3. ASPA eContent
The content of an ASPA identifies the Customer AS (CAS) as well as the Set of Provider ASes (SPAS) that are authorized by the CAS to be its Providers.¶
If a Customer AS is connected to multiple transit providers/non-transparent route servers, all Provider ASes MUST be registered in a single ASPA object. This rule is important to avoid possible race conditions during updates of ASPAs.¶
The eContent of an ASPA is an instance of ASProviderAttestation, formally defined by the following ASN.1 [X.680] module:¶
RPKI-ASPA-2022 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-rpki-aspa-2022(TBD) } DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS CONTENT-TYPE FROM CryptographicMessageSyntax-2010 -- RFC 6268 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } ; id-ct-ASPA OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) id-smime(16) id-ct(1) aspa(49) } ct-ASPA CONTENT-TYPE ::= { TYPE ASProviderAttestation IDENTIFIED BY id-ct-ASPA } ASProviderAttestation ::= SEQUENCE { version [0] INTEGER DEFAULT 0, customerASID ASID, providers ProviderASSet } ProviderASSet ::= SEQUENCE (SIZE(1..MAX)) OF ProviderAS ProviderAS ::= SEQUENCE { providerASID ASID, afiLimit AddressFamilyIdentifier OPTIONAL } ASID ::= INTEGER (0..4294967295) AddressFamilyIdentifier ::= OCTET STRING (SIZE (2)) END¶
Note that this content appears as the eContent within the encapContentInfo as specified in [RFC6488].¶
3.1. version
The version number of the ASProviderAttestation MUST be v0.¶
3.2. customerASID
The customerASID field contains the AS number of the Customer Autonomous System that is the authorizing entity.¶
3.3. providers
The providers field contains the listing of ASes that are authorized as providers or route servers in the specified address family.¶
Each element contained in the providers field is an instance of ProviderAS.¶
In addition to the constraints described by the formal ASN.1 definition, the contents of the providers field MUST satisfy the following constraints:¶
- The CustomerASID value MUST NOT appear in any providerASID field.¶
- The elements of providers MUST be ordered in ascending numerical order by the value of the providerASID field.¶
- Each value of providerASID MUST be unique (with respect to the other elements of providers).¶
3.3.1. ProviderAS
3.3.1.1. providerASID
The providerASID field contains the AS number of an AS that has been authorized by the customer AS as its provider or RS in the specified address family.¶
3.3.1.2. afiLimit
The afiLimit field optionally constrains the authorization given to the provider AS to a single address family.¶
If present, it contains the two-octet Address Family Identifier (AFI) for which the relation between the customer and provider is authorized. This specification only supports IPv4 and IPv6. Therefore, the value MUST be either 0001 or 0002, as specified in the Address Family Numbers registry [IANA-AF] maintained by IANA.¶
If omitted, the authorization is valid for both IPv4 and IPv6 announcements.¶