ties
commented
1 week ago Good to split this out!
This also made me think about how we envision development/deployment of this rpki support. In my mind it would be separate from the ca system because you want as few features as possible in the secure system.
[Yes a lot for addon features are currently in the ncc ca system but historically it was a goal to refactor this]
I do not think the name/etc is data that is visible outside a ca system? While if you have it, exposing it is great
Beside by handle, allow lookup by IP address or CIDR for ROA and by ASN for ASPA because a registry might not have handles for RPKI objects (see Ties' comment).