ACSP Suggestion 2022.21: Allow Multiple RPKI Certificate Authorities to Publish to each Org-ID


Author: Rich Compton   
Submitted On: 28 July 2022


Allow multiple RPKI CAs to publish to each Org-ID.

In our use case, we want to run the hybrid RPKI model where we use krill as the CA and then use ARIN’s publication server and repository. We want to create child CAs in krill and assign prefixes to various business units. This would require these child CAs to be able to publish to ARN. Right now only one CA can publish to each Org-ID.

Value to Community: This will allow organizations to delegate the generation/administration of ROAs to child CAs.

Timeframe: Not specified

Status: Open   Updated: 03 August 2022

Tracking Information

ARIN Comment

3 August 2022

Thank you for your suggestion, numbered 2022.21 on confirmed receipt, requesting that we allow multiple RPKI Certificate Authorities (CAs) to publish to each Org ID so that organizations can delegate the generation/administration of ROAs to child CAs using ARIN’s Repository Service (RPS) for Delegated RPKI.

We agree with your suggestion that adding this feature would benefit the ARIN community. This enhancement to the ARIN RPS for Delegated RPKI will be added to the development roadmap, pending prioritization.

Thank you for participating in the ARIN Consultation and Suggestion Process. Your suggestion will remain open until implemented.


American Registry for Internet Numbers (ARIN)