ARIN hosted RPKI key rotation
cb.list6 at gmail.com
Fri Nov 20 16:34:40 UTC 2020
On Fri, Nov 20, 2020 at 8:12 AM Christopher Morrow <morrowc.lists at gmail.com>
> On Fri, Nov 20, 2020 at 10:59 AM TJ Trout <tj at pcguys.us> wrote:
> > I believe it's manual, ten years and you need to update the roa.
> I don't think 10yrs is correct... I do think you'd be responsible for
> re-publishing your content periodically though.
Can anyone point me to a procedure on how this can be done safely using
arin machinery ?
> Looking at, quite a handy tool, job's console.rpki-client.org for a
> set of things that concern me, this one in particular:
> (one particular ROA)
> Not Before: Aug 18 04:00:00 2020 GMT
> Not After : Nov 20 05:00:00 2022 GMT
> Oh, I do see that the parent cert here is:
> which has:
> Not Before: Oct 1 11:28:43 2019 GMT
> Not After : Oct 1 11:28:43 2029 GMT
> This is, I think, actually controlled by ARIN, it has the subordinate
> resources from ARIN -> this-org
> in it... so at least the content of this file is generated/maintained
> by the parent (RIR in this case).
> > On Fri, Nov 20, 2020, 6:55 AM Ca By <cb.list6 at gmail.com> wrote:
> >> Hello folks,
> >> I use ARIN hosted RPKI to publish ROAs
> >> The ROAs have an expire date
> >> How do i rotate the cert to push out the expiration date? Does ARIN do
> this for me?
> >> Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG