diff --git a/go/beacon_srv/main.go b/go/beacon_srv/main.go
index 009bbd34b0..182f7edc60 100644
--- a/go/beacon_srv/main.go
+++ b/go/beacon_srv/main.go
@@ -281,7 +281,7 @@ type periodicTasks struct {
 	intfs           *ifstate.Interfaces
 	conn            *snet.SCIONPacketConn
 	genMac          func() hash.Hash
-	trustStore      *trust.Store
+	trustStore      trust.Store
 	store           beaconstorage.Store
 	msgr            infra.Messenger
 	topoProvider    topology.Provider
diff --git a/go/lib/ctrl/cert_mgmt/BUILD.bazel b/go/lib/ctrl/cert_mgmt/BUILD.bazel
index e36648b361..53e955c9c7 100644
--- a/go/lib/ctrl/cert_mgmt/BUILD.bazel
+++ b/go/lib/ctrl/cert_mgmt/BUILD.bazel
@@ -18,7 +18,9 @@ go_library(
         "//go/lib/common:go_default_library",
         "//go/lib/scrypto:go_default_library",
         "//go/lib/scrypto/cert:go_default_library",
+        "//go/lib/scrypto/cert/v2:go_default_library",
         "//go/lib/scrypto/trc:go_default_library",
+        "//go/lib/scrypto/trc/v2:go_default_library",
         "//go/proto:go_default_library",
     ],
 )
diff --git a/go/lib/ctrl/cert_mgmt/chain.go b/go/lib/ctrl/cert_mgmt/chain.go
index dbd7e8fde5..56811abdd1 100644
--- a/go/lib/ctrl/cert_mgmt/chain.go
+++ b/go/lib/ctrl/cert_mgmt/chain.go
@@ -19,7 +19,8 @@ import (
 	"fmt"
 
 	"github.com/scionproto/scion/go/lib/common"
-	"github.com/scionproto/scion/go/lib/scrypto/cert"
+	legacy "github.com/scionproto/scion/go/lib/scrypto/cert"
+	"github.com/scionproto/scion/go/lib/scrypto/cert/v2"
 	"github.com/scionproto/scion/go/proto"
 )
 
@@ -29,11 +30,11 @@ type Chain struct {
 	RawChain common.RawBytes `capnp:"chain"`
 }
 
-func (c *Chain) Chain() (*cert.Chain, error) {
+func (c *Chain) Chain() (*legacy.Chain, error) {
 	if c.RawChain == nil {
 		return nil, nil
 	}
-	return cert.ChainFromRaw(c.RawChain, true)
+	return legacy.ChainFromRaw(c.RawChain, true)
 }
 
 func (c *Chain) ProtoId() proto.ProtoIdType {
@@ -41,9 +42,13 @@ func (c *Chain) ProtoId() proto.ProtoIdType {
 }
 
 func (c *Chain) String() string {
-	chain, err := c.Chain()
+	raw, err := cert.ParseChain(c.RawChain)
 	if err != nil {
 		return fmt.Sprintf("Invalid CertificateChain: %v", err)
 	}
-	return chain.String()
+	as, err := raw.AS.Encoded.Decode()
+	if err != nil {
+		return fmt.Sprintf("Invalid AS certificate: %v", err)
+	}
+	return fmt.Sprintf("ISD%d-AS%s-V%d", as.Subject.I, as.Subject.A, as.Version)
 }
diff --git a/go/lib/ctrl/cert_mgmt/trc.go b/go/lib/ctrl/cert_mgmt/trc.go
index 2cadb3bcba..c992e25ac1 100644
--- a/go/lib/ctrl/cert_mgmt/trc.go
+++ b/go/lib/ctrl/cert_mgmt/trc.go
@@ -19,7 +19,8 @@ import (
 	"fmt"
 
 	"github.com/scionproto/scion/go/lib/common"
-	"github.com/scionproto/scion/go/lib/scrypto/trc"
+	legacy "github.com/scionproto/scion/go/lib/scrypto/trc"
+	"github.com/scionproto/scion/go/lib/scrypto/trc/v2"
 	"github.com/scionproto/scion/go/proto"
 )
 
@@ -29,11 +30,11 @@ type TRC struct {
 	RawTRC common.RawBytes `capnp:"trc"`
 }
 
-func (t *TRC) TRC() (*trc.TRC, error) {
+func (t *TRC) TRC() (*legacy.TRC, error) {
 	if t.RawTRC == nil {
 		return nil, nil
 	}
-	return trc.TRCFromRaw(t.RawTRC, true)
+	return legacy.TRCFromRaw(t.RawTRC, true)
 }
 
 func (t *TRC) ProtoId() proto.ProtoIdType {
@@ -41,9 +42,13 @@ func (t *TRC) ProtoId() proto.ProtoIdType {
 }
 
 func (t *TRC) String() string {
-	u, err := t.TRC()
+	signed, err := trc.ParseSigned(t.RawTRC)
 	if err != nil {
-		return fmt.Sprintf("Invalid TRC: %v", err)
+		return fmt.Sprintf("Invalid signed TRC: %v", err)
 	}
-	return u.String()
+	pld, err := signed.EncodedTRC.Decode()
+	if err != nil {
+		return fmt.Sprintf("Invalid TRC payload: %v", err)
+	}
+	return fmt.Sprintf("ISD%d-V%d", pld.ISD, pld.Version)
 }