Hi, Everyone is welcome to read that list of course, but the TL;DR is: ARIN currently uses a pre RFC 8183 format for the identity exchange. It would be good if this were updated. New versions of rpkid as well as Krill have issues with the old format. In the meantime this XSL provided by rpki.net can be of help: https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/o... <https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl> Note: if you are planning to give Krill a try we recommend that you wait for version 0.5. We expect to have this version ready in 1-2 weeks. It will include usability improvements, better monitoring and a UI. Kind regards, Tim
On 5 Feb 2020, at 16:03, Christopher Munz-Michielin <christopher@ve7alb.ca> wrote:
Brilliant! Thanks for the write up Cynthia, I'll have a read through!
Chris
On 2020-02-05 1:56 a.m., Cynthia Revström wrote:
(Re-sent as I forgot to include the ML the first time, oops) Hi Chris,
I recently figured it out and posted it on the NLNetLabs RPKI mailing list. https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html <https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html> I hope it helps :)
- Cynthia
On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin <christopher@ve7alb.ca <mailto:christopher@ve7alb.ca>> wrote:
Hi Nanog,
Posting here since my Google-fu is coming up short. I'm trying to setup delegated RPKI in ARIN using rpki.net <http://rpki.net>'s rpkid Python daemon and am running into an issue submitting the identity file to ARIN's control panel. The same file submitted to RIPE's test environment at https://localcert.ripe.net/#/rpki works without issue, while submitting to ARIN results in "Invalid Identity.xml file."
The guide I'm following is this one: https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial... and I'm able to get as far as generating the identity file.
Wondering if anyone has gone down this road before and has any helpful hints to make this work?
Cheers, Chris