]> IPinfo

oliver@ipinfo.io

IIJ Research & Arrcus

5147 Crystal Springs Bainbridge Island Washington 98110 United States of America randy@psg.com

NTT

Siriusdreef 70-72 Hoofddorp 2132 WT Netherlands massimo@ntt.net

Vigil Security, LLC

516 Dranesville Road Herndon VA 20170 USA housley@vigilsec.com

prefix allocation RPSL inetnum This document specifies how to augment the Routing Policy Specification Language (RPSL) inetnum: class to refer specifically to prefixlen files which are comma-separated values (CSV) files used to specify end-site prefix lengths. This document also describes an optional mechanism that uses the Resource Public Key Infrastructure (RPKI) to authenticate the prefixlen files.

Introduction Internet service providers (ISPs) delegate IP addresses or entire IP prefixes to their users. Similarly, cloud providers assign customers who use their services such as virtual machines a prefix of a specific size. Therefore, there are a multitude of variations of different end-site prefix length present in the Internet. Currently, there is no easy way for content providers to know the end-site prefix size of someone accessing their service. Knowing the correct end-site's prefix size has multiple implications such as:

• Blocklisting/throttling: In IPv4, IP addresses can be blocked using variable prefix lengths for different prefixes, such as /22 for prefix A, /27 for prefix B, or /32 to block a single IPv4 address. Due to the large address space in IPv6, blocking at, e.g., the /48 or /56 level could lead to overblocking (throwing multiple VMs from different users into the same bucket), while blocking at more fine-granular levels, e.g., /64, /96, or even /128 to block a single IPv6 address would lead to filling up space in the blocklist pretty quickly. The use of temporary addresses in IPv6 might lead to unwanted unblocking when addresses are blocked at a too fine-granular level (e.g., /128). All these issues apply to throttling as well.
• Rate limiting/CAPTCHAs: A similar issue arises on the Web, where neighboring prefixes might be thrown together (e.g., in the same /48 or /56, even though the ISP hands out /64s), which leads to people "jointly" running into rate limits and then either being blocked from a service or having to solve annoying CAPTCHAs.
• Geolocation: Getting the right prefix size for geolocation is similarly hard, especially for IPv6. If you aggregate too much, you throw together different clients in different locations, and if you aggregate too little, you fill up the geolocation database with unnecessary entries.

This document specifies how to augment the Routing Policy Specification Language (RPSL) inetnum: class to refer specifically to prefixlen files and how to use them. In all places inetnum: is used, inet6num: must also be assumed . The reader may find and informative, and certainly more verbose, descriptions of the inetnum: database classes. An optional means for authenticating prefixlen data is also defined in .

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

prefixlen Files prefixlen files are CSV (Comma Separated Values) files in text format with UTF-8 encoding , excluding problematic code points as described in . Lines MUST be delimited by a line break (CRLF), and blank lines MUST be ignored. Text from a '#' character to the end of the current line MUST be treated as a comment only and is similarly ignored. The first field of each non-ignored line specifies the prefix in question, the second field the end-site prefix length within that prefix as an integer, and the third field the number of end-sites within an end-site prefix length for networks using Carrier-Grade NAT (CGN) or proxies. In all places Carrier-Grade NAT or CGN is used in this document, this applies to proxies as well. Note that all three fields MUST be present. This means there MUST be exactly two commas in each non-commented line delimiting the three fields. The first field MUST NOT be empty on lines which are not comments, while the second and third field can be empty in certain scenarios. If both the second and third fields are empty, this means that the publisher does not want to disclose any prefix length information.

End-site prefix length without CGN or proxies If an ISP delegates /56 IPv6 prefixes of the 2001:db8::/32 range, and /32 IPv4 prefixes (i.e., a single IPv4 address) of the 192.0.2.0/24 range to its customers without the use of Carrier-Grade NAT (CGN) or proxy techniques, it would create a prefix length file containing the following example entries: Note the third field being set to '1', which signals the absence of CGN or proxies. This has the same meaning as the third field being left empty in this scenario.

End-site prefix length with CGN or proxies prefixlen files can also be used to signal the presence of Carrier-Grade NAT (CGN) or proxies in networks. This is especially useful for cases where multiple end-sites behind a CGN or proxy service accessing a service at the same time might run into rate limiting issues by service providers. In case a prefixlen file signals the presence of a CGN, service providers can treat these prefixes in a way that rate limits are adjusted. To signal the presence of a CGN, the number of CGN end-sites are specified in the third field. For example, a CGN prefix 192.0.2.0/24 containing 4000 CGN end sites would be specified as follows: Note the second field in the above example set to '24', signaling that the 4000 CGN end-sites are present in the complete 192.0.2.0/24 prefix. If on the other hand these 4000 CGN end-sites are distributed 1000 each in the four /26 sub-prefixes within 192.0.2.0/24, this is specified as follows: It is important to note that the third field denoting the number of CGN end-sites is referring to the prefix length specified in the second field. Note that this specification can be applied to IPv6 networks as well.

Longest prefix matching Prefix length files can contain sub-prefixes entries of a parent prefix, which needs to be taken into account when processing these files. For example, if a cloud provider assigns /120 IPv6 prefixes to each customer VM and a /64 prefix to premium customers, it would create a prefix length file containing the following example entries: Note that the second entry in the above example is a subprefix of the first entry. Therefore, longest prefix matching has to be performed when parsing prefixlen files.

Not specifying any end-site prefix length If an ISP delegates /32 IPv4 prefixes (i.e., a single IPv4 address) of the 192.0.2.0/24 range to its customers without the use of Carrier-Grade NAT (CGN), and it has a special sub-prefix 192.0.2.0/28 where this policy does not apply, it can signal so with the following prefix length file: If both the second and third fields are empty, this means that the publisher does not want to disclose any prefix length information. Any prefix length information from covering prefixes (192.0.2.0/24 in our example) MUST be discarded for sub-prefixes specified in prefixlen files (192.0.2.0/28 in our example).

Processing prefixlen files Multiple entries with exactly the same prefix MUST be considered an error, and consumer implementations SHOULD log the repeated entries for further administrative review. Publishers MUST take measures to ensure there is one and only one entry per prefix. Upon encountering an erroneous entry in a prefixlen file, consumer implementations SHOULD skip that entry, log the error, and continue processing the remaining entries. Content providers and other parties who wish to differentiate services based on end site prefixes need to find the relevant prefixlen data. In , this document specifies how to find the relevant prefixlen file given an IP address. prefixlen data for large providers administrating a large number of networks and end-sites can contain millions of entries. The size of a file can be even larger if an unsigned prefixlen file combines data for many prefixes, if dual IPv4/IPv6 spaces are represented, etc. This document also suggests an optional signature to strongly authenticate the data in the prefixlen files. The same approach to signatures is used in this document that was used in .

inetnum: Class The original RPSL specifications (, , and a trail of subsequent documents) were written by the RIPE community. The IETF standardized RPSL in and . Since then, it has been modified and extensively enhanced in the Regional Internet Registry (RIR) community, mostly by RIPE . At the time of publishing this document, change control of RPSL effectively lies in the operator community. The RPSL, and and used by the Regional Internet Registries (RIRs), specify the inetnum: database class. Each of these objects describes an IP address range and its attributes. The inetnum: objects form a hierarchy ordered on the address space. Ideally, RPSL would be augmented to define a new RPSL prefixlen: attribute in the inetnum: class. Absent implementation of the prefixlen: attribute in a particular RIR database, this document defines the syntax of a prefixlen remarks: attribute, which contains an HTTPS URL of a prefixlen file. The format of the inetnum: prefixlen remarks: attribute MUST be as in this example, "remarks: Prefixlen ", where the token "Prefixlen" MUST be case-sensitive, followed by a URL that will vary, but it MUST refer only to a single prefixlen file. While we leave global agreement of RPSL modification to the relevant parties, we specify that a proper prefixlen: attribute in the inetnum: class MUST be "prefixlen:" and MUST be followed by a single URL that will vary, but it MUST refer only to a single prefixlen file. The URL uses HTTPS, so the WebPKI provides authentication, integrity, and confidentiality for the fetched prefixlen file. However, the WebPKI cannot provide authentication of IP address space assignment. In contrast, the RPKI (see ) can be used to authenticate IP space assignment; see optional authentication in . Until all producers of inetnum: objects, i.e., the RIRs, state that they have migrated to supporting the prefixlen: attribute, consumers looking at inetnum: objects to find prefixlen URLs MUST be able to consume the remarks: and prefixlen: forms. The migration not only implies that the RIRs support the prefixlen: attribute, but that all registrants have migrated any inetnum: objects from remarks: to prefixlen:. Any particular inetnum: object SHOULD have, at most, one prefixlen reference, whether a remarks: or prefixlen: attribute when it is implemented. As the remarks: form cannot be formally checked by the RIR, this cannot be formally enforced. A prefixlen: attribute is preferred, of course, if the RIR supports it. If there is more than one type of attribute in the inetnum: object, the prefixlen: attribute MUST be prioritized over the remarks: attribute. For inetnum: instances covering the same address range, a signed prefixlen file MUST be preferred over an unsigned file. If none are signed, or more than one is signed, the (signed) inetnum: with the most recent last-modified: attribute MUST be preferred. If a prefixlen file describes multiple disjoint ranges of IP address space, there are likely to be prefixlen references from multiple inetnum: objects. Files with prefixlen references from multiple inetnum: objects are not compatible with the signing procedure in . An unsigned, and only an unsigned, prefixlen file MAY be referenced by multiple inetnum: instances and MAY contain prefixes from more than one registry. When fetching, the most specific inetnum: object with a prefixlen reference MUST be used. It is significant that prefixlen data may have finer granularity than the inetnum: that refers to them. For example, an inetnum: object for an address range P could refer to a prefixlen file in which P has been subdivided into one or more longer prefixes. Backward compatibility issues regarding the implementation of new RPSL attributes are covered by Section 10.2 of .

Fetching prefixlen Data This document provides a guideline for how interested parties should fetch and read prefixlen files. To minimize the load on RIRs' WHOIS services, the RIR's bulk download services SHOULD be used for large-scale access to gather inetnum: instances with prefixlen references. This uses efficient bulk access instead of fetching via brute-force search through the IP space. When using bulk download services they MUST be accessed using HTTPS , FTP MUST NOT be used. On the other hand, RIRs are converging on RDAP support which includes geofeed data, see . It is hoped that this will be extended, or generalized, to support prefixlen data. When reading data from an unsigned prefixlen file, one MUST ignore data outside the referring inetnum: object's address range. This is to avoid importing data about ranges not under the control of the operator. Note that signed files MUST only contain prefixes within the referring inetnum:'s range as mandated in . If prefixlen files are fetched, other prefix length information from the inetnum: MUST be ignored. Given an address range of interest, the most specific inetnum: object with a prefixlen reference MUST be used to fetch the prefixlen file. For example, if the fetching party finds the following inetnum: objects: An application looking for prefixlen data for 192.0.2.0/29, MUST ignore data in prefixlen_1 because 192.0.2.0/29 is within the more specific 192.0.2.0/26 inetnum: covering that address range and that inetnum: does have a prefixlen reference.

Authenticating prefixlen Data (Optional) The question arises whether a particular prefixlen data set is valid, i.e., is authorized by the "owner" of the IP address space and is authoritative in some sense. The inetnum: that points to the prefixlen file provides some assurance. Unfortunately, the RPSL in some repositories is weakly authenticated at best. An approach where RPSL was signed per would be good, except it would have to be deployed by all RPSL registries, and there is a fair number of them. The remainder of this section specifies an optional authenticator for the prefixlen data set that follows the Signed Object Template for the Resource Public Key Infrastructure (RPKI) . A single optional authenticator MAY be appended to a prefixlen file. It is a digest of the main body of the file signed by the private key of the relevant RPKI certificate for a covering address range. The following format bundles the relevant RPKI certificate with a signature over the prefixlen text. The canonicalization procedure converts the data from their internal character representation to the UTF-8 character encoding, and the <CRLF> sequence MUST be used to denote the end of each line of text. A blank line is represented solely by the <CRLF> sequence. For robustness, any non-printable characters MUST NOT be changed by canonicalization. Trailing blank lines MUST NOT appear at the end of the file. That is, the file must not end with multiple consecutive <CRLF> sequences. Any end-of-file marker used by an operating system is not considered to be part of the file content. When present, such end-of-file markers MUST NOT be covered by the digital signature. If the authenticator is not in the canonical form described above, then, the authenticator is invalid, which means that it is treated in the same manner as an unauthenticated prefixlen data. Borrowing detached signatures from , after file canonicalization, the Cryptographic Message Syntax (CMS) is used to create a detached DER-encoded signature that is then Base64 encoded with padding (as defined in Section 4 of ) and line wrapped to 72 or fewer characters. The same digest algorithm MUST be used for calculating the message digest of the content being signed, which is the prefixlen file, and for calculating the message digest on the SignerInfo SignedAttributes . The message digest algorithm identifier MUST appear in both the CMS SignedData DigestAlgorithmIdentifiers and the SignerInfo DigestAlgorithmIdentifier . The RPKI certificate covering the prefixlen inetnum: object's address range is included in the CMS SignedData certificates field . The address range of the signing certificate MUST cover all prefixes in the signed prefixlen file. If not, the authenticator is invalid. The signing certificate MUST NOT include the Autonomous System Identifier Delegation certificate extension . If it is present, the authenticator is invalid. As with many other RPKI signed objects, the IP Address Delegation certificate extension MUST NOT use the "inherit" capability defined in Section 2.2.3.5 of . If "inherit" is used, the authenticator is invalid. An IP Address Delegation extension using "inherit" would complicate processing. The implementation would have to build the certification path from the end-entity to the trust anchor, then validate the path from the trust anchor to the end-entity, and then the parameter would have to be remembered when the validated public key was used to validate a signature on a CMS object. Having to remember things from certification path validation for use with CMS object processing would be quite complex and error-prone. And, the certificates do not get that much bigger by repeating the information. An address range A "covers" address range B if the range of B is identical to or a subset of A. "Address range" is used here because inetnum: objects and RPKI certificates need not align on Classless Inter-Domain Routing (CIDR) prefix boundaries, while those of the lines in a prefixlen file do align. The Certification Authority (CA) MUST generate a new End Entity (EE) certificate for each signing of a particular prefixlen file. The private key associated with the EE certificate SHOULD sign only one prefixlen file. That is, a new key pair SHOULD be generated for each new version of a particular prefixlen file. When the EE certificate is used in this fashion, it is termed a "one-time-use" EE certificate (see Section 3 of ). On the other hand, verifying the signature has no similar complexity; the certificate, which is validated in the RPKI, contains the needed public key. The RPKI trust anchors for the RIRs are available to the party performing signature validation. Validation of the CMS signature over the prefixlen file involves:

1. Obtaining the signer's certificate from the CMS SignedData CertificateSet . The certificate SubjectKeyIdentifier extension MUST match the SubjectKeyIdentifier in the CMS SignerInfo SignerIdentifier . If the key identifiers do not match, then validation MUST fail.
2. Validating the signer's certificate MUST ensure that it is part of the current manifest and that all resources are covered by the RPKI certificate.
3. Construct and validate the certification path for the signer's certificate. All of the needed certificates are expected to be readily available in the RPKI repository. The certification path MUST be valid according to the validation algorithm in and the additional checks specified in associated with the IP Address Delegation certificate extension. If certification path validation is unsuccessful, then validation MUST fail.
4. Validating the CMS SignedData as specified in using the public key from the validated signer's certificate. If the signature validation is unsuccessful, then validation MUST fail.
5. Confirming that the eContentType object identifier (OID) is id-ct-prefixlenCSVwithCRLF (1.2.840.113549.1.9.16.1.TBD). This OID MUST appear within both the eContentType in the encapContentInfo object and the ContentType signed attribute in the signerInfo object (see ).
6. Verifying that the IP Address Delegation certificate extension covers all of the address ranges of the prefixlen file. If all of the address ranges are not covered, then validation MUST fail.

All of the above steps MUST be successful to consider the prefixlen file signature as valid. The authenticator MUST be hidden as a series of "#" comments at the end of the prefixlen file. The following simple example is cryptographically incorrect: A correct and full example is in Appendix A. The CMS signature does not cover the signature lines. The bracketing "# RPKI Signature:" and "# End Signature:" MUST be present as shown in the example. The RPKI Signature's IP address range MUST match that of the prefixlen URL in the inetnum: that points to the prefixlen file.

Operational Considerations To create the needed inetnum: objects, an operator wishing to register the location of their prefixlen file needs to coordinate with their Regional Internet Registry (RIR) or National Internet Registry (NIR) and/or any provider Local Internet Registry (LIR) that has assigned address ranges to them. RIRs/NIRs provide means for assignees to create and maintain inetnum: objects. They also provide means of assigning or sub-assigning IP address resources and allowing the assignee to create WHOIS data, including inetnum: objects, thereby referring to prefixlen files. The prefixlen files MUST be published via and fetched using HTTPS . When using data from a prefixlen file, one MUST ignore data outside the referring inetnum: object's inetnum: attribute address range. If and only if the prefixlen file is not signed per , then multiple inetnum: objects MAY refer to the same prefixlen file, and the consumer MUST use only lines in the prefixlen file where the prefix is covered by the address range of the inetnum: object's URL it has followed. If the prefixlen file is signed, and the signer's certificate is replaced with another certificate, then the signature in the prefixlen file MUST be updated so that it can be properly validated with the new certificate. It is good key hygiene to use a given key for only one purpose. To dedicate a signing private key for signing a prefixlen file, an RPKI Certification Authority (CA) may issue a subordinate certificate exclusively for the purpose shown in . Harvesting and publishing aggregated prefixlen data outside of the RPSL model SHOULD be avoided as it can have the effect that more specifics from one aggregatee could undesirably affect the less specifics of a different aggregatee. Moreover, publishing aggregated prefixlen data prevents the reader of the data to perform the checks described in and . An anonymized version of bulk WHOIS data is openly available for all RIRs except ARIN, which requires an authorization. However, for users without such authorization, the same result can be achieved with extra RDAP effort. There is open-source code to pass over such data across all RIRs, collect all prefixlen references, and process them . To prevent undue load on RPSL and prefixlen servers, entity-fetching prefixlen data using these mechanisms MUST NOT do frequent real-time lookups. prefixlen servers SHOULD send an HTTP Expires header to signal when prefixlen data should be refetched. If an HTTP Expires or Cache-Control header is present, it MUST be honored by clients. As the data change very infrequently, in the absence of such an HTTP header signal, collectors SHOULD NOT fetch more frequently than weekly. It would be polite not to fetch at magic times such as midnight UTC, the first of the month, etc., because too many others are likely to do the same.

Implementation Status In November 2025, the prefixlen: attribute in inetnum objects has been implemented by the RIPE NCC database. Registrants in databases which do not yet support the prefixlen: attribute are using the remarks:, or equivalent, attribute. At the time of publishing this document, the registry data published by ARIN are not the same RPSL as that of the other registries (see for a survey of the WHOIS Tower of Babel); therefore, when fetching via bulk WHOIS over HTTPS , WHOIS , the Registration Data Access Protocol (RDAP) , etc., the "NetRange" or "ip network" attribute/key must be treated as "inetnum", and the "Comment" attribute must be treated as "remarks". can be used to authenticate a signed prefixlen file.

Security Considerations The consumer of prefixlen data SHOULD fetch and process the data themselves. Importing datasets produced and/or processed by a third party places significant trust in the third party. As mentioned in , some RPSL repositories have weak, if any, authentication. This allows spoofing of inetnum: objects pointing to malicious prefixlen files. suggests an unfortunately complex method for stronger authentication based on the RPKI. For example, if an inetnum: for a wide address range (e.g., a /16) points to an RPKI-signed prefixlen file, a customer or attacker could publish an unsigned equal or narrower (e.g., a /24) inetnum: in a WHOIS registry that has weak authorization, abusing the rule that the most-specific inetnum: object with a prefixlen reference MUST be used. If signatures were mandatory, the above attack would be stymied, but of course that is not happening anytime soon. The RPSL providers have had to throttle fetching from their servers due to too-frequent queries. Usually, they throttle by the querying IP address or block. Similar defenses will likely need to be deployed by prefixlen file servers. As prefixlen files disclose which parts of a prefix belong to an end site, attackers could better focus DDoS traffic towards a website hosted by a cloud provider by overwhelming only IP addresses from that specific end site. Furthermore, information collected from prefixlen files could allow for more targeted IPv6 scanning/reconnaissance, where scanners (be it benevolent or malicious ones) can target specific sub-prefixes which they deem more interesting. It is possible for publishers of prefixlen data to specify incorrect prefixlen data about their prefixes. This could either be done by mistake or on purpose. One example could be a malicious network operator trying to overflow the storage of databases that consume prefixlen data by setting a very specific prefix size (e.g., /128 for large blocks of IPv6 address space). In another example a network operator might annotate their prefixes as using CGN to go around legitimate blocking or throttling. A third example would be a malicious provider publishing fake small allocations, so on receipt of complaints, they could plausibly respond by saying that they stopped the actions of a bad customer and move their malicious activities to a different prefix. As a fourth example, network operators could overwhelm consumers by publishing prefixlen files containing millions or even billions of entries (e.g., enumerating all possible /96 subprefixes of a /32 IPv6 prefix). Therefore, care should be taken when processing prefixlen data, as with any external third-party data.

IANA Considerations IANA is asked to register an object identifier for one ASN.1 Module in the "SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry as follows:

The SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0) registry is located at: https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-0. On publication of this document, the [RFC-TBD] reference needs to be changed to the RFC number assigned to this document. IANA is asked to register an object identifiers for one content type in the "SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)" registry as follows:

The SMI Security for S/MIME Content Type Identifier (1.2.840.113549.1.9.16.1) registry is located at: https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#security-smime-1. On publication of this document, the [RFC-TBD] reference needs to be changed to the RFC number assigned to this document.

Thanks to the authors of and and the folk they acknowledge from whom ideas and text have been liberally expropriated. Thanks to John R. Levine for providing useful feedback on the draft.

&RFC2119; &RFC2622; &RFC2725; &RFC3629; &RFC3779; &RFC4012; &RFC4648; &RFC5280; &RFC5652; &RFC8174; &RFC6268; &RFC6481; &RFC6487; &RFC6488; &RFC8933; &RFC9110; &RFC9286; &RFC9839; ITU-T &RFC0959; &RFC3912; &RFC4632; &RFC5485; &RFC6598; &RFC7485; &RFC7909; &RFC8805; &RFC8981; &RFC9083; &RFC9111; &RFC9632; &RFC9877; RIPE NCC RIPE NCC RIPE NCC RIPE NCC RIPE NCC

This appendix provides an ASN.1 Module for the CMS content type used for the prefixlen file. CONTENT-TYPE is imported from the ASN.1 Module in . PrefixLengthsModule-2025 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) mod(0) TBD0 } DEFINITIONS IMPLICIT TAGS ::= BEGIN -- EXPORTS ALL -- IMPORTS CONTENT-TYPE FROM CryptographicMessageSyntax-2010 -- in [RFC6268] { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } ; ContentSet CONTENT-TYPE ::= { ct-prefixlenCSVwithCRLF, ... } ct-prefixlenCSVwithCRLF CONTENT-TYPE ::= { TYPE UTF8String IDENTIFIED BY id-ct-prefixlenCSVwithCRLF } id-ct-prefixlenCSVwithCRLF OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) TBD1 } END ]]>

This appendix provides an example, including a trust anchor, a Certificate Revocation List (CRL) signed by the trust anchor, a CA certificate subordinate to the trust anchor, a CRL signed by the CA, an end-entity certificate subordinate to the CA for signing the prefixlen, and a detached signature. The trust anchor is represented by a self-signed certificate. As usual in the RPKI, the trust anchor has authority over all IPv4 address blocks, all IPv6 address blocks, and all Autonomous System (AS) numbers.

The CRL issued by the trust anchor.

The CA certificate is issued by the trust anchor. This certificate grants authority over one IPv4 address block (192.0.2.0/24) and two AS numbers (64496 and 64497).

The CRL issued by the CA.

The end-entity certificate is issued by the CA. This certificate grants signature authority for one IPv4 address block (192.0.2.0/24). Signature authority for AS numbers is not needed for prefixlen data signatures, so no AS numbers are included in the end-entity certificate.

The end-entity certificate is displayed below in detail. For brevity, the other two certificates are not.

To allow reproduction of the signature results, the end-entity private key is provided. For brevity, the other two private keys are not.

Signing of "192.0.2.0/24,US,WA,Seattle," (terminated by CR and LF), yields the following detached CMS signature.