[arin-tech-discuss] Who can generate ROAs when a holder reassigns or reallocations address space?

Andrew Gallo akg1330 at gmail.com
Mon Jun 24 10:52:16 EDT 2024


I like that idea.  I was thinking along the same lines.

When a prefix is delegated, associate a Routing POC with the prefix 
which would be allowed to generate ROAs and IRR objects. If no 
association is made, only the parent can take these actions.

Question- do you think the delegating/parent holder should be allowed to 
generate ROAs if there is a downstream Routing POC?

On 6/24/2024 10:08 AM, David Farmer wrote:
> I wonder if a tactic to address this issue is expanding the use of the
> Router POC. Maybe a Router POC could be created at the resource level or
> with a Detailed Reassignment instead of a Router POC at the Organization
> Level, providing a fine-grained mechanism to delegate control of ROA and
> IRR.
>
> Just a thought.
>
> On Mon, Jun 24, 2024 at 8:34 AM Andrew Gallo <akg1330 at gmail.com> wrote:
>
>> If a holder of address resources reassigns or reallocates a portion of
>> that space, who can create an RPKI ROA?  The original holder (parent),
>> the downstream org that has the delegated portion of the space?
>>
>> The three options for reassignment/reallocation are
>>       Simple Reassignment
>>       Detailed Reassignment
>>       Reallocation
>> (definitions below)
>>
>> Based on my reading, Simple Reassignment allows only the 'parent' (or
>> delegating) org allowed to create ROAs.  But what about Detailed?  The
>> downstream org can have POCs and maintain reverse nameserver records.
>> Can they also generate ROAs or IRR objects?
>>
>> What about Reallocation?
>>
>> Thank you.
>>
>>
>>
>>> Simple Reassignment
>>>      Use this option if you will manage abuse and network contacts for
>>> your customer.
>>>
>>> Detailed Reassignment
>>>      Use this for a downstream organization that needs to maintain its
>>> own reverse nameservers and/or separate Point of Contact (POC)
>>> information.
>>>
>>> Reallocation
>>>      Use this for a downstream organization that needs to maintain its
>>> own reverse nameservers and/or separate Point of Contact (POC)
>>> information and make reassignments of IP addresses to its own customers.
>>>
>> _______________________________________________
>> arin-tech-discuss mailing list
>> arin-tech-discuss at arin.net
>> https://lists.arin.net/mailman/listinfo/arin-tech-discuss
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x1C61021F8B5942A2.asc
Type: application/pgp-keys
Size: 4097 bytes
Desc: OpenPGP public key
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20240624/641a139a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20240624/641a139a/attachment.sig>


More information about the arin-tech-discuss mailing list