receiving, from a producer NF, an NF registration message including key ID version information;

in response to detecting the key ID version information, sending, to the producer NF, an NF registration response message including a current key ID version value, at least one digital certificate, and at least one corresponding public key to the producer NF, wherein the current key ID version value is associated with one or more digital certificates and one or more public keys of the NRF corresponding to one or more private keys of the NRF used by the NRF to digitally sign access tokens;

adding, by the NRF, a new private key to the one or more private keys of the NRF and a new public key to the one or more public keys of the NRF, and, in response, generating an updated key ID version value;

receiving, from the producer NF, an NF update message that includes the current key ID version value; and

in response to determining that the current key ID version value in the NF update message does not match the updated key ID version value maintained at the NRF, sending to the producer NF an NF update response message that includes the updated key ID version value, at least one updated digital certificate, and the new public key, wherein the new public key corresponds to the new private key, and the NRF uses the new private key to digitally sign access tokens and wherein the new public key is usable by the producer NF to verify whether a digital signature of an access token received from a consumer NF requesting service was created by the NRF using the new private key.