Cogent x RPKI

Rubens Kuhl rubensk at
Mon Aug 9 12:24:56 UTC 2021

> >> Someone that poses as a Tier-1 and doesn't even plan to sign their
> >> announcements ? How much more depeering will make them reconsider ?
> Please keep in mind that sound technical, administrative, or financial
> reasons can exist that hamper one's ability to create RPKI ROAs.
> For example, if the IP space is LEGACY, and not covered by a 'LRSA'
> (ARIN) or 'Legacy Agreement' (RIPE), then RPKI certificate issuance
> services simply are not available for that IP space. Without an
> agreement with a RIR to arrange RPKI services, logically, one cannot
> create ROAs.

In the case at hand, the IP block is not legacy, it was an ARIN
allocation from the start. Cogent does have a number of legacy blocks
but AFAIK they wouldn't need to bring them to an LRSA in order to
issue ROAs for the non-legacy blocks.

> Perhaps in your case, if RPKI is a requirement, you are better off
> bringing your own (RPKI capable) IP space?

With IPv4 depleted at most RIRs, getting someone's own IPv4 space is
not happening anytime soon.


More information about the NANOG mailing list