



SIDROPS                                                      J. Snijders
Internet-Draft                                                       BSD
Intended status: Standards Track                          T. Bruijnzeels
Expires: 7 June 2026                                            RIPE NCC
                                                             T. Harrison
                                                                   APNIC
                                                                W. Ohgai
                                                                   JPNIC
                                                         4 December 2025


 The Erik Synchronization Protocol for use with the Resource Public Key
                         Infrastructure (RPKI)
                draft-ietf-sidrops-rpki-erik-protocol-02

Abstract

   This document specifies the Erik Synchronization Protocol for use
   with the Resource Public Key Infrastructure (RPKI).  Erik
   Synchronization can be characterized as a data replication system
   using Merkle trees, a content-addressable naming scheme, concurrency
   control using monotonically increasing sequence numbers, and HTTP
   transport.  Relying Parties can combine information retrieved via
   Erik Synchronization with other RPKI transport protocols.  The
   protocol's design is intended to be efficient, fast, easy to
   implement, and robust in the face of partitions or faults in the
   network.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 7 June 2026.







Snijders, et al.           Expires 7 June 2026                  [Page 1]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


Copyright Notice

   Copyright (c) 2025 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Background  . . . . . . . . . . . . . . . . . . . . . . .   3
     1.2.  Requirements Language . . . . . . . . . . . . . . . . . .   4
     1.3.  Related Work  . . . . . . . . . . . . . . . . . . . . . .   4
     1.4.  Glossary  . . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Informal Overview . . . . . . . . . . . . . . . . . . . . . .   5
   3.  Erik Synchronization Data Structure Definitions . . . . . . .   5
     3.1.  General Syntax  . . . . . . . . . . . . . . . . . . . . .   7
       3.1.1.  contentType . . . . . . . . . . . . . . . . . . . . .   7
       3.1.2.  content . . . . . . . . . . . . . . . . . . . . . . .   7
     3.2.  ErikIndex . . . . . . . . . . . . . . . . . . . . . . . .   7
       3.2.1.  The version field . . . . . . . . . . . . . . . . . .   8
       3.2.2.  The indexScope field  . . . . . . . . . . . . . . . .   8
       3.2.3.  The indexTime field . . . . . . . . . . . . . . . . .   8
       3.2.4.  The hashAlg field . . . . . . . . . . . . . . . . . .   8
       3.2.5.  The partitionList field . . . . . . . . . . . . . . .   8
     3.3.  ErikPartition . . . . . . . . . . . . . . . . . . . . . .   9
       3.3.1.  The version field . . . . . . . . . . . . . . . . . .   9
       3.3.2.  The partitionTime field . . . . . . . . . . . . . . .   9
       3.3.3.  The hashAlg field . . . . . . . . . . . . . . . . . .   9
       3.3.4.  The manifestList field  . . . . . . . . . . . . . . .   9
   4.  Client-side Processing  . . . . . . . . . . . . . . . . . . .  10
   5.  Querying an Erik Relay  . . . . . . . . . . . . . . . . . . .  10
     5.1.  Fetching objects by hash  . . . . . . . . . . . . . . . .  11
     5.2.  Fetching ErikIndex objects  . . . . . . . . . . . . . . .  11
   6.  Transport Error Detection and Handling  . . . . . . . . . . .  11
   7.  Setting Up an Erik Relay  . . . . . . . . . . . . . . . . . .  11
   8.  Comparison with other RPKI transport protocols  . . . . . . .  12
     8.1.  Comparison with Rsync . . . . . . . . . . . . . . . . . .  12
     8.2.  Comparison with RRDP  . . . . . . . . . . . . . . . . . .  12
       8.2.1.  Garbage Collection  . . . . . . . . . . . . . . . . .  13
   9.  Open Questions  . . . . . . . . . . . . . . . . . . . . . . .  13



Snijders, et al.           Expires 7 June 2026                  [Page 2]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   10. Operational Considerations  . . . . . . . . . . . . . . . . .  13
     10.1.  Scaling considerations . . . . . . . . . . . . . . . . .  13
     10.2.  HTTP Compression . . . . . . . . . . . . . . . . . . . .  14
   11. Security Considerations . . . . . . . . . . . . . . . . . . .  14
   12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
     12.1.  S/MIME Module Identifier . . . . . . . . . . . . . . . .  14
     12.2.  SMI Security for S/MIME CMS Content Type
            (1.2.840.113549.1.9.16.1)  . . . . . . . . . . . . . . .  15
     12.3.  Well-Known URI . . . . . . . . . . . . . . . . . . . . .  15
   13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  15
     13.1.  Normative References . . . . . . . . . . . . . . . . . .  15
     13.2.  Informative References . . . . . . . . . . . . . . . . .  16
   Appendix A.  Implementation status  . . . . . . . . . . . . . . .  18
   Appendix B.  Example objects  . . . . . . . . . . . . . . . . . .  19
     B.1.  Example ErikIndex . . . . . . . . . . . . . . . . . . . .  19
     B.2.  Example ErikPartition . . . . . . . . . . . . . . . . . .  23
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  28
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  28

1.  Introduction

   This document specifies the Erik Synchronization Protocol for use
   with the Resource Public Key Infrastructure (RPKI) [RFC6480].  Erik
   Synchronization can be characterized as a data replication system
   using Merkle trees [M1987], a content-addressable naming scheme
   [RFC6920], concurrency control using monotonically increasing
   sequence numbers [RFC0677], and HTTP transport [RFC9110].  Relying
   Parties can combine information retrieved via Erik Synchronization
   with other RPKI transport protocols ([RFC5781] and [RFC8182]).  The
   protocol's design is intended to be efficient, fast, easy to
   implement [RFC1925], and robust in the face of partitions or faults
   in the network.

1.1.  Background

   The notion of cache-to-cache data replication of unvalidated data was
   documented in Section 3 of [RFC7115].

   |  Validated caches may also be created and maintained from other
   |  validated caches.  Network operators SHOULD take maximum advantage
   |  of this feature to minimize load on the global distributed RPKI
   |  database.  Of course, the recipient relying parties should re-
   |  validate the data.
   |  
   |  -- RFC7115, section 3






Snijders, et al.           Expires 7 June 2026                  [Page 3]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   Historic records show that experiments have been performed in this
   space using, for example, peer-to-peer file sharing technology (see
   [P2P]), but no standardised and widely-deployed mechanism for cache-
   to-cache replication emerged since then.  The authors hope that the
   Erik Synchronization protocol might be suitable to fill this gap and
   improve propagation speed of validly signed repository data as well
   as help reduce load on the global RPKI.

1.2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

1.3.  Related Work

   The reader is assumed to be familiar with the terms and concepts
   described in "Maintenance of duplicate databases" [RFC0677], "An
   Infrastructure to Support Secure Internet Routing" [RFC6480], "The
   RPKI Repository Delta Protocol (RRDP)" [RFC8182], "Manifests for the
   Resource Public Key Infrastructure (RPKI)" [RFC9286], "A Digital
   Signature Based on a Conventional Encryption Function" [M1987].

1.4.  Glossary

   This section describes the terminology and abbreviations used in this
   document.  Though the definitions might not be clear on a first read,
   later on the terms will be introduce with more detail.

   Erik relay  An intermediate between CA publication repositories and
      Relying Parties.

   FQDN  The fully qualified domain name of a RPKI repository instance
      referenced in an end-entity certificate's Subject Information
      Access (SIA) extension's id-ad-signedObject accessDescription.

   Hash  A message digest calculated for an object using the SHA-256
      algorithm.

   ErikIndex  The relay's Merkle root for a given FQDN.  An ErikIndex is
      an ordered listing of ErikPartition object hashes.

   ErikPartition  An ordered listing of the manifest objects' hashes,
      manifestNumber values, thisUpdate values, and their certificates'
      SIA extension values.




Snijders, et al.           Expires 7 June 2026                  [Page 4]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


2.  Informal Overview

   Erik Synchronisation is an architecture to reliably distribute RPKI
   repository data from cache to cache using so-called Erik relays.
   Relays maintain a validated cache themselves and can be clients of
   other relays.  While this property suggests that a group of relays
   should converge to the exact same state, the distributed nature of
   the RPKI prevents relays from achieving strict synchronization.

   In this synchronization protocol, Merkle trees are used to determine
   whether differences exist between client and relay.  Merkle trees are
   hierarchical data structures: the hash value of each node is computed
   recursively by hashing the concatenated hash values of the node's
   children.  The hash of the ErikIndex represents the entire dataset
   related to a given FQDN.  If the ErikIndex hash is not the same
   between two replicas, the relay provides the client with hashes of
   smaller and smaller portions of the to-be-replicated dataset until
   the exact list of out-of-sync or missing objects is identified.
   Sequence numbers are then used to determine whether these differences
   are relevant enough for the client to fetch.  All data, except for
   ErikIndex objects, is fetched using static addresses derived from
   object hashes.  This approach reduces unnecessary data transfer
   between caches which contain mostly similar data.

   The client starts by querying an Erik relay for the relay's current
   ErikIndex for a given FQDN.  If the ErikIndex is different compared
   to the previous run (or compared to the Index calculated from the
   locally cached objects).  With the ErikIndex in hand, the client can
   determine which ErikPartition are missing and fetch accordingly.  The
   client then can compare the _manifestNumber_ sequence number and
   _thisUpdate_ for each manifest listed in the ErikPartition, and
   proceed to fetch (purportedly) newer versions of manifests of
   interest.  Whenever a relay has manifests with a lower sequence
   number on offer, the client can ignore those.  The client now has
   sufficient information to proceed to fetch any missing Certificates,
   Signed objects, and CRLs.  With the information contained within
   manifests, clients can fetch addressed by content (by hash) and store
   by name (or some other scheme).

3.  Erik Synchronization Data Structure Definitions

   In this synchronization protocol the _signal layer_ makes use of DER-
   encoded messages [X.690].

   _Design note: DER encoding was selected for its canonical properties
   and because RPKI cache implementations already support ASN.1
   encoding._




Snijders, et al.           Expires 7 June 2026                  [Page 5]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   RpkiErikSynchronization-2025
     { iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs9(9) smime(16) mod(0)
       id-mod-rpkiErikSynchronization-2025(TBD) }

   DEFINITIONS EXPLICIT TAGS ::=
   BEGIN

   -- EXPORTS ALL --

   IMPORTS
     CONTENT-TYPE, Digest, DigestAlgorithmIdentifier
     FROM CryptographicMessageSyntax-2010 -- in [RFC6268]
     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
       pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }

     AccessDescription, KeyIdentifier
     FROM PKIX1Implicit-2009 -- in [RFC5912]
     { iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) }
   ;

   ContentInfo ::= SEQUENCE {
     contentType      CONTENT-TYPE.&id({ContentSet}),
     content      [0] EXPLICIT
                        CONTENT-TYPE.&Type({ContentSet}{@contentType}) }

   ContentSet CONTENT-TYPE ::= {
     ct-rpkiErikIndex | ct-rpkiErikPartition, ... }

   ct-rpkiErikIndex CONTENT-TYPE ::=
     { TYPE ErikIndex IDENTIFIED BY id-ct-rpkiErikIndex }

   id-ct-rpkiErikIndex OBJECT IDENTIFIER ::=
     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
       pkcs-9(9) id-smime(16) id-ct(1) erikindex(55) }

   ct-rpkiErikPartition CONTENT-TYPE ::=
     { TYPE ErikPartition IDENTIFIED BY id-ct-rpkiErikPartition }

   id-ct-rpkiErikPartition OBJECT IDENTIFIER ::=
     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
       pkcs-9(9) id-smime(16) id-ct(1) erikpartition(56) }

   ErikIndex ::= SEQUENCE {
     version [0]      INTEGER DEFAULT 0,
     indexScope       IA5String,
     indexTime        GeneralizedTime,



Snijders, et al.           Expires 7 June 2026                  [Page 6]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


     hashAlg          DigestAlgorithmIdentifier,
     partitionList    SEQUENCE (SIZE(1..ub-Partitions)) OF PartitionRef
   }

   ub-Partitions INTEGER ::= 256

   PartitionRef ::= SEQUENCE {
     hash             Digest,
     size             INTEGER (100..MAX) }

   ErikPartition ::= SEQUENCE {
     version [0]      INTEGER DEFAULT 0,
     partitionTime    GeneralizedTime,
     hashAlg          DigestAlgorithmIdentifier,
     manifestList     SEQUENCE (SIZE(1..MAX)) OF ManifestRef }

   ManifestRef ::= SEQUENCE {
     hash             Digest,
     size             INTEGER (1000..MAX),
     aki              KeyIdentifier,
     manifestNumber   INTEGER (0..MAX),
     thisUpdate       GeneralizedTime,
     locations        SEQUENCE (SIZE(1..MAX)) OF AccessDescription }
   END

3.1.  General Syntax

   At the top level the content of an Erik object is an instance of
   ContentInfo.

3.1.1.  contentType

   The contentType is an OID specifying the type of payload in the
   object, in this profile either id-ct-rpkiErikIndex or id-ct-
   rpkiErikPartition.

3.1.2.  content

   The content field contains an instance of ErikIndex or ErikPartition.

3.2.  ErikIndex

   An ErikIndex represents all current manifest objects available under
   a given FQDN and thus the complete state of the repository as it is
   known to the relay.






Snijders, et al.           Expires 7 June 2026                  [Page 7]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


3.2.1.  The version field

   The version number of the ErikIndex object MUST be 0.

3.2.2.  The indexScope field

   The indexScope field contains the fully qualified domain name of the
   Signed Object location of the manifests referenced through this
   particular ErikIndex.  The FQDN MUST be in the "preferred name
   syntax", as specified by Section 3.5 of [RFC1034] and modified by
   Section 2.1 of [RFC1123].

3.2.3.  The indexTime field

   The indexTime is the most recent partitionTime value among the
   ErikPartitions referenced from this ErikIndex.  The field's value
   roughly indicates when the ErikIndex was generated and can be used
   for troubleshooting and measurement purposes.

   For the purposes of this profile, GeneralizedTime values MUST be
   expressed UTC (Zulu) and MUST include seconds (i.e., times are
   YYYYMMDDHHMMSSZ), even where the number of seconds is zero.
   GeneralizedTime values MUST NOT include fractional seconds.  See
   Section 4.1.2.5.2 of [RFC5280].

   _Design note: using the most recent partitionTime, rather than the
   local system's notion of "now", helps reduce churn in distributed
   systems._

3.2.4.  The hashAlg field

   This field contains the OID of the hash algorithm used to hash the
   ErikPartitions.  The hash algorithm used MUST conform to the RPKI
   Algorithms and Key Size Profile specification [RFC7935].

3.2.5.  The partitionList field

   This field is a sequence of PartitionRef instances.  There is one
   PartitionRef for each current ErikPartition.  Each PartitionRef is a
   tuple consisting of the hash of the partition object and the size of
   the partition object.

   Information elements are unique with respect to one another and
   sorted in ascending order of the hash.







Snijders, et al.           Expires 7 June 2026                  [Page 8]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


3.3.  ErikPartition

   An ErikPartition represents a subset of manifest objects available
   under a given FQDN.  Each ErikPartition is an ordered listing of the
   manifest objects' hashes, manifestNumber values, thisUpdate values,
   and their end-entity certificates' SIA extension values.

3.3.1.  The version field

   The version number of the ErikPartition object MUST be 0.

3.3.2.  The partitionTime field

   The partitionTime is the most recent thisUpdate value among the
   manifests contained within this ErikPartition.  The field's value
   roughly indicates when the ErikPartition was generated and can be
   used for troubleshooting and measurement purposes.

   For the purposes of this profile, GeneralizedTime values MUST be
   expressed UTC (Zulu) and MUST include seconds (i.e., times are
   YYYYMMDDHHMMSSZ), even where the number of seconds is zero.
   GeneralizedTime values MUST NOT include fractional seconds.  See
   Section 4.1.2.5.2 of [RFC5280].

   _Design note: using the most recent manifest thisUpdate value, rather
   than the local system's notion of "now", helps reduce churn in
   distributed systems._

3.3.3.  The hashAlg field

   This field contains the OID of the hash algorithm used to hash the
   manifest objects referenced in this ErikPartition.  The hash
   algorithm used MUST conform to the RPKI Algorithms and Key Size
   Profile specification [RFC7935].

3.3.4.  The manifestList field

   This field is a sequence of ManifestRef instances.  There is one
   ManifestRef for each current manifest.  A manifest is nominally
   current until the time specified in nextUpdate or until a manifest is
   issued with a greater manifestNumber, whichever comes first (see
   Section 4.2.1 of [RFC9286]).









Snijders, et al.           Expires 7 June 2026                  [Page 9]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   A ManifestRef is a structure consisting of the hash of the manifest
   object, the size of the manifest object, the manifest issuer's key
   identifier, the manifestNumber, and the thisUpdate contained within
   the object, and a sequence of AccessDescription instances from the
   manifest's End-Entity certificate's Subject Information Access
   extension.

   Information elements are unique with respect to one another and
   sorted in ascending order of the hash.

4.  Client-side Processing

   Clients start by fetching an ErikIndex, which is represents the
   relay's current Merkle tree head for a given FQDN.  A client MUST
   verify the requested FQDN exactly matches the indexScope value in the
   ErikIndex, and if not proceed to use a different relay.

   Then, clients can decide whether or not to fetch ErikPartition
   objects listed on the ErikIndex, for instance, by checking whether
   the object associated with the hash was already fetched at some point
   in the client's past.

   Before using a ErikPartition, the client MUST verify that all URIs in
   the accessLocations in the id-ad-signedObject accessMethod instances
   in the ErikPartition are encompassed in the requested indexScope.  A
   client can then decide whether or not to fetch a given manifest
   object, by comparing the manifestNumber and thisUpdate with what's
   locally cached and what's offered by the remote relay.

   A client can compute which products listed in the manifest's fileList
   need to be fetched from one relay or another in order to achieve a
   successful fetch.  A client MUST verify that the URI in the
   accessLocation in one of the id-ad-signedObject accessMethod
   instances in the manifest's Subject Information Access (SIA) is
   encompassed in the requested indexScope.

   As there is no concept of 'sessions' (like in RRDP), clients can
   interchangeably use different Erik relays.  When one Erik relay
   generates a HTTP error, the client can try fetching the requested
   object from another Erik relay.  To improve reliability, clients
   should alternate among different relays in successive query and fetch
   attempts.

5.  Querying an Erik Relay







Snijders, et al.           Expires 7 June 2026                 [Page 10]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


5.1.  Fetching objects by hash

   This specification uses "Named Information" identifiers mapped to
   .well-known HTTP/HTTPS URLs for object retrieval, as described in
   [RFC6920].

   For example, issuance #54 of ripe-ncc-ta.mft has the following SHA256
   digest:
   c2d0427bc5a32c42eea1ab5663d592b1fc29c7d4ef16ab0b5e1d631d039dcc21.

   To fetch the aforementioned object from an relay hosted at
   relay.example.net, a client would access the following HTTP URL:
   https://relay.example.net/.well-known/ni/sha-256/
   wtBCe8WjLELuoatWY9WSsfwpx9TvFqsLXh1jHQOdzCE

5.2.  Fetching ErikIndex objects

   The URIs to fetch ErikIndex objects can be constructed using the
   following Well-Known URI template with the erik keyword as suffix and
   the FQDN as parameter: https://{relay_host}/.well-known/erik/
   index/{FQDN}.

   For example, the URI to fetch an ErikIndex for the rpki.ripe.net FQDN
   from a relay at relay.example.net would be:
   https://relay.example.net/.well-known/erik/index/rpki.ripe.net.

   A client MAY use the If-Modified-Since HTTP header when fetching
   ErikIndex objects.

6.  Transport Error Detection and Handling

   The client MUST calculate the hashes of fetched objects and verify
   they are the same as the expected hashes (which are embedded in the
   URIs through which the objects were retrieved).  If there is a hash
   mismatch, the client may try fetching the object from a different
   Erik relay or treat this as a _failed fetch_ (see Section 6.6 of
   [RFC9286]) and try again at a later point in time in a next
   validation run.

7.  Setting Up an Erik Relay

   Erik relays can be operated by any party, without permission from or
   coordination with publication point operators or CAs.  Relays are
   made accessible via either HTTP or HTTPS or both.







Snijders, et al.           Expires 7 June 2026                 [Page 11]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   Relays generate and make accessible ErikIndexes and ErikPartitions
   derived from their current validation state, the client then cherry-
   picks which objects (if any) it wishes to fetch.  In turn, relays
   fetch fresh data from other relays, or from CA-designated publication
   points accessible via Rsync ([RFC5781]) and RRDP ([RFC8182]).

   _Design notes: a decision must be made on a deterministic "manifest-
   to-partition" assignment scheme.  Job's proof-of-concept relay (see
   Appendix A) uses the first few octets of the the Manifest's AKI as a
   stable partition assignment scheme.  Other strategies could be to
   assign manifests to ErikPartitions based on the "hour-of-day" of the
   CMS signing timestamp, or the first few octets of the SHA-256 of the
   manifest object._

8.  Comparison with other RPKI transport protocols

   Ignoring obvious mechanical "on the wire" differences between Erik,
   Rsync, and RRDP; there are a number of concept differences between
   the protocols.  Rsync and RRDP can be described as "general purpose"
   synchronisation protocols: they could be used to transfer any
   arbitrary set of files, on the other hand the Erik protocol is RPKI-
   specific: part of its signaling layer are RPKI manifest objects,
   which RPs require as recourse for validation anyway.  This property
   by itself causes a small deduplication in the data to be transferred.

8.1.  Comparison with Rsync

   In Rsync, the server and the client construct and transfer a full
   listing of all available objects, and then transfer objects as
   necessary.  In effect, this allows clients to 'jump' to the latest
   repository state, regardless of the state of the local cache.

   A major downside of Rsync is that the list of files itself can become
   a burden to transfer.  As of June 2025, in order to merely establish
   whether a client is synchronized or not with the RIPE NCC repository
   at rpki.ripe.net, as much as 5.8 megabytes of data are exchanged
   without exchanging any RPKI data.

   Experimentation suggests that when synchronizing once an hour, Erik
   consumes less network traffic than Rsync generally would consume
   which, in turn, is less network traffic than RRDP would.

8.2.  Comparison with RRDP

   The key concept in RRDP is that the client downloads a "journal",
   containing all add/update/delete operations and replays this journal
   to arrive at the current repository state.




Snijders, et al.           Expires 7 June 2026                 [Page 12]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   A major downside of RRDP is that (depending on the RRDP polling
   interval) clients end up downloading data which has become outdated.
   Imagine a hypothetical CA which issues and revokes a ROA every 10
   minutes and a client that synchronizes every 60 minutes; in effect
   the client must fetch 5 outdated states, wasting bandwidth.

   Experimentation suggests that when synchronizing every 15 minutes,
   Erik consumes less network traffic than RRDP generally would consume
   which, in turn, is less network traffic than Rsync would consume.

8.2.1.  Garbage Collection

   In contrast to RRDP, the Erik protocol has no concept of server-
   specific "stateful" sessions that persist across polling attempts.
   This obviates the need for withdraw instructions as part of the
   protocol exchange: clients can simply delete objects that are no
   longer referenced from their current validation state and refetch
   them later on if needed.

9.  Open Questions

   This section is to be removed before publishing as an RFC.

   *  Which of the possible deterministic manifest-to-partition
      assignment strategies yield the best results?  AKI?

   *  Are deterministic and cheap Snapshots possible?  If so, what is
      the best archive format for Snapshots?  The ustar/gzip combo might
      not easily yield deterministic results across different
      implementations.

   *  Is the concept of Differentials/Deltas needed in Erik
      Synchronization?

   *  What will be the upper bound for the number of partitions? (ub-
      Partitions)

10.  Operational Considerations

10.1.  Scaling considerations

   As of July 2025, the global Internet's RPKI churn rate appears to be
   2 new objects per second.  The ecosystem is estimated to be composed
   of ~ 5000 RPKI cache instances and ~ 50 repository servers.  Assuming
   10 minute fetching intervals and 150 metadata requests per
   synchronization run (for exchange of Merkle tree data), an Erik relay
   serving all the Internet's RPKI cache instances would probably need
   to be able to sustain serving an average of at least 11,000 HTTP



Snijders, et al.           Expires 7 June 2026                 [Page 13]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   requests per second.  This order of magnitude in terms of scaling
   requirements can easily be handled by a single commodity server.

10.2.  HTTP Compression

   Using gzip compression on average tends to yield a 20% reduction in
   RPKI object size, therefore it is RECOMMENDED for clients and relays
   to offer support for compressed content coding, as described in
   Section 8.4.1 of [RFC9110].

   Using a previous version of a RPKI object as a compression dictionary
   for a newer version enables delivery of a delta-compressed version of
   the changes, usually resulting in significantly smaller responses
   than what can be achieved by compression alone.  Clients can
   facilitate delta compression by sending an Available-Dictionary
   request header, using a previously fetched version of the RPKI object
   as the dictionary.  It is RECOMMENDED for clients and relays to make
   use of Compression Dictionary Transport ([RFC9842]).

11.  Security Considerations

   This document makes no changes to RPKI certificate validation
   procedures.

   Paraphrasing Section 11 of [RFC6810]: The RPKI relies on object, not
   server or transport, trust.  That is, the Regional Internet Registry
   root trust anchors are distributed through some out-of-band means,
   and can then be used by each relying party to validate certificate
   chains and Signed Objects.  The inter-cache relationships are based
   on this object security model; hence, any cache-to-cache transport is
   assumed to be unreliable at times.  See Section 5 of [RFC8182] for
   more security considerations.

   To avoid certain forms of replay attack, clients MUST verify
   purported indexScope, ManifestRef location values, and manifest
   Subject Information Access (SIA) extensions match the expected FQDN.

   Byzantine events or faults in relay-to-client communication can be
   overcome by the client rotating requests for objects among different
   Erik relays.

12.  IANA Considerations

12.1.  S/MIME Module Identifier

   The IANA is requested to add an item to the "SMI Security for S/MIME
   Module Identifier" registry as follows:




Snijders, et al.           Expires 7 June 2026                 [Page 14]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   Decimal  Description                          References
   ----------------------------------------------------------
     TDB    id-mod-rpkiErikSynchronization-2025  [this-draft]


12.2.  SMI Security for S/MIME CMS Content Type
       (1.2.840.113549.1.9.16.1)

   The IANA has allocated for this specification in the "SMI Security
   for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)" registry as
   follows:

   Decimal  Description              References
   ----------------------------------------------
      55    id-ct-rpkiErikIndex      [this-draft]
      56    id-ct-rpkiErikPartition  [this-draft]


   Upon publication of this document, IANA is requested to reference the
   RFC publication instead of this draft.

12.3.  Well-Known URI

   An URI Suffix in the Well-Known URIs registry specific to Erik
   synchronization will be requested.  See https://github.com/protocol-
   registries/well-known-uris/issues/67 for the request.

   The proposed suffix is erik.

13.  References

13.1.  Normative References

   [RFC1034]  Mockapetris, P., "Domain names - concepts and facilities",
              STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
              <https://www.rfc-editor.org/info/rfc1034>.

   [RFC1123]  Braden, R., Ed., "Requirements for Internet Hosts -
              Application and Support", STD 3, RFC 1123,
              DOI 10.17487/RFC1123, October 1989,
              <https://www.rfc-editor.org/info/rfc1123>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.





Snijders, et al.           Expires 7 June 2026                 [Page 15]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <https://www.rfc-editor.org/info/rfc5280>.

   [RFC6810]  Bush, R. and R. Austein, "The Resource Public Key
              Infrastructure (RPKI) to Router Protocol", RFC 6810,
              DOI 10.17487/RFC6810, January 2013,
              <https://www.rfc-editor.org/info/rfc6810>.

   [RFC6920]  Farrell, S., Kutscher, D., Dannewitz, C., Ohlman, B.,
              Keranen, A., and P. Hallam-Baker, "Naming Things with
              Hashes", RFC 6920, DOI 10.17487/RFC6920, April 2013,
              <https://www.rfc-editor.org/info/rfc6920>.

   [RFC7935]  Huston, G. and G. Michaelson, Ed., "The Profile for
              Algorithms and Key Sizes for Use in the Resource Public
              Key Infrastructure", RFC 7935, DOI 10.17487/RFC7935,
              August 2016, <https://www.rfc-editor.org/info/rfc7935>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC9110]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "HTTP Semantics", STD 97, RFC 9110,
              DOI 10.17487/RFC9110, June 2022,
              <https://www.rfc-editor.org/info/rfc9110>.

   [RFC9286]  Austein, R., Huston, G., Kent, S., and M. Lepinski,
              "Manifests for the Resource Public Key Infrastructure
              (RPKI)", RFC 9286, DOI 10.17487/RFC9286, June 2022,
              <https://www.rfc-editor.org/info/rfc9286>.

   [X.690]    ITU-T, "Information technology - ASN.1 encoding rules:
              Specification of Basic Encoding Rules (BER), Canonical
              Encoding Rules (CER) and Distinguished Encoding Rules
              (DER)", ITU-T Recommendation X.690, ISO/IEC 8825-1:2021,
              February 2021,
              <https://www.itu.int/rec/T-REC-X.690-202102-I/en>.

13.2.  Informative References








Snijders, et al.           Expires 7 June 2026                 [Page 16]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   [M1987]    Merkle, R., "A Digital Signature Based on a Conventional
              Encryption Function", Advances in Cryptology -- CRYPTO '87
              Proceedings, Lecture Notes in Computer Science, Vol. 293,
              DOI 10.1007/3-540-48184-2_32, 1988,
              <https://doi.org/10.1007/3-540-48184-2_32>.

   [P2P]      Austein, R., Bush, R., Elkins, M., and L. Johansson, "RPKI
              Over BitTorrent", March 2012,
              <https://www.ietf.org/proceedings/83/slides/slides-83-
              sidr-9.pdf>.

   [RFC0677]  Johnson, P. and R. Thomas, "Maintenance of duplicate
              databases", RFC 677, DOI 10.17487/RFC0677, January 1975,
              <https://www.rfc-editor.org/info/rfc677>.

   [RFC1925]  Callon, R., "The Twelve Networking Truths", RFC 1925,
              DOI 10.17487/RFC1925, April 1996,
              <https://www.rfc-editor.org/info/rfc1925>.

   [RFC5781]  Weiler, S., Ward, D., and R. Housley, "The rsync URI
              Scheme", RFC 5781, DOI 10.17487/RFC5781, February 2010,
              <https://www.rfc-editor.org/info/rfc5781>.

   [RFC6480]  Lepinski, M. and S. Kent, "An Infrastructure to Support
              Secure Internet Routing", RFC 6480, DOI 10.17487/RFC6480,
              February 2012, <https://www.rfc-editor.org/info/rfc6480>.

   [RFC7115]  Bush, R., "Origin Validation Operation Based on the
              Resource Public Key Infrastructure (RPKI)", BCP 185,
              RFC 7115, DOI 10.17487/RFC7115, January 2014,
              <https://www.rfc-editor.org/info/rfc7115>.

   [RFC8182]  Bruijnzeels, T., Muravskiy, O., Weber, B., and R. Austein,
              "The RPKI Repository Delta Protocol (RRDP)", RFC 8182,
              DOI 10.17487/RFC8182, July 2017,
              <https://www.rfc-editor.org/info/rfc8182>.

   [RFC9842]  Meenan, P., Ed. and Y. Weiss, Ed., "Compression Dictionary
              Transport", RFC 9842, DOI 10.17487/RFC9842, September
              2025, <https://www.rfc-editor.org/info/rfc9842>.

   [rpkitouch]
              Snijders, J., "rpkitouch", December 2025,
              <https://www.github.com/job/rpkitouch>.







Snijders, et al.           Expires 7 June 2026                 [Page 17]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


Appendix A.  Implementation status

   This section is to be removed before publishing as an RFC.

   This section records the status of known implementations of the
   protocol defined by this specification at the time of posting of this
   Internet-Draft, and is based on a proposal described in RFC 7942.
   The description of implementations in this section is intended to
   assist the IETF in its decision processes in progressing drafts to
   RFCs.  Please note that the listing of any individual implementation
   here does not imply endorsement by the IETF.  Furthermore, no effort
   has been spent to verify the information presented here that was
   supplied by IETF contributors.  This is not intended as, and must not
   be construed to be, a catalog of available implementations or their
   features.  Readers are advised to note that other implementations may
   exist.

   According to RFC 7942, "this will allow reviewers and working groups
   to assign due consideration to documents that have the benefit of
   running code, which may serve as evidence of valuable experimentation
   and feedback that have made the implemented protocols more mature.
   It is up to the individual working groups to use this information as
   they see fit".

   A few experimental Erik relays are available, each running on
   slightly different schedules.  Client implementers are encouraged to
   round-robin between these instances to observe results.

   http://relay.rpki-servers.org/  Dublin, Montreal, Osaka, São Paulo,
      Sydney - anycasted distributed computing cluster

   http://dub.rpki-servers.org/  Dublin, Ireland, - distributed
      computing cluster (6 machines, NFS backend)

   http://atl.rpki-servers.org/  Atlanta, USA, - distributed computing
      cluster (2 machines, NFS backend)

   http://miso.sobornost.net/  Amsterdam, NL, single node

   http://nyc.rpki-servers.org/  New York, USA, - single node

   http://fnllwqoupfrhso6643whm6lpkgsftjtc6crpehmyz2o7pffirnqy7rad.on
   ion/  Erik relay service via Tor

   An experimental Erik static content generator was developed by Job
   Snijders in the form of [rpkitouch] using C.





Snijders, et al.           Expires 7 June 2026                 [Page 18]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


Appendix B.  Example objects

   Included in this section are an ErikIndex for rpki.ripe.net and an
   ErikPartition referenced from the aforementioned ErikIndex, both
   Base64 encoded.

B.1.  Example ErikIndex

   This object was retrieved from http://miso.sobornost.net/.well-
   known/erik/index/rpki.ripe.net.

   MIIoRgYLKoZIhvcNAQkQATeggig1MIIoMRYNcnBraS5yaXBlLm5ldBgPMjAyNTEyMDQxN
   TUwMjlaMAsGCWCGSAFlAwQCATCCKAAwJgQg4x/oKSpJWMYfiwmxlXsIihgYTHlw7JG/Xl
   JIBr85aF8CAj5fMCYEIMobcoUB80mqesZ86of8vdvUHU+IN/Lv36xYLdsG5YWyAgJFjjA
   mBCCqYaG3CBGrgisIby+kjmrMCmxkM1xRX5h8ySkpbi+YzAICPZcwJgQgnJq0yJdD4sPe
   /GtzgVElsLXAMgagucbr0xF9ROC7nPgCAkZbMCYEIIR2TnjK1AB/t8ayJgf/iq04FJNPe
   Mljb1leJ/tedYvLAgI8yzAmBCBFiyaGABNV7VukoKDMU+LlSv5I6vMVdV+IMBgs188oaw
   ICS+8wJgQgKixW27oZqi19K526VpGlZ+0XAQDsVGknwNLDdNg+oV8CAkDGMCYEIPZtvf6
   KEIPf/UyHxTN7ypbDovmhcBeyZf6wypAZcvN3AgJIvTAmBCBaryJe+uBlcLB0dLPQsS46
   GA3XKUIcMBdWBFn5gCNWMgICSlYwJgQgklyrCIkF2N7trfYE2d8K7HIaiFSG+Y+EW6Imu
   GdrxU4CAkpXMCYEIFN2PuEDxaS8Hgl1TTUWLAGzc4tzhDHyjKlaw7PMLJJOAgI6ZTAmBC
   CTocRYi5ZYYx+H/WTzAY2TDKX5tv9ERa7N0llUqpx7MwICRlswJgQgt/tI2qNsSmxUtAt
   KfUVbjVlM51s6lArVlXzq7E991BsCAjmbMCYEIEHlKn1Y9XU3FMQpoQ6VOzEk33YkfBfu
   VaUbqSNB4E7VAgJKVzAmBCB4X6f/hN0fOVLJ41rfduCjNWOtAhA/+hlaC3xHOOVOYgICQ
   ykwJgQgx1lUblpQQSwopLIWIgg532kTyS61EYHziHmNdl+Ufm0CAj8rMCYEIGADEKt/5p
   qBqV5sY4Drm3c4e4Xu8iDZeh6siGQ0MVmgAgJCXzAmBCBPAVLtveq6vWiWP4t3Z1YMqfB
   WfnZYiaJexvnZdhJCQAICRY8wJgQgkkxXQwzVeUbM7QiAf5lFha9sN8Yb+1+zjmOC3lk9
   CVQCAkDGMCYEIC9QE9ANo0jFeOT5DBQl7112OjyYHVF01Bsk6yWpvfBRAgJD9jAmBCBI9
   WxfgjCrZLA4zOmlamVT7fO/k8+QuIYzr5O5O7dqcwICMaIwJgQgCdEsYGKw3zh0CZg1+q
   3Jf/Ezvqnw7kTf1TKY13AlJ4oCAkWNMCYEIJMykWJkE5jvTwuYUx14EBUzyRl0xJHAfiS
   ZxMxgmXCBAgJIvzAmBCBq4Uan/5q5axCWRQ/E6j8MjyMNtWpft/qyDuRk7DJRdQICT+ow
   JgQgRnTIHGqCEczZNqIHqLz3Cg4aAfCI/eIBArHUQEwkkf0CAjZoMCYEIG3EQ7dFpc712
   c7pghGggSyzcl9f10ZyCVYxtRUYRoLHAgJMuTAmBCBECs+7SNPtDdJeOjmOW7LUudpuXS
   G5/iwnU57tpnEBSwICTk8wJgQgiE+SNWwGyyWk3UHpdfZVU/cJLmniTYj+Qx5Q/Pg070w
   CAkP3MCYEIInS7jtJG95+/QHU4B7BzXiCxLJGROQzAGVgP/KTSLUdAgJLIjAmBCB+BtWf
   llMd6ljeOSVMeWL6XlVupWpmnEdzASHQ8UUEawICRlcwJgQgh+9Wgieq8uWJPWuk1zcHQ
   tfAzcEtSLu6cFiizLB/FVECAki+MCYEIALfQ6cn1lFUUauKtQWfnAKyip0xavUyTPqyZx
   4SKM0bAgJHJzAmBCAhDGSV1JsMYA/0uma1NM8jzhfDFZhVfmVAT290/unlRAICRlswJgQ
   giXYk6DZycnPrY45Me8jeutomw9j7R7dMp+TAkTlDI+ACAjpkMCYEIK29pj6RIPa4vXrG
   ZmczHnbGFhkDZWMvtPsb01SMxsh4AgI6ZTAmBCDX9v1Zo/HzOAk/9UBIk7/Rh2iKRxjks
   fLlZRkSfU80PAICT+kwJgQgzko+CaHpqidtAwCkmgVjjE4yxHwoiR2frTLcof6FbHMCAj
   zLMCYEIEwbZty1WPIBWZao2qHO882KxcJZ2GBdFxKQZpVgdpOBAgJBkDAmBCBYqw2PTol
   eEktObKpm2FNcGY5Rtt5H1sxtv3keeKam2wICQZMwJgQgGbxgwo+P90tG/fijIccclzHg
   08OI36ywxGAriqp5zt0CAk8fMCYEIB1IaNV+Ur3jGWJdt8nB0JP4EqWph0HzfvLesD8do
   6loAgI7MzAmBCD0G+ZuuiYJuO9PUYI3m1IvdjjFq6buMzmMjHRm/MkwmAICVxYwJgQgu6
   /IK6huz1bQRFpHRVKwJPr8mCpJTiNQjHlsz2n4qE4CAjyjMCYEIDDvXbCF/QIznVr/82G
   vLuSerQxYfNjFzk+ADaTmaR8zAgI9kzAmBCDNR60L+r1YrVeecsceLh+r4ZD+RvxL2TdF
   IeAtaG/ulAICOmYwJgQgQHopBzjK6FHz07A/+gxzp3mfchu1txXIEKyDnIdfiuoCAjgCM



Snijders, et al.           Expires 7 June 2026                 [Page 19]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   CYEIDeyYAHLFhrug/c5UtCmnbYekwutqFLPKwHC262ZFdi/AgJDKzAmBCACtf5OZDKT5K
   SrDnca+N1PEzE9vUq4m+MWs6s9loxCYQICS+8wJgQgA8jyuvhd7MMbXzxmnFHW/2n96T2
   pVEMQyu52XZqRUe0CAkZZMCYEIA8p78+/SITzJVMdg5PC4OAZfg3cRs/fDerB/eyYMaKS
   AgI+XzAmBCBhmqyqzBYgBCN+cBE2zS5q0ruGxfk8UMUcYNEYIZBkfgICR/EwJgQgJ6mSf
   oaQQ7V4LDD2eH/mVyVd2Tjcb5erYGFiIJyQCccCAjsxMCYEIDrz2cjTrEVBsunv8BoP+I
   uo+hq6SMdYYRLFrwmgj1OJAgJIvTAmBCDt+HVE/jz3ENTOPKFAmWPxn+tTHawZHh+rp7d
   zJPPWBgICPMowJgQgjy7mcvPGelL8IqFiOybwcLN70vvPCmod80FLzwfHRt8CAkpXMCYE
   IIpl8t92Wdl3Hxtmyo7P56i3iFH+qs+bK/oxdJx4f/IKAgI8yzAmBCCbYaynY0966Y6Nc
   jVVwbw1KTgHl2nZxiZo7v5Or6/OsAICRY8wJgQgW0VidFJyAhev/M3Ok0HCbvLkB0aU+P
   cBT5DzUAd4TswCAkTCMCYEII2rRGW333DGPqlsJGDi9JoQj237xGAw1Ot/EKcn/2nwAgJ
   D9TAmBCD3JPoboP6sGE8/DGW3iGXOK4I3SYKTA90HCAbv9HtJFAICPy8wJgQgo0PstHri
   9Zf8NlQBnsikihoCOIgfCNGh2eYKajPUPHMCAjzJMCYEIJHuvkdaX/dACFlrwd4kNxe1j
   edljz1ZfVGrgXwWN5khAgI9ljAmBCCqRvR92um/FWyUHc6xiwXxZDLzXvKg0v6y+hP3tJ
   OylwICTLkwJgQghdHSyhKnQ6mONyEiAWXS+7/mLgmWqxkCJiUTmcQ1oAkCAjgCMCYEIJr
   DVbCc9hcwuJ/Ip95x3d0QkZQ67H43bxHbAwfagaqoAgJLIjAmBCCkBAtAhf0mE/oa1l+P
   3fe9j7zo9k6WemIIlqFaSRFwTQICR/EwJgQgbmq5I+ZgR1775kSHEcXnOQLKjYEUHF+rX
   BSvhRS7iGgCAkWOMCYEIAmSQuvMuE31r+W0fktmUIAJJVxqVjyE+wseOcAwPJilAgJDKT
   AmBCBlgenBE2JcY1T7yvT4fubh1y2y6cxPkKnxgX6BXhv3YAICSyMwJgQgW6LQnSLgFvA
   FIWPBaClqFB684DSyXYmYryNd20IQYCECAjZqMCYEIJQhsD7l6CkaD9wvela9pNirzGCs
   2KvyMIMqRAgCY6gPAgJEwjAmBCCA5LS4RSCvfTbsg/e/u680U+CaHQzqf05gAzb/dYj7e
   wICQMcwJgQg9GKlbPIQMTXrXNkSACtRLtU/YR7K+IwtVU2PP+Ht6EICAjzLMCYEIGVHk2
   v0JZaQDEb46YWCzq+v6h54XdwZG7njcNmODtj5AgJFjzAmBCAm+h6Ozp0wrtsuNNVZ4Ho
   WCPonDyz48bztA3mAPW1XaAICPZcwJgQguN84WoVJRbzWHxXI6+jfqBoT+nHl4z1tcaR3
   dhur78UCAkWNMCYEIBXef5zKL6wQq9HpQGoy2clKNeaG2SCbc8uTeRw+6x3GAgJMujAmB
   CBE3HHOWIOxlPyxl+Ntxfz0OwIU7YE5cUX2YsiVgCTIbQICRY0wJgQgYVIRXX1SiDri8j
   UBNdfzh4tAO9c9FEgbcfcovkeASyUCAkpWMCYEIEU/0TOZq6WswMy3R/GDZ8E6fvWRt0h
   ruH3D8SqTwxunAgI9ljAmBCA96mh+VUbEdl7anhyu2o+R/Nq17FPlLybZx41f6K2+HAIC
   Ql0wJgQgzetWrgTL3lvU052dpUlnpYvpZpZkdNb0/d9Ch7bI3U0CAjv8MCYEIPFjJ84Ro
   2rqgrSO7GEG5P6SEdmPgCHj1XXMLQd0YwrsAgJGWzAmBCBLxWFOySITGB9+bVw2mCfUVH
   SHTNqUHJMbgrRw4MmougICUxowJgQgdrh5rk4vAS2mDHPPzU0bZTu9LFoO1OR0pJo2mRH
   x4cECAkmJMCYEIDjWKGcGrHuWmsSAN66PrJ1GdB6iOCEwVl8wX2CRXdk1AgJAxzAmBCC8
   GJe8nPS4biUwc+tVWdx50oxpIsnGXOZ8zDcmhXbbDAICMaIwJgQgpMU1RPwde6nUKGzCU
   fJBsjI0FmuAPqIHcmncDtbyVO8CAk/oMCYEIL0bhIL0Mv/W08Y33ER2i+fAb9vnpZeAZt
   fRaXzzlRF4AgJJiTAmBCAUcBWpSH+rULDd8F+VhXBbl8UhKXLufo+qxb/J+yMsLwICPy4
   wJgQgrVfKoxFh/O10s2WFWEfwp5UjjqAsPQho8mju04dxJWgCAkJfMCYEIIUbqmWEy+/F
   A2Bmw/PknIWV/ProvTNA8TirzDxMSmuBAgI/LzAmBCAKX8FQOqNZZBwj4fl8m2zt/B4by
   5Uk/Dp5I3jG5odACgICOZswJgQg5XFjDH2PiTa3zA+zHEFE2ZEz2FCFyR5JVJrKk6GZee
   wCAkGSMCYEIL5cu7mhhCoBDxVOSKKy4S4KkUv4BXot70lTvIIPS6cYAgJH8zAmBCCkbj/
   zk66eAZq40ESpZiqRslBAIpGb+e/A5FD1H8HNIwICPmIwJgQgVfcD2Ar+9FjbAfUoP1fT
   nxF6vvcnitD9dtdeQsbT4A4CAkvvMCYEIF+lCjfkxb3I/1pD+HaA+Uz+k2JysW7RG+CAY
   9Xgzl+2AgJBkzAmBCDbhOqNBPRZknT3PHIIwRXkYT6krqee6s28uCz7+BdQrQICQygwJg
   Qgg2tkk28Zc/y9ajHTABYoz4U70mwtvolE9nPfJG/kxV4CAj5kMCYEIIQhZOMCG310Bfy
   o9t+yz8z/c3C9XnEyIACN1fGSJV+SAgI/+jAmBCBXtrgcr97BR/ldgoD5DaeSgiCQud/n
   QLarn+Ii+PoDjAICP/swJgQgDSQ5xCutZkAR8n2aVJioqXLlbBX3lr9b/LqF7QAptecCA
   kshMCYEIH8dA6UQFwFx4Ja4JQ9jooo6Y7fRuMFF7VaTGTdJ38g8AgJGWTAmBCA0qhqusv
   mdYzgmPyaJ7uU8qXqI4SiOb5GSBGbrGpchBAICSyEwJgQg8mziFZicz3gCcJQlsoElaw0
   rG7sRThxGTqHDlZz7UM0CAlGDMCYEIHO2yUhm3/iHidqqiSTiG7eiRgw6jvWYq50aILSw
   /SAUAgI00jAmBCDC6EVgfiSGyalDKi/IJqV758ux8eZRU+tQJhJONH8EyQICSyEwJgQg3



Snijders, et al.           Expires 7 June 2026                 [Page 20]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   0LTyNbgjGHuQBRdrRhNaIcxEmW6RpECZIrx6XI+ahcCAkMqMCYEIEMEM3X/ZDwYUNRHSl
   Io4IUVHmRafZoQam9bmpbhg57sAgI/LjAmBCAbuenguFontLUzo53mGjeTC6WL965Vhj4
   dM7e79HLxIwICNzYwJgQgGdK/YD8SLdHLTD8uZkW75SLOZ5TnypmwxS/nKHsrsWkCAk2F
   MCYEIAGrCRDxSWi+I+4JsRp43c4oDGVZLGb9ElKuKMM8KEykAgJMuDAmBCAhZgpSawt+o
   gpkFVFs3nkqA1rcuJgv/wd0sWE6sII2hAICNmkwJgQgWOnhiVcU3/eZ/rRKNQZZcOodt+
   f9+vT4iHozUuDSQEUCAky3MCYEIHkhy9yGqafB2PueCoTucb4rbeQTkSf0mIZ87Jwh1Oq
   LAgI8yjAmBCCAKzGm73IwY8qkZ0+PuSjqHpQSuQAmLTQ/kSF5nGXZlwICTYYwJgQgzsO3
   FlLCAo0NS0Sn5D30B9/OzXYCPUU8OQN4oAPJ0kYCAkDHMCYEIFrglpwf9ty+daYdpQ4HK
   lHcsoQDVtFbswXE8VkUZgE0AgI/LzAmBCBm50p62KeXnutNHrH7W2A64qPkOygS/bt/vM
   VnW5m9LAICTYUwJgQgBNjqEK50W5r4N8ZoDhCE4o+T1+Wt4jpNc7lK5mrbxqUCAkGSMCY
   EIBF0xJLV1E7obtFGYgnzIlt9TpHV8D923dRzRJNIQrxlAgJKVTAmBCArhWP57bsqvLfk
   cNVSDlbZMsaSpgchJA8MudTaFs052AICQZEwJgQg24oKFWlVfxVF/JG4AqlnxhtH6MVoZ
   bsQrEWirIn0t/4CAkGTMCYEIN/lj6dTPZ5CoHkB36AB5nYmGJWnp79ESeMJRDMojSDQAg
   I8yTAmBCCDDxAH68UiuM2M/8lwFNE1IgAD7iDj02ZVdfuuxpKpIAICRMEwJgQgLY8RJzD
   LqMd3b39duwPy9sGs7SNkuaIi1n6ypeo/7skCAkDGMCYEIP4vxPtViJ0bfMvG+zwOceLl
   NZiYuhssqcF9DfDdGDRtAgIvPTAmBCCp3Dh8bxDaR1RO0nULrVBRQtGNfkBtI1eDeio+r
   DtKQgICNzMwJgQgXfNe8W9TqCUNjiRgm2Qad0NqL9P0PApp2BfAq4uQrJgCAjmZMCYEIF
   iVADAOnlYoqnXQn5YsnYbvLc9xIbJ3ANOi5qR21a3yAgI9lzAmBCD5S2gwoQ93W3hgEH2
   UGsJ+zCW9iyqM4XXqB004ttnAYAICS+4wJgQg+AtLpyI/11sXB+wfyQOLKtFtbybh7WZH
   DjKwj/D/dnsCAkJfMCYEICXUfPECIBOTdi97KUK7rNBmbcSET0hDOKDFrsGM5nMqAgJD9
   jAmBCCwQ88xfgpyEyAQEDLHlK1dn9lo1WwnCDsb3oKQJv7EgAICPy4wJgQgqBdlKM+0SB
   inwuEWLGzQWxYGlFnNrXFl+jm5Zz3Nn6gCAj5hMCYEIFBgaunZerApwsFUAo1yR2lGvvA
   Xq9/9+ujZ8JjU0smcAgJD9jAmBCC4kogNf8/ixq2OMQmKnbnmZa9bYgXKTKyzQCxeTNIt
   4gICPmMwJgQgpHaEW/yBLT7Ov6voW42VvoULe1ElBodkhfKy2cLk+rYCAksjMCYEIJSot
   RDbW5tq7yj1fxgeWhv8zoBvgv/PI7qtG68Dsu1CAgI/LzAmBCD82iIe/5q4LEVwCCUxDC
   0KCvouOIWGBOUQ/p28B6ZwsAICOZkwJgQgbmMk0zGC2W2BWxsI5JrNMXlWeIqDxDTd6md
   T790OwZICAki8MCYEIBpl1R12qiQkIqyS0MJxEgmjPSQAwNLHa2/76OGBJxnaAgJIvTAm
   BCBboykRJ8LgZPDDH3XRrKAgD9y5f2X3Mh/oUWXuKdNKKQICSL0wJgQgGMaUl5lmiraPE
   n/Dy4LMDEC1y9ZKIuSiltY345kYqwcCAjgBMCYEIKMU8mSY3VaDe2OUSMqQljO9pBOOUf
   qHaZhXr/W9P16UAgI1njAmBCBIVFaif9OaLLsEyoozVHBuY4usCebsHsxoFdy9gVdOzwI
   CTLswJgQg4BPZtxSjMNlDAKNfywsKnRR0i1/eTamhuL+sIfHP8msCAki9MCYEIPemzsZd
   gSMJfoCw138KI29jhz4vyEy7TcV6pDQe67chAgI6ZzAmBCARX3LYNiDjUsn5gQe1AWNTF
   vXVJKpnRNMYEeA+zbsJkQICPy4wJgQgJQbTN6bSga5W+5i7BaT+RT4JjBlV+lCyuKTlW4
   o9S0cCAkWPMCYEIEmr1s3jwOenh9RoVPFXcNFQePCe8nbAERKrKyapWzSoAgI/LzAmBCA
   rVG5vjeRsa4RDnVpOekadVMVlhnAwwEBNN5fGvAMBAAICOM8wJgQgVjT0UBl6u2/LnVzM
   uegzxjlAtPDACnWdO2jQ2J3IpKgCAkseMCYEIIAR2VegdynTimpRoFXhwYecP46WgWsOh
   W1/5XszgfdGAgJIvjAmBCAn1brvvPX//9sM6SXrRCNDImNHrey0c7mU3xXQSW7FoAICPZ
   UwJgQgPQeqNYTxJ1pEfneXkPhvoMiSQUp2aV7NzuHLOFd4ebsCAj2WMCYEIMYgsgE7Emg
   F9wzxLpwXYMDiVKOMmxY3azev/8gGxi8tAgJDKTAmBCBBzmZ6wcIbV0VpyM6n0M/qRl6y
   nH6IfEYgfKTOA26z9gICTLowJgQguthNljocxUcIGMHnuvWYyL6tBsq/8R1ei/RsQKahT
   msCAkZZMCYEIC7Ks7X/jb+isMNyUpRQEOHcDpr8pDuXeY0aVzl4xesfAgI/LTAmBCA7RY
   HzFRNmJYdnwCVb0jU77cR9JQB8HqHCv6AiQ8SlogICP/kwJgQgnh9lnmv6KSL3ny2aWcN
   PQD9/fqRxydUKT4bepF11s8MCAjgCMCYEILJTBb/33UUkY6DOdinhSSqHG+hT8p2zMliq
   kwUu2rItAgJEwDAmBCAM4bqBDe1v4ZfffMuU7oj6kkkgtd0t+zXNgQufo12giwICS+8wJ
   gQgueoq/RQW14ZGgyW/VdGg2M5EzqoW7mvnUjQIOAFb77ACAkTCMCYEIAJvtz6Eb3dPpP
   k3q0mPOkP1VRBYa/GgY/rXYzfetrO2AgI+YjAmBCD2ys9+Gzi6tA3MDq2g2t9z+sdVngk
   KD4OdXl6NDg03/gICPmMwJgQg88ymxXKkq1NeKsg25UFsMhVcOO+mXqqRjrFClzIhEIQC
   AkDHMCYEIGaxs2DRUI7NvCzWyJxdQNC7isr+kHriD7SE/FXlqO64AgI8yzAmBCC8ORrVW



Snijders, et al.           Expires 7 June 2026                 [Page 21]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   K3G+jOQk8Uvpb0Wy8Hey/XvtBapYuAUIK9dGQICQ/QwJgQgbCh7NIxB0CYFuRXiZcGf/C
   a8rf+Qdf+QpgivLE8i/tsCAj8vMCYEIA8jsS5wh4WDmiBy8xz9nr5nD5MT99QcCeHqM9l
   4MnhrAgJJiTAmBCAnaKsbEE0G4GDicwfz9sDx9Cw1KER/vGIZOXGkDnH/egICQMcwJgQg
   3zZIcB7DIrxb4Q3zevgFjmRArwPceMi6e8yWUrQHn20CAkP2MCYEIInswVJqKRddPe8Y9
   iSGQyBxK/Lf0rwURctIu/CGyJOpAgJSTjAmBCDdy6WhOSuoYZDNh59NfTbkauSm1uyS5c
   /XvkBfkxGn4wICPZYwJgQgWlPx0zYnwBShJxszztasKd49A3Il8cfqqT5FQZMWf38CAkm
   KMCYEIJjq08N/JX5NFFVdJmgvxmG5Q66KMm0QF1Vhn1lCuCx6AgJAxjAmBCDwQM8JvwPQ
   vlCyw6WqA4DtUgzfAsSvQt+tPtt8wRC/QQICO/8wJgQgzjsw75K1vrKh7uEEljRyJlJr8
   a90QvkWSjLRg2vhmwYCAkvvMCYEIEnuAEb1foxUnpWzZ23HqOPcN1MIcTfOj3PSCdmBAd
   csAgJMuTAmBCB3C/cPEYA8tW9GmQYIpPWax5EKc/Zz9XNhpQlweQWZ3QICPZUwJgQg9AV
   QrKWCVHGE7GZ67jE10Yf7AoS9qzv/uAUeBWg1OnMCAkMoMCYEIBVAH0wPkeI3wXvFQRob
   zp0qLKUnEc1aZ3Fh5j5kpfpJAgI/LjAmBCCnmKBkVlqYi1JCGsiIJePpEu+sqlhhrog/D
   ma/2XqqgAICSyEwJgQgI2gf7h21qgaeC71D72B9VskQSmc1jnw6JDY7JRwfT/ACAkDGMC
   YEIGthUkNF8cObA7zJlGekoWfamGu9lOGXSDBQctwHZOc/AgI/LzAmBCCEMVbli7ike1Z
   2yRlUBqPw/8wd/TkC6TTqR0owbRjOMQICR/MwJgQg1ZOPRJhUzEFXtCV/arZnp4uGqHNW
   H6JFNQ8UhoswbngCAkDEMCYEIOndmi/+jQ2++O5gRTEjjLBszmVi7pBCMCMrUs2wB8f+A
   gI+XzAmBCD8dQm7VCK52xokiFkgJRJL3/U7JceOQ21vu8FBB1r1wgICRlgwJgQgSO6a2V
   qH4vXsgXkD13LGCOjwAhSTYjUlrUBXOWUWmWgCAkJfMCYEIKBLFgUB3lJ5T6yZBCk7dom
   M3OW4XKJZh02GUJCm4SF6AgJRgTAmBCA2exdb0uH32yIPWFxwogpaERMkC4vj0sxmEgUw
   EIPrLgICQl4wJgQgX0xFcorirB+SK2SUXyYPLhoPSYXzLWE5o8wVHVbhB2UCAjszMCYEI
   FRTaqDdkVZcVHBW4TGgQtpTtCd8DIBUyDRW9np6M7euAgI/LjAmBCCRSk4M59k8rhUqcP
   PA6f2lVS8qhaRAb2NbFCN2M/uHWQICR/IwJgQgGJJ8cBg0iNM6/QdQILsMbTquhxF5arP
   6ZgwYEwfk8+0CAj2XMCYEINYrOXjqnB8EQn0d1IQ1Ipn0gZjo6krGh2EYOwn7Hen5AgJE
   wDAmBCAyXckAVX2/Dz57+iJFs5Icf8eUMT9I0b2MWDG0gRKDXQICP/swJgQgSVgbBx/4X
   T/2hPogXV8MPA5dwA1m0q2gGZzVKH68P8wCAj/7MCYEIClfwSrqY4RnPniQdrNMzH7AKe
   JMVbNPxkWPi/qE363dAgJJizAmBCA544gg0rS9GU4gG4p2wr6FfwtrUVufS+/9rIHvili
   ncgICSYswJgQg9FRuesNlpRek7jXdLVVYunwcRLb9doA62yyEbvNTXX0CAjQHMCYEIMAA
   faQwhdKlsWFz9RzvTQh2/ESGaQF0Q0tjMih31NddAgJH8zAmBCCl9P1vxLv+VIxDI6Eam
   imf/5BR8AcmvOF+bxuP4vRGfAICRMEwJgQgfoaXT2mGxLY/Ob3Tl0wIHCNGZdvOSlssAE
   Nv4R3BvZ0CAkMqMCYEIHlof9g+o9SUgSAGQ2EtVXbtDACiqScJ/IhNan2KRnNHAgJHJDA
   mBCCXjPliITDIuhUM3ZqrAvNX2E+vEmZ031YvQJqDjSrsvQICQMcwJgQgm+0Vx416esms
   pxxKD4c0S2McWdLqmz4xnypt90x45lgCAk5TMCYEIJ0KCRIm35/pVY17REipoIi0K/goM
   XhM5mmjtHmtuT1+AgJDKjAmBCD7lJmSu9YsXcxIy+1gmUYxuwc5vc/NpYgq2g8lTDBqng
   ICRY8wJgQgZG9TqRGWnuQ1qfcE2lUUDJNXhgbduDiQTqd4e1AlXEUCAkGTMCYEIAqqVPh
   0do6/dmHHOZhhdJ2KnqA1E0oVgZmZ3/OkjOOLAgI7/TAmBCAmxQMBjHFMHHgokuF59mNZ
   oFbl41DV0qi3rh3EoqjdXAICPZYwJgQg8yXQ6vY/KdrQEO7xs26S7isiDtGQC3k9JgmPK
   12G6loCAkJcMCYEIJHMC6//KuoppKAHO8sXbBYxDl6Bn/cUuhP4GpvvZ13ZAgJDKjAmBC
   BXdOTQ4Uc3ihk2XzeThCv0eSO5hicUQ98pTfRCq6xXqQICR/EwJgQgUPJfy+Xq7rkjwCv
   JK6ru2yRxNtywwwIy65JfYLR/j84CAj/6MCYEIASsv2w0ToqnMDJKL/Va1RrOuLK5/6ll
   4k21fZoiiPlCAgJP6zAmBCDT0n+sCMW4PhdcQiYu0y678KjlDjkeVBMJaUlEfL2IcgICO
   mUwJgQgU3HEjdkO7XLMG2bmuU+eroMdsUD7IJjVd/mWXKlHUmECAkpVMCYEIExE8Vi+T+
   3Zxh9wwI3mqUl5kpO/7kPViONQmv/2fVPdAgI1nTAmBCB6NS2c7hHgUfF6zYWLTVbDnAU
   ztPpmELB/6PcknrQRvgICQMUwJgQgN5+qsgtkVs1DoznIHCRFGems4vF/8MXvELJ/JR3m
   fhwCAkfyMCYEINPEOBxHx1i8QTz8dTY7ztC3Ut1OkXS79v41vJ7rBfAdAgJPHjAmBCD5q
   pWCh+lIHiW3MPHq/5f6Z+dZ8TfTgEJ5MqhjR1NjJgICPy0wJgQgdqWrpRWM0Kmk7Cw5Dq
   6ClVRT+3T8tKPA2ZXLifuTn/QCAj/7MCYEIM9qgtaQC9RyRBu1WdM/XSUCtFfXqSFadcm
   q0dAryrUgAgI/+jAmBCAF3xizmbQIrHpSID3SzV/LB4UoYjdhEGOG+/TgP2ImDAICPZYw
   JgQgzAsIDe3o9/TCB5w1ftflaiDfO049Wmt9BTDJCOLu+GgCAkP2MCYEIHaOTcw7oC+2H



Snijders, et al.           Expires 7 June 2026                 [Page 22]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   k/NI6Eh1vsJRvo2RWD5sWURZ0F0qLwhAgJODzAmBCBsSfcTsZXq9EEtXAYrerJS9zDA39
   RxLDloOpbKrhBA9QICQl8wJgQgnNoobYKqzBglJ5Pw1mkBCQweT4iZyjzJPDuM/uG559g
   CAjjOMCYEIJ0p9rSsg2lYMUa8VFqVZplkqlEn9bvkAMVp5x18Y364AgI3NzAmBCBQd16c
   NsSwy30XuCtI3M9j6Q5bnZdqjHIUZozG+QzOcwICOKIwJgQgkmLBowUIE8wYO4P9bpeKc
   rlitxZWuS+w5Ln6KlRPbrYCAj5hMCYEIGMd6IiQEHcKfij2FrnKTvYkDhJ5g8uCFDdgA+
   Jr5yJ2AgI/+TAmBCCPcWuPpPKFAILCyrtvUj05K52MGVzQCLEXyQW0n2OCewICQl4wJgQ
   gu/1jZk6dg8MNt3UpFZmV0hg90+qKXeypSK4416AjbuACAj2WMCYEINCrhwbUxtD83LrE
   58NPGpjXsfoDInyjJKE6LbBCtJdZAgI4zzAmBCA6hMsuP177KE2buf1VcoN4fXuCh0yjS
   VAFRK7ytTUkNgICPMowJgQg9YxJU0NKjXXQoljQkOLY3ZqYMWiIikyKUu0hkhUa7KACAj
   mbMCYEIJ0NVZs9o7FnwHnygniUvAWYtJR1VMOiJJ1TYHLDOL+6AgI4AzAmBCDFekPZ2Qg
   ESuQ+xRhauGsTvTgsclIsoga/8HCms+TIggICP/owJgQg9iWTgRml1RJRE3u0q5Q6zl8C
   oKMooD+Q7oz1kdNf75gCAj/5MCYEIMs7/eck6d/VeSQzlyrroLOagyV2QLXxXENsFXqYH
   gJJAgI6ZjAmBCAkqjhrUQ+9qofaokuSF+Jz7LWAyBvUYSOn89qv7tuxdgICP3wwJgQg/C
   7mvz0TEDzSIVxau2non3Z5yE0RhXQAF1ThJj9p48kCAjXiMCYEIIaU/06NcQnr+eeraHr
   l3Bco5mTopnT7o0gai1Qiv369AgJESjAmBCBgqkUMpsRvQl9gldMoaRtHflNWW0YEMzmp
   g1GwRcObLQICQEkwJgQgC5JjhUueyDrBi1CX+6DYsmx3P1fgZWNgx8R0EiTPny0CAkWMM
   CYEINi6PvXaOO/wWCRyEmINw2gTnPqJKZeXpek+/RsVHbnzAgI3NTAmBCAJTdNkxQDuAl
   sgy3jH0YjDDyEzAqHN4se8ua9JNhhwFAICPmEwJgQgke6G46FoYOQ06Gv5Wno621xoLZt
   3enSh9VwB599H/bgCAkTC

B.2.  Example ErikPartition

   This object was retrieved from http://miso.sobornost.net/.well-
   known/ni/sha-256/_i_E-1WInRt8y8b7PA5x4uU1mJi6GyypwX0N8N0YNG0.

   MIIvOQYLKoZIhvcNAQkQATiggi8oMIIvJBgPMjAyNTEyMDQxNTAyMDhaMAsGCWCGSAFlA
   wQCATCCLwIwgckEIAAuJaN8fwRVh+BM2iQU8zwmQ0o+2bRk7aThmHrNmZYSAgIHzgQUf/
   yCWF32m3yUsWphky/8i24zUVYCAhM0GA8yMDI1MTIwNDEzMDIyOVowdjB0BggrBgEFBQc
   wC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvNTMxZDJiLWUxNzAt
   NDlhNS04NDA0LTkyZjczZjU2ZmM2Mi8xL2ZfeUNXRjMybTN5VXNXcGhreV84aTI0elVWW
   S5tZnQwgckEIARfyrvCkwvGfG5+Bnlv9ZPVC+mpSDNaOoEeLrEKI8jSAgIIpQQUfz4LJ7
   jk15j5K53hV/HaWkPNSeUCAhGZGA8yMDI1MTIwNDExMDA0MVowdjB0BggrBgEFBQcwC4Z
   ocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWYvYTBjOWFjLTNhNDctNGQ2
   Yy1hYTE1LWE0MmVjODc3NmZiYi8xL2Z6NExKN2prMTVqNUs1M2hWX0hhV2tQTlNlVS5tZ
   nQwgckEIASOuTJhwS/R5SCAryuRoUMtud9WKyjk8QuPAwfUp+4nAgIHzgQUf9GKakmRDM
   Mx3JERSuWbcYXV8w0CAhddGA8yMDI1MTIwNDEzMDAyOFowdjB0BggrBgEFBQcwC4ZocnB
   raS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmEvMDk0N2YyLTIyY2EtNDdjYi04
   OWFkLTNlNTBhNWYwMTk5OC8xL2Y5R0tha21SRE1NeDNKRVJTdVdiY1lYVjh3MC5tZnQwg
   ckEIAn+REFBkuOombiOjqMzWBPv1ZOv4G9Es10+CrKkEhFvAgIHzgQUf5tM/cmw2ePDHg
   67gebxscu9yeQCAg08GA8yMDI1MTIwNDExMDA0MFowdjB0BggrBgEFBQcwC4ZocnBraS5
   yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWIvODI0NmViLTg0NjktNDJkZi1hMDhm
   LTkwYzQyMWY1NWFkYi8xL2Y1dE1fY213MmVQREhnNjdnZWJ4c2N1OXllUS5tZnQwgckEI
   BPL0xOSi2ax+UmPYqJpAp7fbvj7+q5bP13SDWtbiC2GAgIIXwQUf1byiUjIMvLUNLtE1d
   4OoSJgGwUCAhddGA8yMDI1MTIwNDEzMDEzOFowdjB0BggrBgEFBQcwC4ZocnBraS5yaXB
   lLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2EvMjFmYmNhLTgwZTAtNGI4Yy04NjIyLTRl
   ODZhZDY0Zjc3NC8xL2YxYnlpVWpJTXZMVU5MdEUxZDRPb1NKZ0d3VS5tZnQwgckEIBi5m
   euqRnbENZo8+6a+7cuE8rM0N+CC1RKoU/3F3I0YAgIHzgQUf9YuQsCOFgHEVx4NiKNJoF
   Cd6l4CAhLkGA8yMDI1MTIwNDA5MDA0N1owdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5



Snijders, et al.           Expires 7 June 2026                 [Page 23]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvYjkzNGVlLWM0YmEtNDM5MS04MGIwLWU3NWE1
   ZWE4OWZkMS8xL2Y5WXVRc0NPRmdIRVZ4NE5pS05Kb0ZDZDZsNC5tZnQwgckEICFoZHl/u
   Qsrstxg5jVsF0o66a2URqYEMxsstCBR6ayzAgIHzgQUf5LfdhDwSPQ79EwzbUHGwRV+8O
   ICAhbvGA8yMDI1MTIwNDA4MDA1N1owdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9
   yZXBvc2l0b3J5L0RFRkFVTFQvMTcvNThiZTE4LTJmMzUtNGM2YS1hYTZhLTdmNzJmNDRi
   ODk4Mi8xL2Y1TGZkaER3U1BRNzlFd3piVUhHd1JWLThPSS5tZnQwgckEICJ/nn7xrOg89
   rSC9x8XbrMpnzbgswNkXhjpyNpNg7xcAgIHzgQUf6gWozONMnQc1P/49J3bLMg4/cUCAg
   TNGA8yMDI1MTIwNDE0MDA0OFowdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXB
   vc2l0b3J5L0RFRkFVTFQvNTMvYTQ1MjhhLTkwZTYtNGQ5MS1hNTJjLWYwNzE3ZWE0ODVj
   Ni8xL2Y2Z1dvek9OTW5RYzFQXzQ5SjNiTE1nNF9jVS5tZnQwgckEICQswPX3MVLYQZFbS
   l9SvftV8NECr6wRKoRko58Wx6ApAgIHhAQUfwdXwzGYHgQrdHE3NSfQ9koTVrQCAhMAGA
   8yMDI1MTIwNDEzMDAxNFowdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l
   0b3J5L0RFRkFVTFQvNzgvNGY5NmY5LTU2OWYtNDMzYy1iOWE4LTZhMjYxMmQ0MGY1MC8x
   L2Z3ZFh3ekdZSGdRcmRIRTNOU2ZROWtvVFZyUS5tZnQwgckEICYTBJJUQ+3w2gdXgi1HA
   Jjk2s9bQz5PRmBs7DERRx6QAgIHzgQUf1Eig3R0LfVEqpMFjFo709FkIZkCAg7NGA8yMD
   I1MTIwNDE0MDAzNlowdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J
   5L0RFRkFVTFQvMGEvOTM4NWFhLTFiNzktNGEwMi1hMDkyLTAxZWIwMzY4NGYwOS8xL2Yx
   RWlnM1IwTGZWRXFwTUZqRm83MDlGa0laay5tZnQwgckEIC/IQ9FAvMaiWcF/A1bZhKB/K
   fg74+e/3Zie2YQJWF6TAgIIGAQUf/G4HP5quxGOl+AyW2Yur5hPL2oCAg3IGA8yMDI1MT
   IwNDA5MDAzMFowdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0R
   FRkFVTFQvNzUvMTg2YTE4LTVkN2YtNDNlZC1iMDZhLWNlYTdlYjM1MDUzNy8xL2ZfRzRI
   UDVxdXhHT2wtQXlXMll1cjVoUEwyby5tZnQwgckEIDklLMNoL6OCi5h03aH7ugigQwxCL
   LSnJc4vCdXALsLKAgIIGAQUfwOh+MM0/b9LeN7wxZL/BJDd9LACAhcUGA8yMDI1MTIwND
   A5MDEwN1owdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkF
   VTFQvNjYvM2ZlMWEwLWM2ZmQtNGJjNC1hYWUxLTllZTAwNjk0MmI0Yi8xL2Z3T2gtTU0w
   X2I5TGVON3d4WkxfQkpEZDlMQS5tZnQwgckEID+yS/tG0LHqjZhYiFes2AulvPEr2jvxX
   6JafPugnT66AgIIpQQUf1FerQle7ZrEyrxatK0LWGfZ8BsCAhdyGA8yMDI1MTIwNDE1MD
   E1M1owdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQ
   vYTcvNWMyYTU5LTYwMjUtNDAwZS1hYjI4LWYwYTYyNGQ0MDkxMi8xL2YxRmVyUWxlN1py
   RXlyeGF0SzBMV0dmWjhCcy5tZnQwgckEIEAJIGXKzi5KGpg9za9IYPb9rNuRdp0Xq0hpf
   jWdkseGAgIHhAQUfxTOgQO3hfNQS8SzLx9Mm3DOP38CAhAZGA8yMDI1MTIwNDEzMDIwN1
   owdjB0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjY
   vZjY5ZGJlLWUwNzUtNDQzOC1iNTNiLWY2MTYwZmExZmIwMi8xL2Z4VE9nUU8zaGZOUVM4
   U3pMeDlNbTNET1AzOC5tZnQwgckEIEJDHaQBqaPqUOmcWhoXHmh3rsqoX7YJvabsaFaGJ
   6rIAgIHzgQUf0OdlCQm/Gc7J5zJirNf29fql/UCAhL0GA8yMDI1MTIwNDA4MDAwOVowdj
   B0BggrBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmEvNjl
   hMDlmLTU4MDktNDY1Ni1iMzU1LTE0NmYyNTRhYzEzMS8xL2YwT2RsQ1FtX0djN0o1ekpp
   ck5mMjlmcWxfVS5tZnQwgckEIEhlydQkfZ5hlO8WFKMoq4jVWC1ibENRvls7Mk/LDNRdA
   gIHhAQUf3NriKAkBNQwS92tX/VQSmgz57cCAhdZGA8yMDI1MTIwNDEzMDAyNFowdjB0Bg
   grBgEFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkvMGYyNWN
   lLWI5NzctNDg1My05ZWMzLTllNTZjYjU0ZmVmNy8xL2YzTnJpS0FrQk5Rd1M5MnRYX1ZR
   U21nejU3Yy5tZnQwgckEIEkvZOd3R7XuMXNDeK0KvwD0xuGRuIn68D+LMvUdExSrAgIHz
   gQUf/F65Ue58mQeYFd/5VPdtvdJoIcCAgSbGA8yMDI1MTIwNDExMDAyNFowdjB0BggrBg
   EFBQcwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTUvMWJjMGY5LWJ
   kN2MtNGY3YS1hNDA0LWE0M2ZmMjVkNDQ3ZC8xL2ZfRjY1VWU1OG1RZVlGZF81VlBkdHZk
   Sm9JYy5tZnQwgckEIElWmkxQ5zDn9kEarEVcGzsErwGm3tzMoTxHPecasDNTAgIHzgQUf
   xiK2rW1UggeysghybCQOUhzsxUCAhHMGA8yMDI1MTIwNDEwMDAxOVowdjB0BggrBgEFBQ
   cwC4ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTAvYTY1NTIyLWY3YzU



Snijders, et al.           Expires 7 June 2026                 [Page 24]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   tNDg3Yi1iN2I4LTJlNDYxNDE0MWFhNC8xL2Z4aUsyclcxVWdnZXlzZ2h5YkNRT1VoenN4
   VS5tZnQwgckEIEtpn6WHoN8NxcWAH8mINTC00JjclA2iob0AXGaoyitsAgIHzgQUf4Xpk
   DVDl+NsDKkDoMYgx3Ce/c0CAgOLGA8yMDI1MTIwNDE1MDA1MVowdjB0BggrBgEFBQcwC4
   ZocnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUvNGFlMTc1LTU1ZDAtNDg
   0ZC04ZDExLThjOWQ1ODIzYmFkOS8xL2Y0WHBrRFZEbC1Oc0RLa0RvTVlneDNDZV9jMC5t
   ZnQwgcgEIEw7N0lIjFqhAU+x7UhDiLTztgGCkJjcM1aExmZ+/IVEAgIHgwQUfzdyg9fCN
   ak9x70rgxeydI8oX/cCAU4YDzIwMjUxMjA0MTQwMDQ4WjB2MHQGCCsGAQUFBzALhmhycG
   tpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8wZmFkZmMtZjQ5Yi00M2U4LWI
   2MjEtODMxZTI5NDRmOGZhLzEvZnpkeWc5ZkNOYWs5eDcwcmd4ZXlkSThvWF9jLm1mdDCB
   yQQgTdA6hGjvJpvIMPMWoYa7GkUWCpYRzqgfLiUxTPHP/0oCAgfOBBR/WLwIZBL00sVPo
   HAtks4lSWzkeQICFNUYDzIwMjUxMjA0MDkwMDQ5WjB2MHQGCCsGAQUFBzALhmhycGtpLn
   JpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy81MzA5MzMtNTkxNS00ZmYyLWIxZjk
   tNTAxMGQwNWY5OWE4LzEvZjFpOENHUVM5TkxGVDZCd0xaTE9KVWxzNUhrLm1mdDCByQQg
   U2ajfTLVQztCItG4YsnY6d/RR7JsEdVY0XXJdMVsMTcCAgeEBBR/mRjKtvHzXvG15YPLK
   Dnpt0ixWAICFDEYDzIwMjUxMjA0MTMwMDM3WjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcG
   UubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kZjgyZmEtMTE4ZC00MjE5LWJhMTYtMWE
   5NjgzYzlkNmNiLzEvZjVrWXlyYng4MTd4dGVXRHl5ZzU2YmRJc1ZnLm1mdDCByQQgU3Q3
   3ZpCBQ9QzulCZ/QmDp2KvNQyeNnef/nECRuq+awCAghgBBR/K6ht94eIj2+FkqgGpv/qM
   EbAegICF2AYDzIwMjUxMjA0MDgwMDQyWjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubm
   V0L3JlcG9zaXRvcnkvREVGQVVMVC82MC81ZTY3ODYtNjM3Ny00MjI0LWJhMDYtZGM0NzY
   5ZWZmMWY1LzEvZnl1b2JmZUhpSTl2aFpLb0JxYl82akJHd0hvLm1mdDCByQQgVnzJtl+K
   o+oJONvoZGMHz3kRyeB9lRMKBAQ6qxSKsiwCAgfOBBR/+wEVxKzd0bStxAc3gHJqz8Aa+
   QICDGYYDzIwMjUxMjA0MTUwMTUyWjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3
   JlcG9zaXRvcnkvREVGQVVMVC82MS81MjY4ZmMtY2ZlZS00YWE4LTk3YmYtY2JlMDIwNjY
   1ZWZlLzEvZl9zQkZjU3MzZEcwcmNRSE40Qnlhc19BR3ZrLm1mdDCByQQgY0ifWJ2GsfuX
   IMj9nN1WaHuqDVhN3K68pHV4NTZfuuECAggYBBR/4OdZNU6DzBkyA4EQneItoPGnAAICF
   2IYDzIwMjUxMjA0MTAwMDE1WjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3JlcG
   9zaXRvcnkvREVGQVVMVC80Yy8wYzcyNDMtMWZmYi00OWQyLWI1YzEtYjQwMmU4YTFkOTM
   0LzEvZi1EbldUVk9nOHdaTWdPQkVKM2lMYUR4cHdBLm1mdDCByQQgd2zljs3nkCt8UVyi
   os6rkkzEKWDoYADAKt6+BKg2+8YCAgeEBBR/SuV+5uCpxRAfwUqHpTNBULurRgICBqsYD
   zIwMjUxMjA0MDgwMDU1WjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3JlcG9zaX
   RvcnkvREVGQVVMVC8yYi8xMWZhNDQtODg3OS00ZDE5LWI0NjgtNWI1ZDk4ZjUzNjFlLzE
   vZjBybGZ1YmdxY1VRSDhGS2g2VXpRVkM3cTBZLm1mdDCByQQgeUGGVlrsbtS7J84seSOi
   9pC1lVUD47HrY5uru1+ZobYCAgfOBBR/dzTf6hIGV0EuqGfdvHuE0TK/eAICEAoYDzIwM
   jUxMjA0MTMwMTQwWjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3JlcG9zaXRvcn
   kvREVGQVVMVC83ZS82ODAzMjQtZWUxZi00MGYyLTg4ZGYtMTk2OTMxOTYyZDNjLzEvZjN
   jMDMtb1NCbGRCTHFobjNieDdoTkV5djNnLm1mdDCByQQgi+WJ0QBPQdU2YnA1Zw3In5jt
   9/YyT1/HgWXUL0pQSBACAgfOBBR/7j84IHPyw+T8z/yjhMWwzYJsJgICAy0YDzIwMjUxM
   jA0MTEwMDI2WjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvRE
   VGQVVMVC9hNy84Y2NlYmYtZjlmYS00YzQ2LWFlZTgtY2NiZmE3MzQyNGE3LzEvZi00X09
   DQno4c1BrX01fOG80VEZzTTJDYkNZLm1mdDCByQQgkcSCxNhKVQ6BvKI16mfKJFlL9l0D
   IlQSi4IMrUzpygQCAgfOBBR/MSsJ0faQ8lcAvV3PB8kYDF6WYwICAIUYDzIwMjUxMjA0M
   TEwMDEyWjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQV
   VMVC9iYy8yOWRhYzktOWExNS00NjYxLWFmNzgtMTUyMmUyOTY0ZmNlLzEvZnpFckNkSDJ
   rUEpYQUwxZHp3ZkpHQXhlbG1NLm1mdDCByQQgltZvAuRIJ/xDUXp93kNCzDxYLudEfOCq
   acXiUGBBwJICAgfOBBR/KjK6QhloDc3Vj2EB5ceuwVQKcwICF10YDzIwMjUxMjA0MTMwM
   TA4WjB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC
   81NS8xNDNlOWUtOTZlNi00NzRlLWFkMmMtMjJlNmRmNDU4NGFmLzEvZnlveXVrSVphQTN



Snijders, et al.           Expires 7 June 2026                 [Page 25]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   OMVk5aEFlWEhyc0ZVQ25NLm1mdDCByQQgmtm8K2eMiRRnahwOexCQWF1Pbn/kfh7yuFFX
   PQ1sNzkCAgfOBBR/NdWuQX9F7oUF12zqobNMRYOUoAICEDcYDzIwMjUxMjA0MTMwMTQwW
   jB2MHQGCCsGAQUFBzALhmhycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi
   9jNTQ2N2ItMzk2Mi00Yjc0LWFlMGQtMzQ0NzNiYzkxZDgwLzEvZnpYVnJrRl9SZTZGQmR
   kczZxR3pURVdEbEtBLm1mdDCByAQgnH4HVrP8PwRGFCkScCL5br/0bjjEzQr9e0AzckDu
   dkoCAgfNBBR/tQ59O3/SiUz7cOSUYIsyDMIVwQIBcRgPMjAyNTEyMDQxMTAwMjdaMHYwd
   AYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk2L2E5MT
   hjYi0yMDQ0LTRmMWMtOTcwMC05MzYwMWEzNGY2MmYvMS9mN1VPZlR0XzBvbE0tM0RrbEd
   DTE1nekNGY0UubWZ0MIHJBCCeJ6QFC5ZmQ3/7vRs/OWVTILJZf36LiIafxWbxA6hJQQIC
   B84EFH8dWNYt3X5HryGW/XVLs/8meYkqAgIXWhgPMjAyNTEyMDQxMzAwMjdaMHYwdAYIK
   wYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ2LzI5MGE2MC
   03OTJmLTQ0NzUtYTlmNC1lM2I5ZTBiYWU2YWIvMS9meDFZMWkzZGZrZXZJWmI5ZFV1el9
   5WjVpU28ubWZ0MIHJBCClvw/fQEKWORP7i2VDQTPvks4urdw7SYu+gMiCAhRU9AICB4QE
   FH+LIYNYmDp9eiU4qdqbofNJTXGrAgIBghgPMjAyNTEyMDQxMDAxMDNaMHYwdAYIKwYBB
   QUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q5Lzc2Y2QwMy1lYW
   EyLTQ5NjUtOTRlZi05OGRiYjY0MDJjZGQvMS9mNHNoZzFpWU9uMTZKVGlwMnB1aDgwbE5
   jYXMubWZ0MIHJBCCmWr1WUFj93xFgtJksPmNi/3mZFCpyG8Ol93vskWc2IgICB4QEFH8X
   tvkyOZ1YUJPRhzOU6/4bKfmMAgIO3RgPMjAyNTEyMDQxMDAwNDZaMHYwdAYIKwYBBQUHM
   AuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMxL2NjMDIwMC1iYjJjLT
   Q1ZjYtYWM3NS04Mjc1NzdkZjhlZGMvMS9meGUyLVRJNW5WaFFrOUdITTVUcl9oc3AtWXc
   ubWZ0MIHJBCCv+kiA2AMtfiPp5MDsM9paEAw7fvlOjVRQZTYXLFDE+gICB84EFH9NWRwj
   rSxpR31/eh1M6OvO6VlsAgIFthgPMjAyNTEyMDQxMTAwMzhaMHYwdAYIKwYBBQUHMAuGa
   HJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNlLzBkNjdhMi1iYzM2LTRiOT
   MtYjYwNC1kNGY1YzkyZDkwOTUvMS9mMDFaSENPdExHbEhmWDk2SFV6bzY4N3BXV3cubWZ
   0MIHJBCCzpImTAdJ2HceoQv8KjfS6oCbuIsMTQHSsGnoDGtF9DwICB84EFH9Wid5KfOdo
   vzq12fhUboVsyxk2AgIXXBgPMjAyNTEyMDQwOTAxMTJaMHYwdAYIKwYBBQUHMAuGaHJwa
   2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc3LzY0ZDUwNS0yMjA0LTRkY2EtYT
   k1ZS04YjUzNzI1ODRhY2QvMS9mMWFKM2twODUyaV9PclhaLUZSdWhXekxHVFkubWZ0MIH
   JBCC2u0zcRDg/uLDop0zKZHTp3gieFrxul3EA+/D3OsWY8AICB84EFH8Xj69kAeLzcW4x
   dkVp33Md9Y8iAgIR0BgPMjAyNTEyMDQxNTAyMDhaMHYwdAYIKwYBBQUHMAuGaHJwa2kuc
   mlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY2LzFiNzk2OC1jYTRkLTQ1ZjQtYjY3MS
   0yZTdmNzg0ODljZDMvMS9meGVQcjJRQjR2TnhiakYyUlduZmN4MzFqeUkubWZ0MIHJBCC
   4mKVCEz8nRv88uU7VdtvjP8PHaRPxyN1lc8HZUFxAIQICB84EFH9qjl1VwkmKgmNvmfj8
   njGeB3ceAgIQXRgPMjAyNTEyMDQwNzAwNDlaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZ
   S5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc0LzI3ZmNlMS0xMWNlLTRhMzItYTY0OS1lMD
   c2YjUxNzIxYWQvMS9mMnFPWFZYQ1NZcUNZMi1aLVB5ZU1aNEhkeDQubWZ0MIHJBCC+TTG
   9Y4u4V/ZR0lzDibQ0mXzOo57fCyjHc0NZC1Q4zAICB84EFH8RQWrjkp3ze/ZqRZzTrKY4
   kelGAgIXWBgPMjAyNTEyMDQwOTAwNDZaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZ
   XQvcmVwb3NpdG9yeS9ERUZBVUxULzJmLzZiMjJlOC0zZGNkLTQ0ZGQtOTUxNC02NzU2Zj
   diMGMwZGIvMS9meEZCYXVPU25mTjc5bXBGbk5Pc3BqaVI2VVkubWZ0MIHJBCC++Jit9K2
   F1/XjfaJTH6xPtMLHpiJaHX8llKtSsECDoAICB84EFH8dDjKYvtOn85+zskTtkYv2xNe/
   AgIVMhgPMjAyNTEyMDQwODAwMzFaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvc
   mVwb3NpdG9yeS9ERUZBVUxUL2Y3L2U2NTA2ZS03Njg1LTQ4ZTctYTU4My0yMWFmM2RlZT
   hlZTkvMS9meDBPTXBpLTA2ZnpuN095Uk8yUmlfYkUxNzgubWZ0MIHJBCC/O0jiSEwGtsd
   oyjEJLvSxofM64OqPL10SVvrDu4/QvgICB84EFH/j1jtKW0BLX/g8vysVJaMEd/ZcAgIE
   nhgPMjAyNTEyMDQxNTAxMDBaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb
   3NpdG9yeS9ERUZBVUxUL2Y2LzgxYTY3Mi1mZTk4LTRkM2YtOWI4My0yY2I3YTNiNmU0Mm
   YvMS9mLVBXTzBwYlFFdGYtRHlfS3hVbG93UjM5bHcubWZ0MIHJBCDDnlIkB2AHFnjoeuu



Snijders, et al.           Expires 7 June 2026                 [Page 26]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   RmURoPcEZp2HB7xpFjvD93UGOxAICB84EFH/3TavU6xqhFHFE4VsCZp6YL95NAgIHCBgP
   MjAyNTEyMDQxNDAwNDRaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3Npd
   G9yeS9ERUZBVUxULzdkLzBmYmJmNS1jODNkLTRiOTctOWNlYS0wNTVjNDlhYzY4MjgvMS
   9mX2ROcTlUckdxRVVjVVRoV3dKbW5wZ3YzazAubWZ0MIHJBCDIhBaSdTsKqyeZOGQU/75
   eJhg79XTzm3XVAWTd1ZQkOgICB84EFH8z/EDS4DM7vHveqyvYWZVDAcDxAgIGphgPMjAy
   NTEyMDQxNDAwMzNaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9ye
   S9ERUZBVUxUL2I0LzY1YmYxZC1lYzFkLTQwZTYtODQ5ZC03OTc5MGQ2NmQ3ZDMvMS9mel
   A4UU5MZ016dThlOTZySzloWmxVTUJ3UEUubWZ0MIHJBCDXLjn63163Ca3eKPJ4GN73t/v
   GOvBRQZNoR+QZ0npD4gICB84EFH8km5VEYgaD+Us4inVRpopkk+0SAgIDjBgPMjAyNTEy
   MDQxMDAwNDlaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ER
   UZBVUxULzhiLzdhYTA0ZS00ODA3LTQ5ODgtOTEwMy04NDIzOTdlMzA2NDMvMS9meVNibF
   VSaUJvUDVTemlLZFZHbWltU1Q3UkkubWZ0MIHJBCDXa3ekyz4n1eIin/xnA8d0la2km47
   PIvC1ft6ktr7efwICB4QEFH9R3x306IZ+QeXn+S3n+dH6DBVNAgIMQhgPMjAyNTEyMDQx
   NTAxNDdaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBV
   UxUL2ZhLzVlNzMxZi01MjhiLTRlMDItYWQ2OC02ZDkwMzVhZjE1MzUvMS9mMUhmSGZUb2
   huNUI1ZWY1TGVmNTBmb01GVTAubWZ0MIHJBCDa9IYTxSSV2A0NrBtCs+pEMNVvdBr82u0
   ZR5Uq5MY0VgICCBgEFH8WgCjsDatmimfVv29TWMqr4zeoAgILyxgPMjAyNTEyMDQwOTAw
   NTZaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL
   2NjL2IxNTI4Ni1mZDRkLTQ5ZmUtYTY5ZS03ZmFkZjUwYTJlMzcvMS9meGFBS093TnEyYU
   taOVdfYjFOWXlxdmpONmcubWZ0MIHJBCDcnDayEa5hgjfhBtjmq2nvGXYR1i3/QESlKZg
   Ei3hK9AICB84EFH/JVqUrc1BKTx/zRUcZkpen9d6dAgILEBgPMjAyNTEyMDQxNDAxMDFa
   MHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FhL
   zcxYWI2OS02OTY1LTRiNzAtOTY4ZC1iYjU3YTRlZjcxNTMvMS9mOGxXcFN0elVFcFBIX0
   5GUnhtU2w2ZjEzcDAubWZ0MIHJBCDc/EzRgTf4Q9/QnJb4beTDyzGlMtLVUHCz5Og5/zR
   kyQICCF8EFH9QB30t2KZ6Gui2q9a7s0iQKKW7AgIXYxgPMjAyNTEyMDQxMDAwNDlaMHYw
   dAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVjL2MxY
   zFjZS1lYTU5LTRkY2YtYmNjYy0zZTdjYWRkODhjNzAvMS9mMUFIZlMzWXBub2E2TGFyMX
   J1elNKQW9wYnMubWZ0MIHJBCDe6iYEgYQQo9TRkKLeQE9J5KtPmTlAiqB67zx/5MO/DgI
   CB84EFH+0PeI3/QtqKHOJIwkh0losLtGoAgIW7hgPMjAyNTEyMDQxMTAwNTVaMHYwdAYI
   KwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA5L2Q0ZDEyY
   S1hYjRlLTRkYmEtOTVkZS1iYzYzNzEzMGRlNmUvMS9mN1E5NGpmOUMyb29jNGtqQ1NIU1
   dpd3UwYWcubWZ0MIHJBCDicOM2K/zhxfbkbS3nPiK8mgUzMZo7+gpnWqMgT84LJAICB4Q
   EFH8pZlevjQDCX9dfVuzIoos1FQV1AgIQkRgPMjAyNTEyMDQwNzAwMzhaMHYwdAYIKwYB
   BQUHMAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2QwL2U4MGIzMy0zY
   mVlLTQ2ZWMtYjM1ZC1iYWY5NWE1MDZkMTkvMS9meWxtVjYtTkFNSmYxMTlXN01paWl6VV
   ZCWFUubWZ0MIHJBCDtUhQI96etZFj7+yPFh9/sjVYzqGwv+WgIYGmaPanWRAICB4QEFH9
   +Xr1vpGnF43C/wQbE1KrR4duUAgIPxRgPMjAyNTEyMDQxNTAxMzdaMHYwdAYIKwYBBQUH
   MAuGaHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIzL2MzZThlZC01OTdhL
   TQ4NWEtOTRhMy05ODJjZmIzNTlhZWUvMS9mMzVldlcta2FjWGpjTF9CQnNUVXF0SGgyNV
   EubWZ0MIHJBCDthtT5Zt25vilW+Nm/NmioBji8LrE5W+jpL7p7g1nCGQICB84EFH9C0nw
   h2obH6fv0SuDlbJjz0vgLAgIO+hgPMjAyNTEyMDQxMzAxMTNaMHYwdAYIKwYBBQUHMAuG
   aHJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E5Lzk4YjAyNC05ZDhmLTQ4N
   jktYTJhOS0wYWZiN2MzZmJmMzAvMS9mMExTZkNIYWhzZnAtX1JLNE9Wc21QUFMtQXMubW
   Z0MIHJBCDup/9OUMMEskDq4ejhRGOl/NuOf352P0Vumb24WVg32wICCKUEFH/K2J3xv5m
   jbykMw+8PHntNAnUzAgIXOBgPMjAyNTEyMDQwODAwNThaMHYwdAYIKwYBBQUHMAuGaHJw
   a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1LzlmOGIxNi0yODRmLTQ1MTItY
   jNkYy0wMTVkOWYxYjRiNTAvMS9mOHJZbmZHX21hTnZLUXpEN3c4ZWUwMENkVE0ubWZ0MI
   HJBCDxY2vdGydm1KSBwPAftN8mEtoSyEL0Q0RGBV1uVpX2SgICCo8EFH9r0aawRiXFcdg



Snijders, et al.           Expires 7 June 2026                 [Page 27]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   w+HixwCOCR0CMAgIGARgPMjAyNTEyMDQxNTAxNDBaMHYwdAYIKwYBBQUHMAuGaHJwa2ku
   cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ4L2JjNjZkNy01N2FiLTQ3NWQtOTZiY
   S04OWI2YzMyMzE1YzIvMS9mMnZScHJCR0pjVngyREQ0ZUxIQUk0SkhRSXcubWZ0MIHJBC
   D1SG9gKO19W3/LSTHfYvgigrWc8AI/2XMDL5sRP/Q2LgICB84EFH/mixIjS9cDQwG8lrE
   4quJ3hgo+AgIFyBgPMjAyNTEyMDQxMjAwMjBaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlw
   ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhiLzRhMTExMS04ZjNjLTRlZGYtYjc3Yy0yZ
   mEyNjMxYmMzMWMvMS9mLWFMRWlOTDF3TkRBYnlXc1RpcTRuZUdDajQubWZ0MIHJBCD1oD
   abbCroFrO3IcIz0FpMLzFnoyyAFoppbxl/VwXyUwICB84EFH/v69FfvGUUh6yvZ0JPR4P
   UPrQgAgIXWBgPMjAyNTEyMDQxMjAwMTlaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5u
   ZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlhLzI2ZWY2My1iNzJmLTRiM2MtOGRmYy0yYmM4N
   DUxOTIyN2EvMS9mLV9yMFYtOFpSU0hySzluUWs5SGc5US10Q0EubWZ0MIHJBCD6zXkqe+
   S/j+pkybBCNfNcQk+OqU0Ppvg0LCsfes02zgICB84EFH8+CHSJ7iOpQk1T+sIW7kuOASg
   OAgIW7xgPMjAyNTEyMDQwODAxMDZaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQv
   cmVwb3NpdG9yeS9ERUZBVUxUL2M2L2MyYzk5ZC1jZjkxLTRkZmItOTRkZS1hN2M2M2Q1N
   jJlNTYvMS9mejRJZEludUk2bENUVlA2d2hidVM0NEJLQTQubWZ0MIHJBCD7cg8rfmItI9
   AKiqK+yXBusjLAUYvAQbN5kRdd7g/VFAICB84EFH8xNg/8Gv1fHaZtgUBORmNRLUlnAgI
   U5RgPMjAyNTEyMDQxMTAwNDJaMHYwdAYIKwYBBQUHMAuGaHJwa2kucmlwZS5uZXQvcmVw
   b3NpdG9yeS9ERUZBVUxULzJkL2ZlZjVkZC0zOGVlLTRiYzUtODJmZi01ODRkNzhhMjVmO
   GMvMS9mekUyRF93YV9WOGRwbTJCUUU1R1kxRXRTV2MubWZ0

Acknowledgements

   The authors wish to thank George Michaelson, Theo de Raadt, Bob Beck,
   Theo Buehler, and William McCall for the lovely conversations that
   led to this proposal.  The authors wish to thank Sean Turner and Russ
   Housley for their review of the ASN.1 notation.

   This protocol is named after Erik Bais, who passed away in 2024, as a
   small token of appreciation for his friendship.

Authors' Addresses

   Job Snijders
   BSD Software Development
   Amsterdam
   The Netherlands
   Email: job@bsd.nl
   URI:   https://www.bsd.nl/


   Tim Bruijnzeels
   RIPE NCC
   The Netherlands
   Email: tim@ripe.net







Snijders, et al.           Expires 7 June 2026                 [Page 28]

Internet-Draft   Erik Synchronization Protocol for RPKI    December 2025


   Tom Harrison
   APNIC
   Australia
   Email: tomh@apnic.net


   Wataru Ohgai
   JPNIC
   Japan
   Email: alt@nic.ad.jp









































Snijders, et al.           Expires 7 June 2026                 [Page 29]
