5 files changed, 50 insertions, 51 deletions

diff --git a/doc/doc.RPKI.CA.Configuration.irdbd b/doc/doc.RPKI.CA.Configuration.irdbd
index 5e14115a..cf4098a1 100644
--- a/doc/doc.RPKI.CA.Configuration.irdbd
+++ b/doc/doc.RPKI.CA.Configuration.irdbd
@@ -1,4 +1,4 @@
-****** ![irdbd] section ******
+****** [irdbd] section ******
 
 irdbd's default configuration file is the system rpki.conf file. Start irdbd
 with -c filename to choose a different configuration file. All options are in
@@ -13,31 +13,31 @@ sql-database::
 
      MySQL database name for irdbd.
 
-     Default: ${myrpki::irdbd_sql_database}
+  sql-database = ${myrpki::irdbd_sql_database}
 
 sql-username::
 
      MySQL user name for irdbd.
 
-     Default: ${myrpki::irdbd_sql_username}
+  sql-username = ${myrpki::irdbd_sql_username}
 
 sql-password::
 
      MySQL password for irdbd.
 
-     Default: ${myrpki::irdbd_sql_password}
+  sql-password = ${myrpki::irdbd_sql_password}
 
 server-host::
 
      Host on which irdbd should listen for HTTP service requests.
 
-     Default: ${myrpki::irdbd_server_host}
+  server-host = ${myrpki::irdbd_server_host}
 
 server-port::
 
      Port on which irdbd should listen for HTTP service requests.
 
-     Default: ${myrpki::irdbd_server_port}
+  server-port = ${myrpki::irdbd_server_port}
 
 startup-message::
 
diff --git a/doc/doc.RPKI.CA.Configuration.pubd b/doc/doc.RPKI.CA.Configuration.pubd
index 74522c2f..de00e02a 100644
--- a/doc/doc.RPKI.CA.Configuration.pubd
+++ b/doc/doc.RPKI.CA.Configuration.pubd
@@ -1,4 +1,4 @@
-****** ![pubd] section ******
+****** [pubd] section ******
 
 pubd's default configuration file is the system rpki.conf file. Start pubd with
 -c filename to choose a different configuration file. All options are in the
@@ -8,19 +8,19 @@ sql-database::
 
      MySQL database name for pubd.
 
-     Default: ${myrpki::pubd_sql_database}
+  sql-database = ${myrpki::pubd_sql_database}
 
 sql-username::
 
      MySQL user name for pubd.
 
-     Default: ${myrpki::pubd_sql_username}
+  sql-username = ${myrpki::pubd_sql_username}
 
 sql-password::
 
      MySQL password for pubd.
 
-     Default: ${myrpki::pubd_sql_password}
+  sql-password = ${myrpki::pubd_sql_password}
 
 publication-base::
 
@@ -32,19 +32,19 @@ publication-base::
      the published objects so that relying parties can find and verify
      rpkid's published outputs.
 
-     Default: ${myrpki::publication_base_directory}
+  publication-base = ${myrpki::publication_base_directory}
 
 server-host::
 
      Host on which pubd should listen for HTTP service requests.
 
-     Default: ${myrpki::pubd_server_host}
+  server-host = ${myrpki::pubd_server_host}
 
 server-port::
 
      Port on which pubd should listen for HTTP service requests.
 
-     Default: ${myrpki::pubd_server_port}
+  server-port = ${myrpki::pubd_server_port}
 
 bpki-ta::
 
@@ -52,14 +52,14 @@ bpki-ta::
      certificate verification within pubd traces back to this trust
      anchor. Don't change this unless you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/ca.cer
+  bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer
 
 pubd-cert::
 
      Where pubd should look for its own BPKI EE certificate. Don't change
      this unless you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/pubd.cer
+  pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer
 
 pubd-key::
 
@@ -67,7 +67,7 @@ pubd-key::
      BPKI EE certificate. Don't change this unless you really know what
      you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/pubd.key
+  pubd-key = ${myrpki::bpki_servers_directory}/pubd.key
 
 irbe-cert::
 
@@ -75,4 +75,4 @@ irbe-cert::
      certificate. Don't change this unless you really know what you are
      doing.
 
-     Default: ${myrpki::bpki_servers_directory}/irbe.cer
+  irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer
diff --git a/doc/doc.RPKI.CA.Configuration.rootd b/doc/doc.RPKI.CA.Configuration.rootd
index e14aa474..87a2290c 100644
--- a/doc/doc.RPKI.CA.Configuration.rootd
+++ b/doc/doc.RPKI.CA.Configuration.rootd
@@ -1,4 +1,4 @@
-****** ![rootd] section ******
+****** [rootd] section ******
 
 You don't need to run rootd unless you're IANA, are certifying private address
 space, or are an RIR which refuses to accept IANA as the root of the public
@@ -28,28 +28,28 @@ bpki-ta::
      certificate verification within rootd traces back to this trust
      anchor. Don't change this unless you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/ca.cer
+  bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer
 
 rootd-bpki-crl::
 
      BPKI CRL. Don't change this unless you really know what you are
      doing.
 
-     Default: ${myrpki::bpki_servers_directory}/ca.crl
+  rootd-bpki-crl = ${myrpki::bpki_servers_directory}/ca.crl
 
 rootd-bpki-cert::
 
      rootd's own BPKI EE certificate. Don't change this unless you really
      know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/rootd.cer
+  rootd-bpki-cert = ${myrpki::bpki_servers_directory}/rootd.cer
 
 rootd-bpki-key::
 
      Private key corresponding to rootd's own BPKI EE certificate. Don't
      change this unless you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/rootd.key
+  rootd-bpki-key = ${myrpki::bpki_servers_directory}/rootd.key
 
 child-bpki-cert::
 
@@ -57,19 +57,19 @@ child-bpki-cert::
      to which rootd issues an RPKI certificate). Don't change this unless
      you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/child.cer
+  child-bpki-cert = ${myrpki::bpki_servers_directory}/child.cer
 
 server-host::
 
      Server host on which rootd should listen.
 
-     Default: ${myrpki::rootd_server_host}
+  server-host = ${myrpki::rootd_server_host}
 
 server-port::
 
      Server port on which rootd should listen.
 
-     Default: ${myrpki::rootd_server_port}
+  server-port = ${myrpki::rootd_server_port}
 
 rpki-root-dir::
 
@@ -77,71 +77,71 @@ rpki-root-dir::
      instead of publishing directly, but it doesn't. This needs to match
      pubd's configuration.
 
-     Default: ${myrpki::publication_base_directory}
+  rpki-root-dir = ${myrpki::publication_base_directory}
 
 rpki-base-uri::
 
      rsync URI corresponding to directory containing rootd's outputs.
 
-     Default: `rsync://${myrpki::publication_rsync_server}/${myrpki::publ
-     ication_rsync_module}/`
+  rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::
+  publication_rsync_module}/
 
 rpki-root-cert-uri::
 
      rsync URI for rootd's root (self-signed) RPKI certificate.
 
-     Default: `rsync://${myrpki::publication_rsync_server}/${myrpki::publ
-     ication_root_module}/root.cer`
+  rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki::
+  publication_root_module}/root.cer
 
 rpki-root-key::
 
      Private key corresponding to rootd's root RPKI certificate.
 
-     Default: ${myrpki::bpki_servers_directory}/root.key
+  rpki-root-key = ${myrpki::bpki_servers_directory}/root.key
 
 rpki-root-cert::
 
      Filename (as opposed to rsync URI) of rootd's root RPKI certificate.
 
-     Default: ${myrpki::publication_root_cert_directory}/root.cer
+  rpki-root-cert = ${myrpki::publication_root_cert_directory}/root.cer
 
 rpki-subject-pkcs10::
 
      Where rootd should stash a copy of the PKCS #10 request it gets from
      its one (and only) child
 
-     Default: ${myrpki::bpki_servers_directory}/rootd.subject.pkcs10
+  rpki-subject-pkcs10 = ${myrpki::bpki_servers_directory}/rootd.subject.pkcs10
 
 rpki-subject-lifetime::
 
      Lifetime of the one and only RPKI certificate rootd issues.
 
-     Default: 30d
+  rpki-subject-lifetime = 30d
 
 rpki-root-crl::
 
      Filename (relative to rootd-base-uri and rpki-root-dir) of the CRL
      for rootd's root RPKI certificate.
 
-     Default: root.crl
+  rpki-root-crl = root.crl
 
 rpki-root-manifest::
 
      Filename (relative to rootd-base-uri and rpki-root-dir) of the
      manifest for rootd's root RPKI certificate.
 
-     Default: root.mft
+  rpki-root-manifest = root.mft
 
 rpki-class-name::
 
      Up-down protocol class name for RPKI certificate rootd issues to its
      one (and only) child.
 
-     Default: ${myrpki::handle}
+  rpki-class-name = ${myrpki::handle}
 
 rpki-subject-cert::
 
      Filename (relative to rootd-base-uri and rpki-root-dir) of the one
      (and only) RPKI certificate rootd issues.
 
-     Default: ${myrpki::handle}.cer
+  rpki-subject-cert = ${myrpki::handle}.cer
diff --git a/doc/doc.RPKI.CA.Configuration.rpkid b/doc/doc.RPKI.CA.Configuration.rpkid
index b2127ecf..c31f70f5 100644
--- a/doc/doc.RPKI.CA.Configuration.rpkid
+++ b/doc/doc.RPKI.CA.Configuration.rpkid
@@ -1,4 +1,4 @@
-****** ![rpkid] section ******
+****** [rpkid] section ******
 
 rpkid's default config file is the system rpkid.conf file. Start rpkid with -
 c filename to choose a different config file. All options are in the section
@@ -8,31 +8,31 @@ sql-database::
 
      MySQL database name for rpkid.
 
-     Default: ${myrpki::rpkid_sql_database}
+  sql-database = ${myrpki::rpkid_sql_database}
 
 sql-username::
 
      MySQL user name for rpkid.
 
-     Default: ${myrpki::rpkid_sql_username}
+  sql-username = ${myrpki::rpkid_sql_username}
 
 sql-password::
 
      MySQL password for rpkid.
 
-     Default: ${myrpki::rpkid_sql_password}
+  sql-password = ${myrpki::rpkid_sql_password}
 
 server-host::
 
      Host on which rpkid should listen for HTTP service requests.
 
-     Default: ${myrpki::rpkid_server_host}
+  server-host = ${myrpki::rpkid_server_host}
 
 server-port::
 
      Port on which rpkid should listen for HTTP service requests.
 
-     Default: ${myrpki::rpkid_server_port}
+  server-port = ${myrpki::rpkid_server_port}
 
 irdb-url::
 
@@ -40,8 +40,7 @@ irdb-url::
      running on the same machine as rpkid, this can and probably should be
      a loopback URL, since nobody but rpkid needs to talk to irdbd.
 
-     Default: http://${myrpki::irdbd_server_host}:${myrpki::
-     irdbd_server_port}/
+  irdb-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/
 
 bpki-ta::
 
@@ -49,14 +48,14 @@ bpki-ta::
      certificate verification within rpkid traces back to this trust
      anchor. Don't change this unless you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/ca.cer
+  bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer
 
 rpkid-cert::
 
      Where rpkid should look for its own BPKI EE certificate. Don't change
      this unless you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/rpkid.cer
+  rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer
 
 rpkid-key::
 
@@ -64,14 +63,14 @@ rpkid-key::
      BPKI EE certificate. Don't change this unless you really know what
      you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/rpkid.key
+  rpkid-key = ${myrpki::bpki_servers_directory}/rpkid.key
 
 irdb-cert::
 
      Where rpkid should look for irdbd's BPKI EE certificate. Don't change
      this unless you really know what you are doing.
 
-     Default: ${myrpki::bpki_servers_directory}/irdbd.cer
+  irdb-cert = ${myrpki::bpki_servers_directory}/irdbd.cer
 
 irbe-cert::
 
@@ -79,4 +78,4 @@ irbe-cert::
      certificate. Don't change this unless you really know what you are
      doing.
 
-     Default: ${myrpki::bpki_servers_directory}/irbe.cer
+  irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer
diff --git a/doc/manual.pdf b/doc/manual.pdf
index eeba7dbe..5f1a1a01 100644
--- a/doc/manual.pdf
+++ b/doc/manual.pdf