ACSP Suggestion 2022.21: Allow Multiple RPKI Certificate Authorities to Publish to each Org-ID
Author: Rich Compton
Submitted On: 28 July 2022
Allow multiple RPKI CAs to publish to each Org-ID.
In our use case, we want to run the hybrid RPKI model where we use krill as the CA and then use ARIN’s publication server and repository. We want to create child CAs in krill and assign prefixes to various business units. This would require these child CAs to be able to publish to ARN. Right now only one CA can publish to each Org-ID.
Value to Community: This will allow organizations to delegate the generation/administration of ROAs to child CAs.
Timeframe: Not specified
Status: Open Updated: 03 August 2022
3 August 2022
Thank you for your suggestion, numbered 2022.21 on confirmed receipt, requesting that we allow multiple RPKI Certificate Authorities (CAs) to publish to each Org ID so that organizations can delegate the generation/administration of ROAs to child CAs using ARIN’s Repository Service (RPS) for Delegated RPKI.
We agree with your suggestion that adding this feature would benefit the ARIN community. This enhancement to the ARIN RPS for Delegated RPKI will be added to the development roadmap, pending prioritization.
Thank you for participating in the ARIN Consultation and Suggestion Process. Your suggestion will remain open until implemented.
American Registry for Internet Numbers (ARIN)