<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">ROAs are supposed to turtle down. In the end ISPs will end up signing ROAs on individual DHCP leases allowing packets from these addresses permitted through other ISPs BCP39 filters when customers are multi-homed. We aren’t at this stage yet but that is the future we all should be working too. <br><div dir="ltr">-- <div>Mark Andrews</div></div><div dir="ltr"><br><blockquote type="cite">On 24 Jun 2023, at 13:07, Fernando Frediani <fhfrediani@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>I would imagine you would defend this Owen. But I didn't
misunderstand.<br>
</p>
<p>ROAs should be signed by organizations who receive IP space from
the RIR. They are the ones responsible for that IP space. If you
let these organizations re-assign to other Autonomous Systems you
start to void the RIR function. This has nothing to do with ISPs
assigning IP resources to their customers in order they can
connect to the Internet as it has always been. Of course some will
defend ISP to assign resources to another ISP which is an ASN as
it doesn't need to pass through the RIR policies directly.<br>
If an organization who is an Autonomous System get their IP space
directly from the RIR then it can freely and easily sign whatever
ROAs they should.</p>
<p>Fernando<br>
</p>
<div class="moz-cite-prefix">On 23/06/2023 15:38, Delong.com wrote:<br>
</div>
<blockquote type="cite" cite="mid:FD70ECC8-3E06-4D30-835B-BD86B1D7E62F@delong.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
You fundamentally misunderstand the situation, then.
<div><br>
</div>
<div>ROAs must be delegated according to the way networks are
delegated. Lots of ISPs get addresses from upstream ISPs who get
them from upstream ISPs who get them from ARIN.</div>
<div><br>
</div>
<div>In the case where IP addresses are delegated ARIN->ISP
A->ISP B->ISP C, for RPKI to function, it has to be
possible for ISP B to get a ROA from ISP A and for ISP C to</div>
<div>Get a ROA from ISP B.</div>
<div><br>
</div>
<div>ROAs have to be representative of the ORIGINATOR of the route
in BGP or they are useless.</div>
<div><br>
</div>
<div>Owen</div>
<div><br>
<div><br>
<blockquote type="cite">
<div>On Jun 23, 2023, at 11:24, Fernando Frediani
<a class="moz-txt-link-rfc2396E" href="mailto:fhfrediani@gmail.com"><fhfrediani@gmail.com></a> wrote:</div>
<br class="Apple-interchange-newline">
<div>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<div>
<p>I don't think this should be allowed to happen. ROAs
are to be created by organizations who receive the
allocation from the RIR as ultimatelly they remain
responsible for that IP space. If they have allocated
a block to a customer they should be the ones
responsible for creating any ROAs they need for that
IP space (in fact ideally they should create for the
whole IP space anyway).<br>
</p>
<p>Fernando<br>
</p>
<div class="moz-cite-prefix">On 23/06/2023 13:20,
Richard Laager wrote:<br>
</div>
<blockquote type="cite" cite="mid:5821dcf1-f4ce-4d80-c88b-9d8e97483dac@wiktel.com">It
is my understanding that the downstream Org cannot
create RPKI ROAs for Reallocated IP Networks. For
example, 206.9.80.0/24 is reallocated to me (OrgID
WIKSTR-1), but I cannot make a ROA for it. <br>
<br>
This is obviously suboptimal for adopting RPKI. <br>
<br>
Is this something that we could fix with Policy
development, or do I need to bark up some other tree?
<br>
<br>
</blockquote>
</div>
_______________________________________________<br>
ARIN-PPML<br>
You are receiving this message because you are subscribed
to<br>
the ARIN Public Policy Mailing List (<a class="moz-txt-link-abbreviated" href="mailto:ARIN-PPML@arin.net">ARIN-PPML@arin.net</a>).<br>
Unsubscribe or manage your mailing list subscription at:<br>
<a class="moz-txt-link-freetext" href="https://lists.arin.net/mailman/listinfo/arin-ppml">https://lists.arin.net/mailman/listinfo/arin-ppml</a><br>
Please contact <a class="moz-txt-link-abbreviated" href="mailto:info@arin.net">info@arin.net</a> if you experience any issues.<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<span>_______________________________________________</span><br><span>ARIN-PPML</span><br><span>You are receiving this message because you are subscribed to</span><br><span>the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).</span><br><span>Unsubscribe or manage your mailing list subscription at:</span><br><span>https://lists.arin.net/mailman/listinfo/arin-ppml</span><br><span>Please contact info@arin.net if you experience any issues.</span><br></div></blockquote></body></html>