Upcoming Changes to ARIN’s Resource Public Key Infrastructure (RPKI)

Posted: Thursday, 13 April 2023

The upcoming May software release will include multiple improvements to ARIN’s Resource Public Key Infrastructure (RPKI) services that will impact customers who utilize Hosted RPKI. These improvements will comprise a new, streamlined process for Route Origin Authorization (ROA) creation and maintenance, the introduction of auto-renewal for ROAs, and automation of previously ticketed processes for a more efficient RPKI experience.

ROA Creation

Customers will no longer need a ROA request signing key to register for Hosted RPKI services. Because customers will no longer need to create a private key, the ARIN Online user interface will feature streamlined and simplified ROA creation forms.

For customers who utilize ARIN’s API, there will be a new RESTful endpoint to create ROAs that will provide parity with the user interface improvements. For the foreseeable future, ARIN will continue supporting the existing (now referred to as legacy) RESTful provisioning endpoint for organizations with their own internal signing requirements.

ROA Auto-renewal

After the May software release, any ROA created via ARIN Online or the new RESTful provisioning endpoint will be automatically renewed, meaning all newly created ROAs will persist indefinitely until they are manually deleted. ARIN will also apply the auto-renew feature to any existing ROAs when we deploy this new functionality.

Please note: Any new ROAs created with the legacy RESTful endpoint will not be auto-renewed. If you would like your ROAs to be auto-renewed, you will need to use ARIN Online or the new RESTful provisioning endpoint. ARIN will be contacting customers who have created ROAs in both ARIN Online and REST to determine how they prefer to manage their existing ROAs.

More Efficient Processes

ARIN will automate resource certificate requests for users who hold Internet number resources under a Registration Services Agreement or Legacy Registration Services Agreement with ARIN. We are also improving the user interface for ROA generation. After successfully creating a ROA, you will see a confirmation notice before returning to your list of ROAs, which puts you one click away from creating your next ROA if necessary.

We hope these changes will make signing up for RPKI services much easier for our customers.

ARIN will inform the community when the software deployments are completed in May. In the meantime, visit the ARIN Blog in the coming weeks for additional details on these improvements.

Regards,

Brad Gorman
Senior Product Owner, ARIN Routing Security
American Registry for Internet Numbers (ARIN)