Maybe...
At the moment because of the way that ARIN have chosen to allow people
to use their RPKI trust anchor, your ROAs may just get ignored unless
they are in a more accessible place.
The rpki.net framework installs the following trust anchors by default
without the need for terms and conditions (ie in an open manner).
ca0.rpki.net
localcert.ripe.net
repo0.rpki.net
repository.lacnic.net
rpki-pilot.lab.dtag.de
rpki-repository.nic.ad.jp
rpki-testbed.apnic.net
rpki.afrinic.net
rpki.apnic.net
rpki.ripe.net
Their webpage gives the following guidance:
http://rpki.net/wiki/doc/RPKI/RP
"Also note that, at least for now, ARIN's trust anchor locator is
absent from the default set of trust anchors. This is not an accident:
it's the direct result of a deliberate policy decision by ARIN to
require anyone using their trust anchor to jump through legal hoops
(https://www.arin.net/resources/rpki/faq.html#tal). If you have a
problem with this, complain to ARIN. If and when ARIN changes this
policy, we will be happy to include their trust anchor locator along
with those of the other RIRs."
Regards,
Dean
On Wed, Mar 19, 2014 at 10:42 AM, Bill Walker
Hi All,
Hoping someone can help. I am in the middle of a project to build 4 PoP's in Chicago, London, Sydney and Mumbai. As part of this I have been given the role of creating all the necessary Route objects etc. Our address space is from ARIN, but our ASN's are from RIPE, APNIC & ARIN. I have created as-set, aut-num and route objects in RADb to enable us to manage them from a single point. However I would like to setup ROA records for these route objects. I have setup RPKI with ARIN and created our first ROA object.
Onto my question, am I likely to have operational issues if the route objects are in RADb and the ROA with ARIN?
TIA,
Bill _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog