The content of an RSC indicates that a checklist for arbitrary digital objects has been signed "with resources".
An RSC is formally defined as:¶
RpkiSignedChecklist-2021
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs9(9) smime(16) mod(0) TBD }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
IMPORTS
CONTENT-TYPE, Digest, DigestAlgorithmIdentifier
FROM CryptographicMessageSyntax-2009 -- in [RFC5911]
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) }
ASIdOrRange, IPAddressOrRange
FROM IPAddrAndASCertExtn -- in [RFC3779]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0)
id-mod-ip-addr-and-as-ident(30) } ;
ct-rpkiSignedChecklist CONTENT-TYPE ::=
{ TYPE RpkiSignedChecklist IDENTIFIED BY
id-ct-signedChecklist }
id-ct-signedChecklist OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) id-smime(16) id-ct(1) 48 }
RpkiSignedChecklist ::= SEQUENCE {
version [0] INTEGER DEFAULT 0,
resources ResourceBlock,
digestAlgorithm DigestAlgorithmIdentifier,
checkList SEQUENCE SIZE (1..MAX) OF FileNameAndHash }
FileNameAndHash ::= SEQUENCE {
fileName IA5String OPTIONAL,
hash Digest }
ResourceBlock ::= SEQUENCE {
asID [0] AsList OPTIONAL,
ipAddrBlocks [1] IPList OPTIONAL }
-- at least one of asID or ipAddrBlocks MUST be present
( WITH COMPONENTS { ..., asID PRESENT} |
WITH COMPONENTS { ..., ipAddrBlocks PRESENT } )
AsList ::= SEQUENCE (SIZE(1..MAX)) OF ASIdOrRange
IPList ::= SEQUENCE (SIZE(1..MAX)) OF IPAddressFamilyItem
IPAddressFamilyItem ::= SEQUENCE { -- AFI & optional SAFI --
addressFamily OCTET STRING (SIZE (2..3)),
iPAddressOrRange IPAddressOrRange }
END
¶