Hello folks, I use ARIN hosted RPKI to publish ROAs The ROAs have an expire date How do i rotate the cert to push out the expiration date? Does ARIN do this for me? Thanks!
I believe it's manual, ten years and you need to update the roa. On Fri, Nov 20, 2020, 6:55 AM Ca By <cb.list6@gmail.com> wrote:
Hello folks,
I use ARIN hosted RPKI to publish ROAs
The ROAs have an expire date
How do i rotate the cert to push out the expiration date? Does ARIN do this for me?
Thanks!
On Fri, Nov 20, 2020 at 10:59 AM TJ Trout <tj@pcguys.us> wrote:
I believe it's manual, ten years and you need to update the roa.
I don't think 10yrs is correct... I do think you'd be responsible for re-publishing your content periodically though. Looking at, quite a handy tool, job's console.rpki-client.org for a set of things that concern me, this one in particular: (one particular ROA) <http://console.rpki-client.org/rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/5e9328a9-e1d2-45d8-bdb5-eefe152994f9/c130a86a-6524-3fd7-9dbf-338bc9d5a0a7.roa.html> Validity Not Before: Aug 18 04:00:00 2020 GMT Not After : Nov 20 05:00:00 2022 GMT Oh, I do see that the parent cert here is: <http://console.rpki-client.org/rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/5e9328a9-e1d2-45d8-bdb5-eefe152994f9.cer.html> which has: Validity Not Before: Oct 1 11:28:43 2019 GMT Not After : Oct 1 11:28:43 2029 GMT This is, I think, actually controlled by ARIN, it has the subordinate resources from ARIN -> this-org in it... so at least the content of this file is generated/maintained by the parent (RIR in this case).
On Fri, Nov 20, 2020, 6:55 AM Ca By <cb.list6@gmail.com> wrote:
Hello folks,
I use ARIN hosted RPKI to publish ROAs
The ROAs have an expire date
How do i rotate the cert to push out the expiration date? Does ARIN do this for me?
Thanks!
On Fri, Nov 20, 2020 at 8:12 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Fri, Nov 20, 2020 at 10:59 AM TJ Trout <tj@pcguys.us> wrote:
I believe it's manual, ten years and you need to update the roa.
I don't think 10yrs is correct... I do think you'd be responsible for re-publishing your content periodically though.
Can anyone point me to a procedure on how this can be done safely using arin machinery ?
Looking at, quite a handy tool, job's console.rpki-client.org for a set of things that concern me, this one in particular: (one particular ROA) < http://console.rpki-client.org/rpki.arin.net/repository/arin-rpki-ta/5e4a23e...
Validity Not Before: Aug 18 04:00:00 2020 GMT Not After : Nov 20 05:00:00 2022 GMT
Oh, I do see that the parent cert here is: < http://console.rpki-client.org/rpki.arin.net/repository/arin-rpki-ta/5e4a23e...
which has: Validity Not Before: Oct 1 11:28:43 2019 GMT Not After : Oct 1 11:28:43 2029 GMT
This is, I think, actually controlled by ARIN, it has the subordinate resources from ARIN -> this-org in it... so at least the content of this file is generated/maintained by the parent (RIR in this case).
On Fri, Nov 20, 2020, 6:55 AM Ca By <cb.list6@gmail.com> wrote:
Hello folks,
I use ARIN hosted RPKI to publish ROAs
The ROAs have an expire date
How do i rotate the cert to push out the expiration date? Does ARIN do
this for me?
Thanks!
participants (3)
-
Ca By
-
Christopher Morrow
-
TJ Trout