
|
|
IpResourceSet {
|
|
families: [
|
|
IpAddressFamily {
|
|
afi: Ipv6,
|
|
choice: AddressesOrRanges(
|
|
[
|
|
Range(
|
|
IpAddressRange {
|
|
min: [
|
|
36,
|
|
10,
|
|
160,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
max: [
|
|
36,
|
|
10,
|
|
160,
|
|
9,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
],
|
|
},
|
|
),
|
|
Range(
|
|
IpAddressRange {
|
|
min: [
|
|
36,
|
|
10,
|
|
168,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
max: [
|
|
36,
|
|
10,
|
|
168,
|
|
9,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
255,
|
|
],
|
|
},
|
|
),
|
|
],
|
|
),
|
|
},
|
|
],
|
|
},
|
|
),
|
|
as_resources: None,
|
|
},
|
|
},
|
|
kind: Ee,
|
|
},
|
|
},
|
|
],
|
|
crls_present: false,
|
|
signer_infos: [
|
|
SignerInfoProfiledPretty {
|
|
version: 3,
|
|
sid_ski: BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "ec3946c75d763701a74f1a483dc5e54e277e9a3308c03f870867f263bf25d5c8",
|
|
head_hex: "5d7f32fe5ac5281c2d057c680ab7d4cb",
|
|
tail_hex: "5ac5281c2d057c680ab7d4cb19ebe427",
|
|
},
|
|
digest_algorithm: "2.16.840.1.101.3.4.2.1",
|
|
signature_algorithm: "1.2.840.113549.1.1.1",
|
|
signed_attrs: SignedAttrsProfiledPretty {
|
|
content_type: "1.2.840.113549.1.9.16.1.24",
|
|
message_digest: BytesFmt {
|
|
len: 32,
|
|
sha256_hex: "80de4a90e2fab6fc6fb8af3715ac05af98ef1583c9ef840ffd14a2de3d1a952c",
|
|
head_hex: "072d26630897c3a4ee419fdadaef4b71",
|
|
tail_hex: "cc88de7e0e1afc5bcf48d5c5c34ef9c8",
|
|
},
|
|
signing_time: Asn1TimeUtc {
|
|
utc: 0026-01-20 1:10:16.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
other_attrs_present: false,
|
|
},
|
|
unsigned_attrs_present: false,
|
|
signature: BytesFmt {
|
|
len: 256,
|
|
sha256_hex: "e81879e1d179bc5380e40759e5688ed2595ee3d1c425dca7928b23104a355f5b",
|
|
head_hex: "664c6f4fde0e07327386ef8cbe4e1c7d",
|
|
tail_hex: "29ddcb8cd14df5be46ffa5a8cc457d75",
|
|
},
|
|
signed_attrs_der_for_signature: BytesFmt {
|
|
len: 109,
|
|
sha256_hex: "e5c2863fcd4c2d0e7a622708e48f4243d8016042131daf8592aa7e692b4b5885",
|
|
head_hex: "316b301a06092a864886f70d01090331",
|
|
tail_hex: "cc88de7e0e1afc5bcf48d5c5c34ef9c8",
|
|
},
|
|
},
|
|
],
|
|
},
|
|
},
|
|
econtent_type: "1.2.840.113549.1.9.16.1.24",
|
|
roa: RoaEContentPretty {
|
|
version: 0,
|
|
as_id: 4538,
|
|
ip_addr_blocks: [
|
|
RoaIpAddressFamily {
|
|
afi: Ipv6,
|
|
addresses: [
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
1,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
2,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
3,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
4,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
5,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
6,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
7,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
8,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
160,
|
|
9,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
1,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
2,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
3,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
4,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
5,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
6,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
7,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
8,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
RoaIpAddress {
|
|
prefix: IpPrefix {
|
|
afi: Ipv6,
|
|
prefix_len: 32,
|
|
addr: [
|
|
36,
|
|
10,
|
|
168,
|
|
9,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
0,
|
|
],
|
|
},
|
|
max_length: None,
|
|
},
|
|
],
|
|
},
|
|
],
|
|
},
|
|
}
|
|
ROA.validate_embedded_ee_cert=Ok(())
|
|
ROA.verify_signature=Ok(())
|
|
|
|
== Signed Object / ASPA ==
|
|
Fixture (ASPA): tests/fixtures/repository/chloe.sobornost.net/rpki/RIPE-nljobsnijders/5m80fwYws_3FiFD7JiQjAqZ1RYQ.asa
|
|
AspaObjectPretty {
|
|
signed_object: RpkiSignedObjectPretty {
|
|
raw_der: BytesFmt {
|
|
len: 1705,
|
|
sha256_hex: "8232c6312ca411e9325086153cbe9c8919cd6c3d461f24f67fbf19deb7ac5c6e",
|
|
head_hex: "308206a506092a864886f70d010702a0",
|
|
tail_hex: "6bbee5fae5e7df0f80f2f634ec0a12b9",
|
|
},
|
|
content_info_content_type: "1.2.840.113549.1.7.2",
|
|
signed_data: SignedDataProfiledPretty {
|
|
version: 3,
|
|
digest_algorithms: [
|
|
"2.16.840.1.101.3.4.2.1",
|
|
],
|
|
encap_content_info: EncapsulatedContentInfoPretty {
|
|
econtent_type: "1.2.840.113549.1.9.16.1.49",
|
|
econtent: BytesFmt {
|
|
len: 31,
|
|
sha256_hex: "09717bc10130fb72145ba018fb2a08637feb9a8aec9bcdd01c14f0b3057c1e60",
|
|
head_hex: "301da00302010102023cca301202020b",
|
|
tail_hex: "0b620202205b020300c790020303259e",
|
|
},
|
|
},
|
|
certificates: [
|
|
ResourceEeCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1180,
|
|
sha256_hex: "2551bc9a93b3fd8594174b23237b4045c57912c84625f41fe2a1f7be7d326495",
|
|
head_hex: "3082049830820380a003020102020a00",
|
|
tail_hex: "02e7e664622ff7ef15dde4d99c16acc8",
|
|
},
|
|
subject_key_identifier: BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "119e4badaaadbae00903ec44813b1b21010895b4c2abd8101045b4dad605cc59",
|
|
head_hex: "e66f347f0630b3fdc58850fb26242302",
|
|
tail_hex: "0630b3fdc58850fb26242302a6754584",
|
|
},
|
|
spki_der: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "41d231fef9d454db0f2f58a15ff240bc0b69d34322f62b7bf6b0c4513b09ab9b",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "ef83c82509e72800e232950203010001",
|
|
},
|
|
sia_signed_object_uris: [
|
|
"rsync://chloe.sobornost.net/rpki/RIPE-nljobsnijders/5m80fwYws_3FiFD7JiQjAqZ1RYQ.asa",
|
|
],
|
|
resource_cert: ResourceCertificatePretty {
|
|
raw_der: BytesFmt {
|
|
len: 1180,
|
|
sha256_hex: "2551bc9a93b3fd8594174b23237b4045c57912c84625f41fe2a1f7be7d326495",
|
|
head_hex: "3082049830820380a003020102020a00",
|
|
tail_hex: "02e7e664622ff7ef15dde4d99c16acc8",
|
|
},
|
|
tbs: RpkixTbsCertificatePretty {
|
|
version: 2,
|
|
serial_number: "a1c7752ff8b1d2e020",
|
|
signature_algorithm: "1.2.840.113549.1.1.11",
|
|
issuer_dn: "CN=caa805dbac364749b9b115590ab6ef0f970cdbd8",
|
|
subject_dn: "CN=Simple Root CA",
|
|
validity_not_before: 2024-02-27 18:29:33.0 +00:00:00,
|
|
validity_not_after: 2025-02-26 18:29:33.0 +00:00:00,
|
|
subject_public_key_info: BytesFmt {
|
|
len: 294,
|
|
sha256_hex: "41d231fef9d454db0f2f58a15ff240bc0b69d34322f62b7bf6b0c4513b09ab9b",
|
|
head_hex: "30820122300d06092a864886f70d0101",
|
|
tail_hex: "ef83c82509e72800e232950203010001",
|
|
},
|
|
extensions: RcExtensionsPretty {
|
|
basic_constraints_ca: false,
|
|
subject_key_identifier: Some(
|
|
BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "119e4badaaadbae00903ec44813b1b21010895b4c2abd8101045b4dad605cc59",
|
|
head_hex: "e66f347f0630b3fdc58850fb26242302",
|
|
tail_hex: "0630b3fdc58850fb26242302a6754584",
|
|
},
|
|
),
|
|
subject_info_access: Some(
|
|
Ee(
|
|
SubjectInfoAccessEe {
|
|
signed_object_uris: [
|
|
Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"chloe.sobornost.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/rpki/RIPE-nljobsnijders/5m80fwYws_3FiFD7JiQjAqZ1RYQ.asa",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
],
|
|
access_descriptions: [
|
|
AccessDescription {
|
|
access_method_oid: "1.3.6.1.5.5.7.48.11",
|
|
access_location: Url {
|
|
scheme: "rsync",
|
|
cannot_be_a_base: false,
|
|
username: "",
|
|
password: None,
|
|
host: Some(
|
|
Domain(
|
|
"chloe.sobornost.net",
|
|
),
|
|
),
|
|
port: None,
|
|
path: "/rpki/RIPE-nljobsnijders/5m80fwYws_3FiFD7JiQjAqZ1RYQ.asa",
|
|
query: None,
|
|
fragment: None,
|
|
},
|
|
},
|
|
],
|
|
},
|
|
),
|
|
),
|
|
certificate_policies_oid: Some(
|
|
"1.3.6.1.5.5.7.14.2",
|
|
),
|
|
ip_resources: None,
|
|
as_resources: Some(
|
|
AsResourceSet {
|
|
asnum: Some(
|
|
AsIdsOrRanges(
|
|
[
|
|
Id(
|
|
15562,
|
|
),
|
|
],
|
|
),
|
|
),
|
|
rdi: None,
|
|
},
|
|
),
|
|
},
|
|
},
|
|
kind: Ee,
|
|
},
|
|
},
|
|
],
|
|
crls_present: false,
|
|
signer_infos: [
|
|
SignerInfoProfiledPretty {
|
|
version: 3,
|
|
sid_ski: BytesFmt {
|
|
len: 20,
|
|
sha256_hex: "119e4badaaadbae00903ec44813b1b21010895b4c2abd8101045b4dad605cc59",
|
|
head_hex: "e66f347f0630b3fdc58850fb26242302",
|
|
tail_hex: "0630b3fdc58850fb26242302a6754584",
|
|
},
|
|
digest_algorithm: "2.16.840.1.101.3.4.2.1",
|
|
signature_algorithm: "1.2.840.113549.1.1.1",
|
|
signed_attrs: SignedAttrsProfiledPretty {
|
|
content_type: "1.2.840.113549.1.9.16.1.49",
|
|
message_digest: BytesFmt {
|
|
len: 32,
|
|
sha256_hex: "46e0432723923fd54633c955d39d878838c66bc4761f3b95a77716b7c3dc3b43",
|
|
head_hex: "09717bc10130fb72145ba018fb2a0863",
|
|
tail_hex: "7feb9a8aec9bcdd01c14f0b3057c1e60",
|
|
},
|
|
signing_time: Asn1TimeUtc {
|
|
utc: 0024-02-27 18:32:14.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
other_attrs_present: false,
|
|
},
|
|
unsigned_attrs_present: false,
|
|
signature: BytesFmt {
|
|
len: 256,
|
|
sha256_hex: "5e3a0a536409c3c6d599e62708ffe470b56e4e7827b955d762cd5f55a8fe3773",
|
|
head_hex: "da60fe85134dd603b8c4fd379de09be4",
|
|
tail_hex: "6bbee5fae5e7df0f80f2f634ec0a12b9",
|
|
},
|
|
signed_attrs_der_for_signature: BytesFmt {
|
|
len: 109,
|
|
sha256_hex: "b154bead7ee659350da153af8a9330daaffa26d8e5bf85616969eee4548b7c07",
|
|
head_hex: "316b301a06092a864886f70d01090331",
|
|
tail_hex: "7feb9a8aec9bcdd01c14f0b3057c1e60",
|
|
},
|
|
},
|
|
],
|
|
},
|
|
},
|
|
econtent_type: "1.2.840.113549.1.9.16.1.49",
|
|
aspa: AspaEContent {
|
|
version: 1,
|
|
customer_as_id: 15562,
|
|
provider_as_ids: [
|
|
2914,
|
|
8283,
|
|
51088,
|
|
206238,
|
|
],
|
|
},
|
|
}
|
|
ASPA.validate_embedded_ee_cert=Ok(())
|
|
ASPA.verify_signature=Ok(())
|
|
|
|
== CRL ==
|
|
Fixture (CRL): tests/fixtures/0099DEAB073EFD74C250C0A382B25012B5082AEE.crl
|
|
RpkixCrlPretty {
|
|
raw_der: BytesFmt {
|
|
len: 1268,
|
|
sha256_hex: "7e6bce212905017ff822dbad8b0682fd15778cbd7ab2df592e21dce6587f212d",
|
|
head_hex: "308204f0308203d8020101300d06092a",
|
|
tail_hex: "ec33843ab859b55897fe3e1d586ab9f6",
|
|
},
|
|
version: 2,
|
|
issuer_dn: "CN=1ff4e25c458e44e252922dcf512a568dfe098242d00cb65a3d",
|
|
signature_algorithm_oid: "1.2.840.113549.1.1.11",
|
|
this_update: Asn1TimeUtc {
|
|
utc: 2026-01-20 8:38:53.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
next_update: Asn1TimeUtc {
|
|
utc: 2026-01-21 12:37:53.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
revoked_certs: [
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
80,
|
|
141,
|
|
12,
|
|
8,
|
|
200,
|
|
158,
|
|
120,
|
|
207,
|
|
172,
|
|
211,
|
|
89,
|
|
82,
|
|
190,
|
|
160,
|
|
2,
|
|
96,
|
|
58,
|
|
73,
|
|
49,
|
|
136,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-03-26 13:42:35.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
80,
|
|
200,
|
|
32,
|
|
102,
|
|
45,
|
|
36,
|
|
118,
|
|
206,
|
|
1,
|
|
240,
|
|
13,
|
|
40,
|
|
42,
|
|
6,
|
|
180,
|
|
53,
|
|
134,
|
|
18,
|
|
47,
|
|
31,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-03-26 14:16:01.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
71,
|
|
229,
|
|
178,
|
|
104,
|
|
136,
|
|
56,
|
|
4,
|
|
232,
|
|
168,
|
|
225,
|
|
186,
|
|
226,
|
|
222,
|
|
140,
|
|
80,
|
|
238,
|
|
182,
|
|
26,
|
|
98,
|
|
61,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-03-26 14:16:06.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
64,
|
|
203,
|
|
154,
|
|
92,
|
|
252,
|
|
142,
|
|
4,
|
|
77,
|
|
249,
|
|
222,
|
|
75,
|
|
50,
|
|
115,
|
|
48,
|
|
130,
|
|
54,
|
|
57,
|
|
226,
|
|
174,
|
|
87,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-07-16 14:44:21.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
62,
|
|
249,
|
|
5,
|
|
217,
|
|
14,
|
|
1,
|
|
247,
|
|
97,
|
|
137,
|
|
188,
|
|
229,
|
|
51,
|
|
139,
|
|
173,
|
|
9,
|
|
37,
|
|
79,
|
|
179,
|
|
52,
|
|
188,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-07-16 14:44:35.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
106,
|
|
203,
|
|
133,
|
|
28,
|
|
192,
|
|
203,
|
|
94,
|
|
214,
|
|
91,
|
|
186,
|
|
65,
|
|
18,
|
|
198,
|
|
193,
|
|
39,
|
|
46,
|
|
226,
|
|
27,
|
|
203,
|
|
194,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-07-25 20:56:26.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
21,
|
|
223,
|
|
167,
|
|
184,
|
|
169,
|
|
119,
|
|
221,
|
|
127,
|
|
28,
|
|
109,
|
|
181,
|
|
183,
|
|
7,
|
|
44,
|
|
84,
|
|
140,
|
|
231,
|
|
241,
|
|
218,
|
|
230,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-07-25 20:57:12.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
67,
|
|
67,
|
|
225,
|
|
125,
|
|
132,
|
|
135,
|
|
232,
|
|
95,
|
|
80,
|
|
135,
|
|
198,
|
|
175,
|
|
104,
|
|
204,
|
|
168,
|
|
17,
|
|
255,
|
|
47,
|
|
66,
|
|
198,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-10-27 22:01:09.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
88,
|
|
117,
|
|
33,
|
|
14,
|
|
109,
|
|
87,
|
|
84,
|
|
81,
|
|
37,
|
|
239,
|
|
173,
|
|
220,
|
|
17,
|
|
32,
|
|
227,
|
|
22,
|
|
162,
|
|
216,
|
|
229,
|
|
136,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-10-27 22:01:52.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
103,
|
|
10,
|
|
76,
|
|
113,
|
|
36,
|
|
73,
|
|
81,
|
|
55,
|
|
85,
|
|
136,
|
|
74,
|
|
176,
|
|
199,
|
|
71,
|
|
58,
|
|
111,
|
|
228,
|
|
59,
|
|
136,
|
|
57,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-10-27 22:03:20.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
96,
|
|
114,
|
|
104,
|
|
199,
|
|
25,
|
|
77,
|
|
127,
|
|
32,
|
|
58,
|
|
154,
|
|
64,
|
|
181,
|
|
205,
|
|
213,
|
|
224,
|
|
63,
|
|
159,
|
|
154,
|
|
226,
|
|
154,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-10-27 22:03:50.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
72,
|
|
12,
|
|
133,
|
|
176,
|
|
88,
|
|
31,
|
|
138,
|
|
110,
|
|
203,
|
|
131,
|
|
105,
|
|
25,
|
|
146,
|
|
4,
|
|
199,
|
|
243,
|
|
213,
|
|
188,
|
|
18,
|
|
96,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:32:39.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
88,
|
|
79,
|
|
129,
|
|
91,
|
|
189,
|
|
224,
|
|
208,
|
|
51,
|
|
26,
|
|
201,
|
|
144,
|
|
149,
|
|
233,
|
|
240,
|
|
175,
|
|
36,
|
|
217,
|
|
229,
|
|
208,
|
|
243,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:32:51.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
47,
|
|
116,
|
|
39,
|
|
178,
|
|
45,
|
|
63,
|
|
39,
|
|
13,
|
|
193,
|
|
57,
|
|
219,
|
|
218,
|
|
236,
|
|
80,
|
|
4,
|
|
199,
|
|
23,
|
|
102,
|
|
37,
|
|
76,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:33:24.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
68,
|
|
102,
|
|
5,
|
|
114,
|
|
199,
|
|
124,
|
|
164,
|
|
124,
|
|
102,
|
|
217,
|
|
164,
|
|
9,
|
|
80,
|
|
238,
|
|
93,
|
|
236,
|
|
111,
|
|
95,
|
|
43,
|
|
115,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:33:33.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
100,
|
|
23,
|
|
3,
|
|
159,
|
|
107,
|
|
38,
|
|
85,
|
|
160,
|
|
213,
|
|
145,
|
|
71,
|
|
134,
|
|
142,
|
|
242,
|
|
123,
|
|
105,
|
|
82,
|
|
34,
|
|
239,
|
|
88,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:33:40.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
50,
|
|
129,
|
|
114,
|
|
56,
|
|
185,
|
|
208,
|
|
125,
|
|
58,
|
|
255,
|
|
28,
|
|
222,
|
|
180,
|
|
0,
|
|
51,
|
|
195,
|
|
231,
|
|
143,
|
|
255,
|
|
154,
|
|
7,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:33:45.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
3,
|
|
72,
|
|
166,
|
|
47,
|
|
154,
|
|
154,
|
|
12,
|
|
191,
|
|
28,
|
|
64,
|
|
100,
|
|
226,
|
|
84,
|
|
254,
|
|
122,
|
|
183,
|
|
213,
|
|
17,
|
|
51,
|
|
195,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:33:50.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
26,
|
|
246,
|
|
135,
|
|
239,
|
|
123,
|
|
222,
|
|
166,
|
|
142,
|
|
108,
|
|
229,
|
|
149,
|
|
197,
|
|
155,
|
|
250,
|
|
87,
|
|
219,
|
|
178,
|
|
149,
|
|
55,
|
|
7,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:33:55.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
2,
|
|
193,
|
|
248,
|
|
98,
|
|
75,
|
|
79,
|
|
79,
|
|
76,
|
|
91,
|
|
251,
|
|
121,
|
|
177,
|
|
170,
|
|
235,
|
|
105,
|
|
193,
|
|
4,
|
|
246,
|
|
92,
|
|
45,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:34:01.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
RevokedCert {
|
|
serial_number: BigUnsigned {
|
|
bytes_be: [
|
|
30,
|
|
155,
|
|
127,
|
|
84,
|
|
144,
|
|
98,
|
|
146,
|
|
120,
|
|
128,
|
|
226,
|
|
37,
|
|
85,
|
|
116,
|
|
125,
|
|
53,
|
|
28,
|
|
219,
|
|
217,
|
|
174,
|
|
145,
|
|
],
|
|
},
|
|
revocation_date: Asn1TimeUtc {
|
|
utc: 2025-11-12 21:34:07.0 +00:00:00,
|
|
encoding: UtcTime,
|
|
},
|
|
},
|
|
],
|
|
extensions: CrlExtensions {
|
|
authority_key_identifier: [
|
|
0,
|
|
153,
|
|
222,
|
|
171,
|
|
7,
|
|
62,
|
|
253,
|
|
116,
|
|
194,
|
|
80,
|
|
192,
|
|
163,
|
|
130,
|
|
178,
|
|
80,
|
|
18,
|
|
181,
|
|
8,
|
|
42,
|
|
238,
|
|
],
|
|
crl_number: BigUnsigned {
|
|
bytes_be: [
|
|
7,
|
|
54,
|
|
],
|
|
},
|
|
},
|
|
}
|
|
test print_all_models_from_real_fixtures ... ok
|
|
|
|
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.03s
|
|
|