Upcoming Changes to ARIN’s Resource Public Key Infrastructure (RPKI)
Posted: Thursday, 13 April 2023
Service Update
The upcoming May software release will include multiple improvements to ARIN’s Resource Public Key Infrastructure (RPKI) services that will impact customers who utilize Hosted RPKI. These improvements will comprise a new, streamlined process for Route Origin Authorization (ROA) creation and maintenance, the introduction of auto-renewal for ROAs, and automation of previously ticketed processes for a more efficient RPKI experience.
ROA Creation
Customers will no longer need a ROA request signing key to register for Hosted RPKI services. Because customers will no longer need to create a private key, the ARIN Online user interface will feature streamlined and simplified ROA creation forms.
For customers who utilize ARIN’s API, there will be a new RESTful endpoint to create ROAs that will provide parity with the user interface improvements. For the foreseeable future, ARIN will continue supporting the existing (now referred to as legacy) RESTful provisioning endpoint for organizations with their own internal signing requirements.
ROA Auto-renewal
After the May software release, any ROA created via ARIN Online or the new RESTful provisioning endpoint will be automatically renewed, meaning all newly created ROAs will persist indefinitely until they are manually deleted. ARIN will also apply the auto-renew feature to any existing ROAs when we deploy this new functionality.
Please note: Any new ROAs created with the legacy RESTful endpoint will not be auto-renewed. If you would like your ROAs to be auto-renewed, you will need to use ARIN Online or the new RESTful provisioning endpoint. ARIN will be contacting customers who have created ROAs in both ARIN Online and REST to determine how they prefer to manage their existing ROAs.
More Efficient Processes
ARIN will automate resource certificate requests for users who hold Internet number resources under a Registration Services Agreement or Legacy Registration Services Agreement with ARIN. We are also improving the user interface for ROA generation. After successfully creating a ROA, you will see a confirmation notice before returning to your list of ROAs, which puts you one click away from creating your next ROA if necessary.
We hope these changes will make signing up for RPKI services much easier for our customers.
ARIN will inform the community when the software deployments are completed in May. In the meantime, visit the ARIN Blog in the coming weeks for additional details on these improvements.
Regards,
Brad Gorman
Senior Product Owner, ARIN Routing Security
American Registry for Internet Numbers (ARIN)
Recent Announcements
- Reminder - ARIN Will Only Support TLS 1.2 and TLS 1.3 Cryptographic Features Across All ARIN Services As of 3 February 2025
- UPDATE - Consultation on Reallocation Control Features
- Reclassification of Inactive General Members Completed 18 November 2024
- ARIN 54 Meeting Report Now Available
- 2024 ARIN Election Results
- ARIN Makes Second Contribution to IETF Endowment
- NOW CLOSED - Consultation on Reallocation Control Features
- New Features Added to ARIN Online
- ARIN 54 Begins Today
- NRO Announcement on AFRINIC
- » View Archive