[arin-announce] New RPKI Trust Anchor

ARIN info at arin.net
Wed Sep 20 09:13:04 EDT 2017

On 19 September 2017, ARIN held a key ceremony to move to a RPKI Trust 
Anchor that reflects all holdings (0/0) to fulfill our commitment to the 
deadline set by the Number Resource Organization (NRO) for all of the 
Regional Internet Registries (RIRs). This action is detailed in the “All 
Resources Applicability Statement” dated 21 January 2017:


"This document provides an applicability statement for the use of 
multiple, over-claiming ‘all resources’ (0/0) RPKI certificate 
authorities (CA) certificates used as trust anchors (TAs) operated by 
the Regional Internet Registry community to help mitigate the risk of 
massive downstream invalidation in the case of transient registry 

To mitigate the risk and alleviate this threat, the RIRs agreed to move 
from a Trust Anchor that reflects only their current holdings to one 
that reflects all holdings. This improvement will provide a more robust 
way of allowing resources that are covered under RPKI to be transferred 
from one RIR to another.

Note that current ARIN RPKI users do not need to re-download the TAL, as 
the TAL has not changed.

If you are new to RPKI and want to start validating RPKI data from the 
ARIN region, you can download the ARIN TAL from the following location:



Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)

More information about the ARIN-announce mailing list