ROA Will Expire Soon - ARIN

Paul Emmons paul at emmons.mx
Fri Sep 9 18:44:18 UTC 2022


In our experience, I think, we do a 24 month rpki cert tied the key shared
with ARIN. You simply create a new rpki cert in the ARIN hosted service.
Due operational reasons we will delete an old cert a month after publishing
the new cert just to keep things clean.  We don't have a lot of space
turnover so we will typically do a new cert 2 or 3 times a year.

If your underlying resources are pretty much static, just make your cert
good for as long as you can.

On Fri, Sep 9, 2022, 9:08 AM Ca By <cb.list6 at gmail.com> wrote:

>
>
> On Fri, Sep 9, 2022 at 9:04 AM Brad Gorman <bgorman at arin.net> wrote:
>
>> A message is sent to points of contact of an Org one month before
>> expiration of a ROA in the ARIN repository.  At any time prior to the ROA
>> expiry, a new (duplicate) ROA can be created for the same resources with a
>> new expiry date in the future. The soon to expire ROA can be deleted once
>> the new ROA has been published to the repository or you can simply wait for
>> it to expire.
>>
>>
>>
>>
>>
>> Brad
>>
>>
> Any chance arin can post a step by step guide on the arin website?
>
> Seems like a big deal to have an roa expire, and a well documented process
> will create a lot of confidence.
>
> As where an expired roa outage will cause a company to never use rpki
> again.
>
>>
>>
>> *From: *NANOG <nanog-bounces+bgorman=arin.net at nanog.org> on behalf of Ca
>> By <cb.list6 at gmail.com>
>> *Date: *Friday, September 9, 2022 at 10:12 AM
>> *To: *John Sweeting <jsweeting at arin.net>
>> *Cc: *North American Network Operators' Group <nanog at nanog.org>
>> *Subject: *Re: ROA Will Expire Soon - ARIN
>>
>>
>>
>>
>>
>>
>>
>> On Fri, Sep 9, 2022 at 5:21 AM John Sweeting <jsweeting at arin.net> wrote:
>>
>> You can contact the ARIN Helpdesk at +1-703-227-0660. Someone will also
>> be sending you an email off list.
>>
>>
>>
>> John
>>
>>
>>
>> Where is ARIN’s documented procedure for how hosted ROAs handle renewal
>> prior to expiration ?
>>
>>
>>
>>
>>
>>
>> Sent from my iPhone
>>
>> > On Sep 9, 2022, at 8:01 AM, Terrance Devor <ter.devor at gmail.com> wrote:
>> >
>> >
>> > Can someone from ARIN please reach out to me. We don't want the ROA to
>> expire...
>> >
>> > Kind Regards,
>> > Terrance
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220909/12f39329/attachment.html>


More information about the NANOG mailing list