RPKI Troubleshooting

I Don’t See a “Manage RPKI” Option on My Organization’s Page in ARIN Online

You will not see this option if your resources:

• Are not covered by a Registration Services Agreement (RSA) or Legacy RSA (LRSA)
• Are not issued directly to your organization by ARIN

I Can’t Create a ROA

Are your resources covered by a resource certificate? In order for a ROA to be valid, each IP address included must be covered by the resource certificate. If any IP address (IPv4 or IPv6) in any ROA prefix is not covered by the resource certificate, the entire ROA is considered invalid and will not be signed.

My RPKI Repository Has Been Compromised

Should your RPKI repository become corrupted, compromised, or inaccessible, you must:

1. Create an Ask ARIN help desk ticket in ARIN Online to request to have your current resource certificate deleted.
2. Request a new delegated resource certificate from ARIN.
3. Delete and recreate all RPKI objects within your repository.

Resources Have Been added to or Removed from My Certificate

During the process of issuing or revoking Internet number resources, ARIN may add or remove them from your RPKI resource certificate as appropriate. If resources are removed, the resource certificate will reflect that change and ROA’s that no longer fit in that resource set will be removed. Additional resources will be added to the existing certificate and will not change the existing ROA’s. You then can add or modify new ROA’s at your leisure to reflect changes to your new resources. Some resources are not eligible to be certified in RPKI, such as:

• Resources not directly issued to your organization by ARIN
• Resources not covered by an RSA or LRSA agreement