[arin-tech-discuss] Unable to create RPKI ROA

Jay Borkenhagen jayb at braeburn.org
Sat Dec 8 13:40:19 EST 2018


Hi Jon, 

Thanks for the edification.

At this stage of the game we're all learning how to operate the RPKI
system better for the benefit of all participants.  In that spirit,
are there changes ARIN can be making so that in the future no manual
actions will be necessary?

Thanks.

						Jay B.

Jon Worley writes:
 > Hello,
 > 
 > For the list's edification, the problem was caused by a recently transferred block that hadn't yet been added to the RPKI certificate. Resources issued/transferred to an organization must be manually added before ROAs can be created.
 > 
 > Jon Worley
 > Technical Services Manager
 > ARIN Registration Services
 > https://www.arin.net/
 > hostmaster at arin.net
 > 703.227.0660
 > 
 > On 12/6/18, 9:17 AM, "arin-tech-discuss on behalf of Brian Rak" <arin-tech-discuss-bounces at arin.net on behalf of brak at gameservers.com> wrote:
 > 
 >     I'm running into an issue with the browser-signed ROAs.. I get this error:
 >     
 >      > The CIDR block you specfied is not covered by this resource 
 >     certificate. Furthermore, none of your resource certificates fully cover 
 >     this CIDR block.
 >     
 >     However, I don't really understand what this message is trying to tell 
 >     me.  I'm trying to modify a prefix associated with our account, I was 
 >     just able to update reverse DNS on it, so I definitely have access.
 >     



More information about the arin-tech-discuss mailing list