RPKI Mgmt Changes at ARIN (was: Fwd: [arin-announce] Upcoming Changes to ARIN’s Resource Public Key Infrastructure (RPKI))

Operators -

Some important information regarding forthcoming RPKI management changes at ARIN.

FYI ,

/John

John Curran
President and CEO
American Registry for Internet Numbers

1 Like

ROA Auto-renewal

After the May software release, any ROA created via ARIN Online or the new RESTful provisioning endpoint will be automatically renewed, meaning all newly created ROAs will persist indefinitely until they are manually deleted. ARIN will also apply the auto-renew feature to any existing ROAs when we deploy this new functionality.

Please note: Any new ROAs created with the legacy RESTful endpoint will not be auto-renewed. If you would like your ROAs to be auto-renewed, you will need to use ARIN Online or the new RESTful provisioning endpoint. ARIN will be contacting customers who have created ROAs in both ARIN Online and REST to determine how they prefer to manage their existing ROAs

Thanks John and ARIN team, this auto-renew is a big deal and helps take a lot of stress off our plates

CB

oh! there's a bunch of pretty good improvements here, thanks! (john
and cameron for raising this mail up in the my stack)

-chris

Chris -

Indeed - these are some frequently sought changes that also bring our RPKI interface closer to practices in other regions.

I will note that we do lose something in the process - currently ARIN’s RPKI system has clear non-repudiation attributes (i.e., the issuance of an ROA is assuredly done by the controlling operator [as opposed to a function of ARIN’s automation or staff]) since ARIN never possesses the necessary private key. Changing to allow easy issuance and rollover appears to be the community’s preference, so we have undertaken the necessary development and process changes.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers