jsonext does not seem to include EE/crl/manifest expiry time

Open ties opened this issue 1 year ago • 1 comments

When looking at the chainValidity in the jsonext output it seems like manifest/crl expiry is not considered. It might be nice to include this information in the result so a user can see how long an object currently really is valid.

Very low priority.

// curl https://rpki-validator.ripe.net/jsonext 2>/dev/null | grep rpki.ripe.net | head -n 10 | tail -n 1 | sed -e's/,$//' | jq '.'
{
  "asn": "AS12479",
  "prefix": "1.178.248.0/21",
  "maxLength": 21,
  "source": [
    {
      "type": "roa",
      "uri": "rsync://rpki.ripe.net/repository/DEFAULT/a7/1a830a-f061-4cdc-bafb-a2fe9f015d71/1/lTI6zlhbGxM_MiAwrBp26vfY0BM.roa",
      "tal": "ripe",
      "validity": {
        "notBefore": "2024-01-23T10:07:11Z",
        "notAfter": "2025-07-01T00:00:00Z"
      },
      "chainValidity": {
        "notBefore": "2024-01-23T14:32:31Z",
        "notAfter": "2024-07-01T00:00:00Z"
      }
    }
  ]
}

Jan 24 '24 09:01 ties

The chain validity currently doesn’t consider the validity of the manifest’s EE cert.

The time when manifest’s and CRL’s next update time make it go stale should probably be a separate value.

Jan 24 '24 16:01 partim