New invocation mode: Decode and print RPKI file in standard output
Closed this issue · 1 comments
ydahhrk commented
Orders from above. Something like
$ fort --mode=print cache/a.b/rpp1/achoo.roa
{
"ContentType": "signedData",
"SignedData": {
"version": 3,
"digestAlgorithms": [
{
"algorithm": "sha256"
}
],
"encapContentInfo": {
"ContentType": "ROA",
"RouteOriginAttestation": {
"asId": 1234,
"ipAddrBlocks": [
{
"addressFamily": "IPv4",
"addresses": [
{
"prefix": "192.0.2.1",
"length": 24,
"maxLength": 26
}
]
},
{
"addressFamily": "IPv6",
"addresses": [
{
"prefix": "2001:db8::1",
"length": 29,
"maxLength": 48
}
]
}
]
}
},
"certificates": [
{
"tbsCertificate": {
"version": 2,
"serialNumber": "0123456",
"signature": "sha256WithRSAEncryption",
"issuer": {
"commonName": "aabbccddeeff"
},
"validity": {
"notBefore": "2024-01-01 00:00:00Z",
"notAfter": "2025-07-01 00:00:00Z"
},
"subject": {
"commonName": "001122334455"
},
"subjectPublicKeyInfo": {
"algorithm": "rsaEncryption",
"subjectPublicKey": "---BEGIN PUBLIC KEY---blah blah---END PUBLIC KEY---\n"
},
"issuerUniqueID": null,
"subjectUniqueID": null,
"extensions": {
"X509v3 Subject Key Identifier": {
"critical": false,
"value": "abcdef"
},
"X509v3 Authority Key Identifier": {
"critical": false,
"value": "56789"
},
"X509v3 Key Usage": {
"critical": true,
"value": "Digital Signature"
},
"Authority Information Access": {
"critical": false,
"value": "rsync://a.b.c/d/e.cer"
},
"Subject Information Access": {
"critical": false,
"value": "rsync://a.b.c/d/f.roa"
},
"X509v3 CRL Distribution Points": {
"critical": false,
"value": "rsync://a.b.c/d/g.crl"
},
"X509v3 Certificate Policies": {
"critical": true,
"value": "ipAddr-asNumber"
},
"sbgp-ipAddrBlock": {
"critical": true,
"value": "192.0.2.1/24"
}
}
},
"signatureAlgorithm": "sha256WithRSAEncryption",
"signatureValue": "blah blah blah"
}
],
"signerInfos": [
{
"version": 3,
"sid": "1234",
"digestAlgorithm": {
"algorithm": "sha256"
},
"signedAttrs": {
"Content-Type": [
"ROA"
],
"Signing-Time": [
"2024-01-01 00:00:00Z"
],
"Message-Digest": [
"aaabbbccc"
]
},
"signatureAlgorithm": {
"algorithm": "sha256WithRSAEncryption",
"parameters": "0500"
},
"signature": "blah blah blah"
}
]
}
}