[arin-tech-discuss] Unable to create RPKI ROA

Mark Kosters markk at arin.net
Tue Dec 18 16:04:54 EST 2018 

Hi Everyone

After some discussion internally, this is mostly a process issue that we need to work out for those who use RPKI who transfer out as well as those who transfer resources in from Org to Org. We'll be tuning our communications some on those who transfer resources and also use RPKI  in order to properly set expectations. 

Thanks,
Mark

On 12/8/18, 1:41 PM, "arin-tech-discuss on behalf of Jay Borkenhagen" <arin-tech-discuss-bounces at arin.net on behalf of jayb at braeburn.org> wrote:

    Hi Jon, 
    
    Thanks for the edification.
    
    At this stage of the game we're all learning how to operate the RPKI
    system better for the benefit of all participants.  In that spirit,
    are there changes ARIN can be making so that in the future no manual
    actions will be necessary?
    
    Thanks.
    
    						Jay B.
    
    Jon Worley writes:
     > Hello,
     > 
     > For the list's edification, the problem was caused by a recently transferred block that hadn't yet been added to the RPKI certificate. Resources issued/transferred to an organization must be manually added before ROAs can be created.
     > 
     > Jon Worley
     > Technical Services Manager
     > ARIN Registration Services
     > https://www.arin.net/
     > hostmaster at arin.net
     > 703.227.0660
     > 
     > On 12/6/18, 9:17 AM, "arin-tech-discuss on behalf of Brian Rak" <arin-tech-discuss-bounces at arin.net on behalf of brak at gameservers.com> wrote:
     > 
     >     I'm running into an issue with the browser-signed ROAs.. I get this error:
     >     
     >      > The CIDR block you specfied is not covered by this resource 
     >     certificate. Furthermore, none of your resource certificates fully cover 
     >     this CIDR block.
     >     
     >     However, I don't really understand what this message is trying to tell 
     >     me.  I'm trying to modify a prefix associated with our account, I was 
     >     just able to update reverse DNS on it, so I definitely have access.
     >     
    _______________________________________________
    arin-tech-discuss mailing list
    arin-tech-discuss at arin.net
    https://lists.arin.net/mailman/listinfo/arin-tech-discuss

More information about the arin-tech-discuss mailing list