A Profile for X.509 PKIX Resource Certificates
RFC 6487, “A Profile for X.509 PKIX Resource Certificates”, is a Proposed Standard document published in February 2012 by G. Huston, G. Michaelson, R. Loomans. It has since been updated by RFC 7318, RFC 8209, RFC 9829. The canonical text is published by the RFC Editor.
Abstract
This document defines a standard profile for X.509 certificates for the purpose of supporting validation of assertions of "right-of-use" of Internet Number Resources (INRs). The certificates issued under this profile are used to convey the issuer's authorization of the subject to be regarded as the current holder of a "right-of-use" of the INRs that are described in the certificate. This document contains the normative specification of Certificate and Certificate Revocation List (CRL) syntax in the Resource Public Key Infrastructure (RPKI). This document also specifies profiles for the format of certificate requests and specifies the Relying Party RPKI certificate path validation procedure. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 6487 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6486 Manifests for the Resource Public Key Infrastructure
- RFC 6488 Signed Object Template for the Resource Public Key Infrastructure
- RFC 6485 The Profile for Algorithms and Key Sizes for Use in the Resource Public Key Infrastructure
- RFC 6489 Certification Authority Key Rollover in the Resource Public Key Infrastructure
- RFC 6484 Certificate Policy for the Resource Public Key Infrastructure
- RFC 6490 Resource Public Key Infrastructure Trust Anchor Locator
- RFC 6483 Validation of Route Origination Using the Resource Certificate Public Key Infrastructure and Route Origin Authorizations
- RFC 6491 Resource Public Key Infrastructure Objects Issued by IANA