[arin-tech-discuss] Who can generate ROAs when a holder reassigns or reallocations address space?

Brad Gorman bgorman at arin.net
Mon Jun 24 11:08:05 EDT 2024 

Hello Andrew,

Thanks for your question.


  *   Only holders of resources received directly from ARIN are able to create ROAs for those resources.
  *   Organizations who are recipients of reallocated or detailed reassignments can create IRR objects, not RPKI ROAs for those resources.
  *   Organizations who are recipients of simple reassignments may not user IRR or RPKI services.

Best regards,

Brad Gorman
Sr Product Owner, Routing Security
ARIN

From: arin-tech-discuss <arin-tech-discuss-bounces at arin.net> on behalf of Andrew Gallo <akg1330 at gmail.com>
Date: Monday, June 24, 2024 at 10:52
To: David Farmer <farmer at umn.edu>
Cc: arin-tech-discuss at arin.net <arin-tech-discuss at arin.net>
Subject: Re: [arin-tech-discuss] Who can generate ROAs when a holder reassigns or reallocations address space?
I like that idea.  I was thinking along the same lines.

When a prefix is delegated, associate a Routing POC with the prefix
which would be allowed to generate ROAs and IRR objects. If no
association is made, only the parent can take these actions.

Question- do you think the delegating/parent holder should be allowed to
generate ROAs if there is a downstream Routing POC?

On 6/24/2024 10:08 AM, David Farmer wrote:
> I wonder if a tactic to address this issue is expanding the use of the
> Router POC. Maybe a Router POC could be created at the resource level or
> with a Detailed Reassignment instead of a Router POC at the Organization
> Level, providing a fine-grained mechanism to delegate control of ROA and
> IRR.
>
> Just a thought.
>
> On Mon, Jun 24, 2024 at 8:34 AM Andrew Gallo <akg1330 at gmail.com> wrote:
>
>> If a holder of address resources reassigns or reallocates a portion of
>> that space, who can create an RPKI ROA?  The original holder (parent),
>> the downstream org that has the delegated portion of the space?
>>
>> The three options for reassignment/reallocation are
>>       Simple Reassignment
>>       Detailed Reassignment
>>       Reallocation
>> (definitions below)
>>
>> Based on my reading, Simple Reassignment allows only the 'parent' (or
>> delegating) org allowed to create ROAs.  But what about Detailed?  The
>> downstream org can have POCs and maintain reverse nameserver records.
>> Can they also generate ROAs or IRR objects?
>>
>> What about Reallocation?
>>
>> Thank you.
>>
>>
>>
>>> Simple Reassignment
>>>      Use this option if you will manage abuse and network contacts for
>>> your customer.
>>>
>>> Detailed Reassignment
>>>      Use this for a downstream organization that needs to maintain its
>>> own reverse nameservers and/or separate Point of Contact (POC)
>>> information.
>>>
>>> Reallocation
>>>      Use this for a downstream organization that needs to maintain its
>>> own reverse nameservers and/or separate Point of Contact (POC)
>>> information and make reassignments of IP addresses to its own customers.
>>>
>> _______________________________________________
>> arin-tech-discuss mailing list
>> arin-tech-discuss at arin.net
>> https://lists.arin.net/mailman/listinfo/arin-tech-discuss
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20240624/ebfe9638/attachment-0001.htm>

More information about the arin-tech-discuss mailing list