static X509ResourceCertificate createManifestEECertificate() {
   X509ResourceCertificateBuilder builder = new X509ResourceCertificateBuilder();
   builder
       .withCa(false)
       .withSubjectDN(ROOT_CERTIFICATE_NAME)
       .withIssuerDN(ROOT_CERTIFICATE_NAME)
       .withSerial(BigInteger.ONE);
   builder.withPublicKey(ROOT_KEY_PAIR.getPublic());
   builder.withSigningKeyPair(ROOT_KEY_PAIR);
   builder.withInheritedResourceTypes(EnumSet.allOf(IpResourceType.class));
   builder.withValidityPeriod(new ValidityPeriod(THIS_UPDATE_TIME, NEXT_UPDATE_TIME));
   return builder.build();
 }
  static X509ResourceCertificate getRootResourceCertificate() {
    X509ResourceCertificateBuilder builder = new X509ResourceCertificateBuilder();

    builder.withSubjectDN(ROOT_CERTIFICATE_NAME);
    builder.withIssuerDN(ROOT_CERTIFICATE_NAME);
    builder.withSerial(ROOT_SERIAL_NUMBER);
    builder.withValidityPeriod(VALIDITY_PERIOD);
    builder.withPublicKey(ROOT_KEY_PAIR.getPublic());
    builder.withCa(true);
    builder.withKeyUsage(KeyUsage.keyCertSign);
    builder.withAuthorityKeyIdentifier(true);
    builder.withSubjectKeyIdentifier(true);
    builder.withResources(ROOT_RESOURCE_SET);
    builder.withAuthorityKeyIdentifier(false);
    builder.withSigningKeyPair(ROOT_KEY_PAIR);

    X509CertificateInformationAccessDescriptor[] descriptors = {
      new X509CertificateInformationAccessDescriptor(
          X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY,
          ROOT_SIA_REPO_HTTP_LOCATION),
      new X509CertificateInformationAccessDescriptor(
          X509CertificateInformationAccessDescriptor.ID_AD_CA_REPOSITORY,
          ROOT_SIA_REPO_RSYNC_LOCATION),
      new X509CertificateInformationAccessDescriptor(
          X509CertificateInformationAccessDescriptor.ID_AD_RPKI_MANIFEST,
          ROOT_SIA_MANIFEST_RSYNC_LOCATION),
    };
    builder.withSubjectInformationAccess(descriptors);

    return builder.build();
  }