[arin-tech-discuss] Sanity check on hosted RPKI private key

Andrew Gallo akg1330 at gmail.com
Tue Feb 17 16:31:19 EST 2015

Greetings, Tech-discuss:

Looking for a sanity check on how hosted RPKI works.

Based on the docs and website, ARIN must host the private key for a site
using hosted RPKI
"Hosted RPKI requires that ARIN hosts the private key of your ROA Request
Generation Key Pair."(from https://www.arin.net/resources/rpki/index.html)

Further, there are instructions on generating a key pair:
"How do I Make a ROA Request Generation or Delegated RPKI Key Pair?
ROA Request Generation and Delegated RPKI Key Pairs may be generated
numerous ways."
(from https://www.arin.net/resources/rpki/faq.html#keypairgeneration)

To be clear, the key pair that I'm generating in this step is simply to
validate the communication of my ROA request, correct?

The private key that is used to sign the ROA itself is never seen nor
accessed by the org using the hosted model, correct?

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20150217/9ee429de/attachment.html>

More information about the arin-tech-discuss mailing list