ARIN RPA updated (again) to address TAL distribution (Re: ARIN RPKI services terms/conditions - Change to Management of the Trust Anchor Locator for ARINʼs RPKI Service)
Claudio Jeker
cjeker at diehard.n-r-g.com
Fri Sep 30 13:57:14 UTC 2022
On Thu, Sep 29, 2022 at 03:30:55PM -0700, Randy Bush wrote:
> >> may i include the arin tal in my software product with neither i nor
> >> the user of the product being encumbered, signing anything, ... as
> >> with the other RIRs?
> > Yes.
>
> excellent. thank you.
>
> [ and arin might ask itself why and how it took O(decade) to come to
> this simple position; just in case there are other mis-matches between
> arin's positions and community needs ]
>
Randy, did you sign the RPA?
I did not sign the RPA.
Am I allowed to use rpki software like this?
And am I in any way restricted in the use of the produced work below
from this RP software?
> rpki-client -t /etc/rpki/arin.tal -d /tmp/a /tmp
rpki-client: https://rpki.sailx.co/rrdp/notification.xml: TLS handshake: certificate verification failed: certificate has expired
rpki-client: https://rpki.sailx.co/rrdp/notification.xml: load from network failed, fallback to rsync
rpki-client: rpki-rps.arin.net/repository/8a848adf8143bf6201823bd454752be6/0/267181B0A5DD38D60BCC22881342C64FFC8CBC1F.mft: no valid mft available
rpki-client: rpki-rps.arin.net/repository/8a848ade7fb71aa9017fdd9c5dd324c7/0/EB1DD8AA3E2B6864E06379C751DBFFFCC6418350.mft: no valid mft available
rpki-client: rpki-rps.arin.net/repository/8a848ade7fb71aa901800003287f4402/0/2BF7605B8927C87448B3B294A8B61D8E983248E0.mft: no valid mft available
rpki-client: rpki-rps.arin.net/repository/8a848adf7fb722e9017ffead9f534ac5/0/BFA2750976CA07F56A68976B0F01EB862F17C3B3.mft: no valid mft available
openrsync: warning: connect timeout: 208.82.103.214, rpki.sailx.co
openrsync: error: cannot connect to host: rpki.sailx.co
rpki-client: rsync rsync://rpki.sailx.co/repo failed
rpki-client: .rsync/rpki.sailx.co/repo: load from network failed, fallback to cache
rpki-client: rpki.sailx.co/repo/Sail-Internet-Inc/0/DFC5509768EA587E638D20680032E0FF122BD25A.mft: no valid mft available
Processing time 202 seconds (54 seconds user, 30 seconds system)
Skiplist entries: 0
Route Origin Authorizations: 56644 (0 failed parse, 0 invalid)
AS Provider Attestations: 0 (0 failed parse, 0 invalid)
BGPsec Router Certificates: 0
Certificates: 2878 (0 invalid)
Trust Anchor Locators: 1 (0 invalid)
Manifests: 2878 (5 failed parse, 0 stale)
Certificate revocation lists: 2873
Ghostbuster records: 0
Repositories: 16
Cleanup: removed 0 files, 2900 directories, 580 superfluous
VRP Entries: 81311 (75592 unique)
VAP Entries: 0 (0 unique)
# Processing time 202 seconds (54s user, 30s system)
# Route Origin Authorizations: 56644 (0 failed parse, 0 invalid)
# BGPsec Router Certificates: 0
# Certificates: 2878 (0 invalid)
# Trust Anchor Locators: 1 (0 invalid) [ /etc/rpki/arin.tal ]
# Manifests: 2878 (5 failed parse, 0 stale)
# Certificate revocation lists: 2873
# Ghostbuster records: 0
# Repositories: 16
# VRP Entries: 81311 (75592 unique)
roa-set {
3.0.0.0/15 source-as 16509 expires 1664683200
3.0.0.0/15 source-as 38895 expires 1664683200
3.0.0.0/10 maxlen 24 source-as 8987 expires 1664683200
3.0.0.0/10 maxlen 24 source-as 14618 expires 1664683200
3.0.0.0/10 maxlen 24 source-as 16509 expires 1664683200
3.2.1.0/24 source-as 16509 expires 1664683200
3.3.5.0/24 source-as 7224 expires 1664683200
3.4.1.0/24 source-as 7224 expires 1664683200
3.4.2.0/24 source-as 7224 expires 1664683200
3.4.4.0/24 source-as 7224 expires 1664683200
3.33.48.0/20 maxlen 24 source-as 7224 expires 1664683200
3.64.0.0/10 maxlen 24 source-as 8987 expires 1664683200
3.64.0.0/10 maxlen 24 source-as 14618 expires 1664683200
3.64.0.0/10 maxlen 24 source-as 16509 expires 1664683200
3.112.0.0/14 source-as 16509 expires 1664683200
3.128.0.0/10 maxlen 24 source-as 8987 expires 1664683200
3.128.0.0/10 maxlen 24 source-as 14618 expires 1664683200
3.128.0.0/10 maxlen 24 source-as 16509 expires 1664683200
3.192.0.0/10 maxlen 24 source-as 8987 expires 1664683200
3.192.0.0/10 maxlen 24 source-as 14618 expires 1664683200
3.192.0.0/10 maxlen 24 source-as 16509 expires 1664683200
4.128.0.0/12 source-as 8075 expires 1664769600
4.144.0.0/12 source-as 8075 expires 1664769600
4.160.0.0/12 source-as 8075 expires 1664769600
4.176.0.0/12 source-as 8075 expires 1664769600
4.192.0.0/12 source-as 8075 expires 1664769600
4.208.0.0/12 source-as 8075 expires 1664769600
4.224.0.0/12 source-as 8075 expires 1664769600
4.240.0.0/12 source-as 8075 expires 1664769600
8.2.120.0/24 source-as 20473 expires 1664683200
8.2.121.0/24 source-as 20473 expires 1664683200
8.2.122.0/24 source-as 20473 expires 1664683200
8.3.29.0/24 source-as 20473 expires 1664683200
8.6.8.0/24 source-as 20473 expires 1664683200
8.6.193.0/24 source-as 20473 expires 1664683200
8.7.233.0/24 source-as 20473 expires 1664683200
8.8.4.0/24 source-as 15169 expires 1664683200
8.8.8.0/24 source-as 15169 expires 1664683200
...
--
:wq Claudio
More information about the NANOG
mailing list