17 files changed, 272 insertions, 77 deletions

diff --git a/scripts/irbe-cli.py b/scripts/irbe-cli.py
index a72c0664..7e91375e 100755
--- a/scripts/irbe-cli.py
+++ b/scripts/irbe-cli.py
@@ -34,9 +34,13 @@ class cmd_mixin(object):
     self.action = arg
     self.type = "query"
 
-  def client_query_peer_ta(self, arg):
-    """Special handler for --peer_ta option."""
-    self.peer_ta = rpki.x509.X509(Auto_file=arg)
+  def client_query_cms_ta(self, arg):
+    """Special handler for --cms_ta option."""
+    self.cms_ta = rpki.x509.X509(Auto_file=arg)
+
+  def client_query_https_ta(self, arg):
+    """Special handler for --https_ta option."""
+    self.https_ta = rpki.x509.X509(Auto_file=arg)
 
   def client_reply_decode(self):
     pass
diff --git a/scripts/left-right-protocol-samples/pdu.021.xml b/scripts/left-right-protocol-samples/pdu.021.xml
index 340a29b9..8388956e 100644
--- a/scripts/left-right-protocol-samples/pdu.021.xml
+++ b/scripts/left-right-protocol-samples/pdu.021.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <parent action="create" type="query" self_id="42" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </parent>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.023.xml b/scripts/left-right-protocol-samples/pdu.023.xml
index e3416865..1f3633c0 100644
--- a/scripts/left-right-protocol-samples/pdu.023.xml
+++ b/scripts/left-right-protocol-samples/pdu.023.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <parent action="set" type="query" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120" rekey="yes" reissue="yes" revoke="yes">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </parent>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.026.xml b/scripts/left-right-protocol-samples/pdu.026.xml
index 33248794..8cddc8d8 100644
--- a/scripts/left-right-protocol-samples/pdu.026.xml
+++ b/scripts/left-right-protocol-samples/pdu.026.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <parent action="get" type="reply" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </parent>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.028.xml b/scripts/left-right-protocol-samples/pdu.028.xml
index 7fa47da4..1e8f5c95 100644
--- a/scripts/left-right-protocol-samples/pdu.028.xml
+++ b/scripts/left-right-protocol-samples/pdu.028.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <parent action="list" type="reply" self_id="42" parent_id="666" peer_contact_uri="https://re.bar.example/bandicoot/" sia_base="rsync://repo.foo.example/wombat/" bsc_id="17" repository_id="120">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </parent>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.031.xml b/scripts/left-right-protocol-samples/pdu.031.xml
index 87f97c8b..4871b271 100644
--- a/scripts/left-right-protocol-samples/pdu.031.xml
+++ b/scripts/left-right-protocol-samples/pdu.031.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <child action="create" type="query" self_id="42" bsc_id="17">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,6 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
   </child>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.033.xml b/scripts/left-right-protocol-samples/pdu.033.xml
index a3120e2b..37bac784 100644
--- a/scripts/left-right-protocol-samples/pdu.033.xml
+++ b/scripts/left-right-protocol-samples/pdu.033.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <child action="set" type="query" self_id="42" child_id="3" bsc_id="17" reissue="yes">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,6 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
   </child>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.036.xml b/scripts/left-right-protocol-samples/pdu.036.xml
index 905c7bef..4c2576e1 100644
--- a/scripts/left-right-protocol-samples/pdu.036.xml
+++ b/scripts/left-right-protocol-samples/pdu.036.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <child action="get" type="reply" self_id="42" child_id="3" bsc_id="17">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,6 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
   </child>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.038.xml b/scripts/left-right-protocol-samples/pdu.038.xml
index bd451feb..42d203a4 100644
--- a/scripts/left-right-protocol-samples/pdu.038.xml
+++ b/scripts/left-right-protocol-samples/pdu.038.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <child action="list" type="reply" self_id="42" child_id="3" bsc_id="17">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,6 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
   </child>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.041.xml b/scripts/left-right-protocol-samples/pdu.041.xml
index c47fde5b..40cccf4d 100644
--- a/scripts/left-right-protocol-samples/pdu.041.xml
+++ b/scripts/left-right-protocol-samples/pdu.041.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <repository action="create" type="query" self_id="42" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </repository>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.043.xml b/scripts/left-right-protocol-samples/pdu.043.xml
index 719215ed..e8f391a5 100644
--- a/scripts/left-right-protocol-samples/pdu.043.xml
+++ b/scripts/left-right-protocol-samples/pdu.043.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <repository action="set" type="query" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </repository>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.046.xml b/scripts/left-right-protocol-samples/pdu.046.xml
index 402b5e1f..ad7e42a4 100644
--- a/scripts/left-right-protocol-samples/pdu.046.xml
+++ b/scripts/left-right-protocol-samples/pdu.046.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <repository action="get" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </repository>
 </msg>
diff --git a/scripts/left-right-protocol-samples/pdu.048.xml b/scripts/left-right-protocol-samples/pdu.048.xml
index 2cd2cb23..ff92dc33 100644
--- a/scripts/left-right-protocol-samples/pdu.048.xml
+++ b/scripts/left-right-protocol-samples/pdu.048.xml
@@ -2,7 +2,7 @@
 <!--Automatically generated, do not edit.-->
 <msg xmlns="http://www.hactrn.net/uris/rpki/left-right-spec/" version="1">
   <repository action="list" type="reply" self_id="42" repository_id="120" peer_contact_uri="https://re.bar.example/bandicoot/" bsc_id="17">
-    <peer_ta>
+    <cms_ta>
 		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
 		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
 		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
@@ -20,6 +20,25 @@
 		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
 		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
 		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
-	    </peer_ta>
+	    </cms_ta>
+    <https_ta>
+		MIIDGzCCAgOgAwIBAgIJAKi+/+wUhQlxMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV
+		BAMTGVRlc3QgQ2VydGlmaWNhdGUgQm9iIFJvb3QwHhcNMDcwODAxMTk1MzEwWhcN
+		MDcwODMxMTk1MzEwWjAkMSIwIAYDVQQDExlUZXN0IENlcnRpZmljYXRlIEJvYiBS
+		b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKYUtJaM5PH5917S
+		G2ACc7iBYdQO2HYyu8Gb6i9Q2Gxc3cWEX7RTBvgOL79pWf3GIdnoupzMnoZVtY3G
+		Ux2G/0WkmLui2TCeDhcfXdQ4rcp8J3V/6ESj+yuEPPOG8UN17mUKKgujrch6ZvgC
+		DO9AyOK/uXu+ABQXTPsn2pVe2EVh3V004ShLi8GKgVdqb/rW/6GTg0Xb/zLT6WWM
+		uT++6sXTlztJdQYkRamJvKfQDU1naC8mAkGf79Tba0xyBGAUII0GfREY6t4/+NAP
+		2Yyb3xNlBqcJoTov0JfNKHZcCZePr79j7LK/hkZxxip+Na9xDpE+oQRV+DRukCRJ
+		diqg+wIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTDEsXJe6pjAQD4
+		ULlB7+GMDBlimTAfBgNVHSMEGDAWgBTDEsXJe6pjAQD4ULlB7+GMDBlimTANBgkq
+		hkiG9w0BAQUFAAOCAQEAWWkNcW6S1tKKqtzJsdfhjJiAAPQmOXJskv0ta/8f6Acg
+		cum1YieNdtT0n96P7CUHOWP8QBb91JzeewR7b6WJLwb1Offs3wNq3kk75pJe89r4
+		XY39EZHhMW+Dv0PhIKu2CgD4LeyH1FVTQkF/QObGEmkn+s+HTsuzd1l2VLwcP1Sm
+		sqep6LAlFj62qqaIJzNeQ9NVkBqtkygnYlBOkaBTHfQTux3jYNpEo8JJB5e/WFdH
+		YyMNrG2xMOtIC7T4+IOHgT8PgrNhaeDg9ctewj0X8Qi9nI9nXeinicLX8vj6hdEq
+		3ORv7RZMJNYqv1HQ3wUE2B7fCPFv7EUwzaCds1kgRQ==
+	    </https_ta>
   </repository>
 </msg>
diff --git a/scripts/left-right-schema.rnc b/scripts/left-right-schema.rnc
index 40f05314..831cd4a6 100644
--- a/scripts/left-right-schema.rnc
+++ b/scripts/left-right-schema.rnc
@@ -32,8 +32,9 @@ ctl_dr = attribute action { "destroy" }, attribute type { "reply" }
 # Base64 encoded DER stuff
 base64 = xsd:base64Binary { maxLength="512000" }
 
-# How we wrap peer_ta fields (separate element or inline?)
-peer_ta = element peer_ta { base64 }
+# How we wrap trust anchor elements
+cms_ta = element cms_ta { base64 }
+https_ta = element https_ta { base64 }
 
 # Base definition for all fields that are really just SQL primary indices
 sql_id = xsd:token { maxLength="1024" }
@@ -103,7 +104,8 @@ parent_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }
                   attribute sia_base { xsd:anyURI { maxLength="1024" } }?,
                   attribute bsc_id { xsd:token { maxLength="1024" } }?,
                   attribute repository_id { xsd:token { maxLength="1024" } }?,
-                  peer_ta?)
+                  cms_ta?,
+                  https_ta?)
 
 parent_elt |= element parent { ctl_cq, self_id, parent_bool, parent_payload }
 parent_elt |= element parent { ctl_cr, self_id, parent_id }
@@ -123,7 +125,7 @@ child_id = attribute child_id { sql_id }
 child_bool = attribute reissue { "yes" }?
 
 child_payload = (attribute bsc_id { xsd:token { maxLength="1024" } }?,
-                 peer_ta?)
+                 cms_ta?)
 
 child_elt |= element child { ctl_cq, self_id, child_bool, child_payload }
 child_elt |= element child { ctl_cr, self_id, child_id }
@@ -142,7 +144,8 @@ repository_id = attribute repository_id { sql_id }
 
 repository_payload = (attribute peer_contact_uri { xsd:anyURI { maxLength="1024" } }?,
                       attribute bsc_id { xsd:token { maxLength="1024" } }?,
-                      peer_ta?)
+                      cms_ta?,
+                      https_ta?)
 
 repository_elt |= element repository { ctl_cq, self_id, repository_payload }
 repository_elt |= element repository { ctl_cr, self_id, repository_id }
diff --git a/scripts/left-right-schema.rng b/scripts/left-right-schema.rng
index 4c0b9133..9a413afa 100644
--- a/scripts/left-right-schema.rng
+++ b/scripts/left-right-schema.rng
@@ -120,9 +120,14 @@
       <param name="maxLength">512000</param>
     </data>
   </define>
-  <!-- How we wrap peer_ta fields (separate element or inline?) -->
-  <define name="peer_ta">
-    <element name="peer_ta">
+  <!-- How we wrap trust anchor elements -->
+  <define name="cms_ta">
+    <element name="cms_ta">
+      <ref name="base64"/>
+    </element>
+  </define>
+  <define name="https_ta">
+    <element name="https_ta">
       <ref name="base64"/>
     </element>
   </define>
@@ -429,7 +434,10 @@
       </attribute>
     </optional>
     <optional>
-      <ref name="peer_ta"/>
+      <ref name="cms_ta"/>
+    </optional>
+    <optional>
+      <ref name="https_ta"/>
     </optional>
   </define>
   <define name="parent_elt" combine="choice">
@@ -528,7 +536,7 @@
       </attribute>
     </optional>
     <optional>
-      <ref name="peer_ta"/>
+      <ref name="cms_ta"/>
     </optional>
   </define>
   <define name="child_elt" combine="choice">
@@ -627,7 +635,10 @@
       </attribute>
     </optional>
     <optional>
-      <ref name="peer_ta"/>
+      <ref name="cms_ta"/>
+    </optional>
+    <optional>
+      <ref name="https_ta"/>
     </optional>
   </define>
   <define name="repository_elt" combine="choice">
diff --git a/scripts/rpki/left_right.py b/scripts/rpki/left_right.py
index 9f73b8a9..c270ed3f 100644
--- a/scripts/rpki/left_right.py
+++ b/scripts/rpki/left_right.py
@@ -61,13 +61,17 @@ class data_elt(base_elt, rpki.sql.sql_persistant):
 
   def sql_decode(self, vals):
     rpki.sql.sql_persistant.sql_decode(self, vals)
-    if "peer_ta" in vals:
-      self.peer_ta = rpki.x509.X509(DER=vals["peer_ta"])
+    if "cms_ta" in vals:
+      self.cms_ta = rpki.x509.X509(DER=vals["cms_ta"])
+    if "https_ta" in vals:
+      self.https_ta = rpki.x509.X509(DER=vals["https_ta"])
 
   def sql_encode(self):
     d = rpki.sql.sql_persistant.sql_encode(self)
-    if "peer_id" in d:
-      d["peer_ta"] = self.peer_ta.get_DER()
+    if "cms_ta" in d:
+      d["cms_ta"] = self.cms_ta.get_DER()
+    if "https_ta" in d:
+      d["https_ta"] = self.https_ta.get_DER()
     return d
 
   def make_reply(self, r_pdu=None):
@@ -303,36 +307,41 @@ class parent_elt(data_elt):
 
   element_name = "parent"
   attributes = ("action", "type", "self_id", "parent_id", "bsc_id", "repository_id", "peer_contact_uri", "sia_base")
-  elements = ("peer_ta",)
+  elements = ("cms_ta", "https_ta")
   booleans = ("rekey", "reissue", "revoke")
 
-  sql_template = rpki.sql.template("parent", "parent_id", "self_id", "bsc_id", "repository_id", "peer_ta", "peer_contact_uri", "sia_base")
+  sql_template = rpki.sql.template("parent", "parent_id", "self_id", "bsc_id", "repository_id", "cms_ta", "https_ta", "peer_contact_uri", "sia_base")
 
-  peer_ta = None
+  cms_ta = None
+  https_ta = None
 
   def serve_post_save_hook(self, q_pdu, r_pdu):
     if self.rekey or self.reissue or self.revoke:
       raise NotImplementedError
 
   def startElement(self, stack, name, attrs):
-    """Handle <bsc/> element."""
-    if name != "peer_ta":
+    """Handle <parent/> element."""
+    if name not in ("cms_ta", "https_ta"):
       assert name == "parent", "Unexpected name %s, stack %s" % (name, stack)
       self.read_attrs(attrs)
 
   def endElement(self, stack, name, text):
-    """Handle <bsc/> element."""
-    if name == "peer_ta":
-      self.peer_ta = rpki.x509.X509(Base64=text)
+    """Handle <parent/> element."""
+    if name == "cms_ta":
+      self.cms_ta = rpki.x509.X509(Base64=text)
+    elif name == "https_ta":
+      self.https_ta = rpki.x509.X509(Base64=text)
     else:
       assert name == "parent", "Unexpected name %s, stack %s" % (name, stack)
       stack.pop()
 
   def toXML(self):
-    """Generate <bsc/> element."""
+    """Generate <parent/> element."""
     elt = self.make_elt()
-    if self.peer_ta and not self.peer_ta.empty():
-      self.make_b64elt(elt, "peer_ta", self.peer_ta.get_DER())
+    if self.cms_ta and not self.cms_ta.empty():
+      self.make_b64elt(elt, "cms_ta", self.cms_ta.get_DER())
+    if self.https_ta and not self.https_ta.empty():
+      self.make_b64elt(elt, "https_ta", self.https_ta.get_DER())
     return elt
 
   def query_up_down(self, gctx, q_pdu):
@@ -375,12 +384,12 @@ class child_elt(data_elt):
 
   element_name = "child"
   attributes = ("action", "type", "self_id", "child_id", "bsc_id")
-  elements = ("peer_ta",)
+  elements = ("cms_ta",)
   booleans = ("reissue", )
 
-  sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", "peer_ta")
+  sql_template = rpki.sql.template("child", "child_id", "self_id", "bsc_id", "cms_ta")
 
-  peer_ta = None
+  cms_ta = None
 
   def serve_post_save_hook(self, q_pdu, r_pdu):
     if self.reissue:
@@ -388,14 +397,14 @@ class child_elt(data_elt):
 
   def startElement(self, stack, name, attrs):
     """Handle <child/> element."""
-    if name != "peer_ta":
+    if name != "cms_ta":
       assert name == "child", "Unexpected name %s, stack %s" % (name, stack)
       self.read_attrs(attrs)
 
   def endElement(self, stack, name, text):
     """Handle <child/> element."""
-    if name == "peer_ta":
-      self.peer_ta = rpki.x509.X509(Base64=text)
+    if name == "cms_ta":
+      self.cms_ta = rpki.x509.X509(Base64=text)
     else:
       assert name == "child", "Unexpected name %s, stack %s" % (name, stack)
       stack.pop()
@@ -403,8 +412,8 @@ class child_elt(data_elt):
   def toXML(self):
     """Generate <child/> element."""
     elt = self.make_elt()
-    if self.peer_ta:
-      self.make_b64elt(elt, "peer_ta", self.peer_ta.get_DER())
+    if self.cms_ta:
+      self.make_b64elt(elt, "cms_ta", self.cms_ta.get_DER())
     return elt
 
   def serve_up_down(self, gctx, query):
@@ -412,7 +421,7 @@ class child_elt(data_elt):
     bsc = bsc_elt.sql_fetch(gctx.db, gctx.cur, self.bsc_id)
     if bsc is None:
       raise rpki.exceptions.NotFound, "Could not find BSC %s" % self.bsc_id
-    q_elt = rpki.cms.xml_decode(query, self.peer_ta)
+    q_elt = rpki.cms.xml_decode(query, self.cms_ta)
     rpki.relaxng.up_down.assertValid(q_elt)
     q_msg = rpki.up_down.sax_handler.saxify(q_elt)
     if q_msg.sender != str(self.child_id):
@@ -427,22 +436,25 @@ class repository_elt(data_elt):
 
   element_name = "repository"
   attributes = ("action", "type", "self_id", "repository_id", "bsc_id", "peer_contact_uri")
-  elements = ("peer_ta",)
+  elements = ("cms_ta", "https_ta")
 
-  sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id", "peer_ta", "peer_contact_uri")
+  sql_template = rpki.sql.template("repository", "repository_id", "self_id", "bsc_id", "cms_ta", "peer_contact_uri")
 
-  peer_ta = None
+  cms_ta = None
+  https_ta = None
 
   def startElement(self, stack, name, attrs):
     """Handle <repository/> element."""
-    if name != "peer_ta":
+    if name not in ("cms_ta", "https_ta"):
       assert name == "repository", "Unexpected name %s, stack %s" % (name, stack)
       self.read_attrs(attrs)
 
   def endElement(self, stack, name, text):
     """Handle <repository/> element."""
-    if name == "peer_ta":
-      self.peer_ta = rpki.x509.X509(Base64=text)
+    if name == "cms_ta":
+      self.cms_ta = rpki.x509.X509(Base64=text)
+    elif name == "https_ta":
+      self.https_ta = rpki.x509.X509(Base64=text)
     else:
       assert name == "repository", "Unexpected name %s, stack %s" % (name, stack)
       stack.pop()
@@ -450,8 +462,10 @@ class repository_elt(data_elt):
   def toXML(self):
     """Generate <repository/> element."""
     elt = self.make_elt()
-    if self.peer_ta:
-      self.make_b64elt(elt, "peer_ta", self.peer_ta.get_DER())
+    if self.cms_ta:
+      self.make_b64elt(elt, "cms_ta", self.cms_ta.get_DER())
+    if self.https_ta:
+      self.make_b64elt(elt, "https_ta", self.https_ta.get_DER())
     return elt
 
 class route_origin_elt(data_elt):
diff --git a/scripts/rpki/relaxng.py b/scripts/rpki/relaxng.py
index 8a5817d0..aacae01a 100644
--- a/scripts/rpki/relaxng.py
+++ b/scripts/rpki/relaxng.py
@@ -4,7 +4,7 @@ import lxml.etree
 
 left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" encoding="UTF-8"?>
 <!--
-  $Id: left-right-schema.rng 1067 2007-10-01 20:22:57Z sra $
+  $Id: left-right-schema.rnc 1067 2007-10-01 20:22:57Z sra $
   
   RelaxNG (Compact Syntax) Schema for RPKI left-right protocol.
   
@@ -124,9 +124,14 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc
       <param name="maxLength">512000</param>
     </data>
   </define>
-  <!-- How we wrap peer_ta fields (separate element or inline?) -->
-  <define name="peer_ta">
-    <element name="peer_ta">
+  <!-- How we wrap trust anchor elements -->
+  <define name="cms_ta">
+    <element name="cms_ta">
+      <ref name="base64"/>
+    </element>
+  </define>
+  <define name="https_ta">
+    <element name="https_ta">
       <ref name="base64"/>
     </element>
   </define>
@@ -433,7 +438,10 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc
       </attribute>
     </optional>
     <optional>
-      <ref name="peer_ta"/>
+      <ref name="cms_ta"/>
+    </optional>
+    <optional>
+      <ref name="https_ta"/>
     </optional>
   </define>
   <define name="parent_elt" combine="choice">
@@ -532,7 +540,7 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc
       </attribute>
     </optional>
     <optional>
-      <ref name="peer_ta"/>
+      <ref name="cms_ta"/>
     </optional>
   </define>
   <define name="child_elt" combine="choice">
@@ -631,7 +639,10 @@ left_right = lxml.etree.RelaxNG(lxml.etree.fromstring('''<?xml version="1.0" enc
       </attribute>
     </optional>
     <optional>
-      <ref name="peer_ta"/>
+      <ref name="cms_ta"/>
+    </optional>
+    <optional>
+      <ref name="https_ta"/>
     </optional>
   </define>
   <define name="repository_elt" combine="choice">