>I think Roque was saying that the first outcome would be the case, not
>the second:
You are correct and IMHO we do not need more documents.
The normative text is in RFC 6482 section 4:
-----------------------
4. ROA Validation
Before a relying party can use a ROA to validate a routing
announcement, the relying party MUST first validate the ROA. To
validate a ROA, the relying party MUST perform all the validation
checks specified in [RFC6488] as well as the following additional
ROA-specific validation step.
o The IP address delegation extension [RFC3779] is present in the
end-entity (EE) certificate (contained within the ROA), and each
IP address prefix(es) in the ROA is contained within the set of IP
addresses specified by the EE certificate's IP address delegation
extension.
‹‹‹‹‹‹‹‹‹‹‹
Informational text is in RFC6907, section 7.2:
7.2. ROA Expiry or Receipt of a CRL Revoking a ROA
Particularly, section 7.2.5 to 7.2.8 covers different expiration
circumstances.
‹‹‹‹‹‹‹‹‹‹‹
Regards,
Roque
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
