On Fri, Feb 05, 2021 at 02:45:41PM +0100, Claudio Jeker wrote: > RPKI certificates have 3 possible Subject Information Access URI that we > may be interested in: > - 1.3.6.1.5.5.7.48.5 (caRepository) > - 1.3.6.1.5.5.7.48.10 (rpkiManifest) > - 1.3.6.1.5.5.7.48.13 (rpkiNotify) > > rpkiManifest points to the .mft file inside the caRepository. > Because of this caRepository is the base URI for all the files below > this certificate. rpkiNotify points to an RRDP endpoint where the XML > data also contains URI that again need to match the caRepository. If not > something strange is going on. > > Since the caRepository data is useful extract it from the cert and also > do a simple strstr() check to ensure that rpkiManifest starts with > caRepository. > > Currently the data is not used further than that but I want to add it to > the repository information as a next step.
ok tb
