Module rpki::csr

Certificate Signing Requests (CSR) for RPKI.

Certificate Signing Requests, also called Certification Requests, for the RPKI use the PKCS#10 Certification Requests defined in RFC2986, while limiting the allowed extensions in section 6 of RFC6487.

They are used in the exchange defined in section 3.4.1 of RFC6492 where a child Certificate Authority requests a new certificate to be signed by its parent CA.

The CSR includes:

• a suggested subject
• the public key
• extensions:
  • basic constraints
  • key usage
  • extended key usage
  • subject information access
• a signature (to prove possession of the public key)

Structs

Csr	An RPKI Certificate Sign Request.