[arin-tech-discuss] Update on upcoming maintenance to ARIN’s RPKI infrastructure

Brad Gorman bgorman at arin.net
Wed Jun 23 14:07:46 EDT 2021


The scheduled time is 1000 AM ET on 20 July.  The re-sign will take place well in advance of 20 July.  Certificate and manifest expiry will not come into play. 

Best regards,
Brad Gorman 
Seniorr Product Owner, Routing Security
American Repository for Internet Numbers (ARIN)

On 6/23/21, 1:33 PM, "Alex Band" <alex at nlnetlabs.nl> wrote:

    Hi Brad,

    Jay and I were just discussing this and noticed your update indicates a 10:00 AM ET start time of the 30-minute period during which ARIN's RPKI repository would not be reachable. If that is indeed the time and full extent of the event, we foresee there being very little disruption, as relying party software will use cached data during that interval.

    But we wonder if you actually meant to say 1:00 PM ET == 10:00 AM PT == 1700 UTC. By 17:00 UTC ARIN's current RPKI root certificate and manifest will have expired, as demonstrated by the "Next Update" field in the JDR output at these links:


    Previously ARIN re-signed the CRL and manifest 4 weeks in advance, but that moment has passed a few days ago. We understand ARIN won't actively take action that impacts the integrity of the data. 

    Could you let us know on which date you're planning to re-sign these objects?

    If you neglect them, the entire ARIN RPKI Certificate Authority will be rejected on the 20th, making all ROAs disappear, including those published by organisations running delegated RPKI under ARIN.


    Jay & Alex

    > On 22 Jun 2021, at 22:51, Brad Gorman <bgorman at arin.net> wrote:
    > ARIN previously announced an upcoming maintenance to our RPKI infrastructure.   
    > https://www.arin.net/announcements/20210602-rpki/
    > We are updating the notice of this upcoming maintenance with the following additional information:
    > 	- July 20th is the date scheduled for this activity  
    > 	- We anticipate that the maintenance will take place starting at 10:00 AM ET for a period of 30 minutes
    > 	- During the 30-minute window, customers will not be able to reach the ARIN RPKI repository, but ARIN will NOT be 
    > 	  taking any action that impacts the integrity of the data contained in the repository
    > Sincerely,
    > Brad Gorman
    > Senior Product Owner, Routing Security
    > American Registry for Internet Numbers (ARIN)
    > _______________________________________________
    > arin-tech-discuss mailing list
    > arin-tech-discuss at arin.net
    > https://lists.arin.net/mailman/listinfo/arin-tech-discuss

More information about the arin-tech-discuss mailing list