Has Anyone managed to get Delegated RPKI working with ARIN

Tim Bruijnzeels tim at nlnetlabs.nl
Wed Feb 5 15:48:20 UTC 2020


Hi,

Everyone is welcome to read that list of course, but the TL;DR is:

ARIN currently uses a pre RFC 8183 format for the identity exchange. It would be good if this were updated. New versions of rpkid as well as Krill have issues with the old format.

In the meantime this XSL provided by rpki.net can be of help:
https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl <https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl>

Note: if you are planning to give Krill a try we recommend that you wait for version 0.5. We expect to have this version ready in 1-2 weeks. It will include usability improvements, better monitoring and a UI.

Kind regards,

Tim



> On 5 Feb 2020, at 16:03, Christopher Munz-Michielin <christopher at ve7alb.ca> wrote:
> 
> Brilliant! Thanks for the write up Cynthia, I'll have a read through!
> 
> Chris
> 
> On 2020-02-05 1:56 a.m., Cynthia Revström wrote:
>> (Re-sent as I forgot to include the ML the first time, oops)
>> Hi Chris,
>> 
>> I recently figured it out and posted it on the NLNetLabs RPKI mailing list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html <https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html>
>> I hope it helps :)
>> 
>> - Cynthia
>> 
>> On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin <christopher at ve7alb.ca <mailto:christopher at ve7alb.ca>> wrote:
>> 
>>    Hi Nanog,
>> 
>>    Posting here since my Google-fu is coming up short.  I'm trying to setup delegated RPKI in ARIN using rpki.net <http://rpki.net>'s rpkid Python daemon and am running into an issue submitting the identity file to ARIN's control panel. The same file submitted to RIPE's  test environment at https://localcert.ripe.net/#/rpki works without issue, while submitting to ARIN results in "Invalid Identity.xml file."
>> 
>>    The guide I'm following is this one: https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md and I'm able to get as far as generating the identity file.
>> 
>>    Wondering if anyone has gone down this road before and has any helpful hints to make this work?
>> 
>>    Cheers,
>>    Chris
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200205/6e3c9d0f/attachment.html>


More information about the NANOG mailing list