Automatic Creation of Managed IRR Route Objects upon RPKI ROA Generation Coming Soon

Posted: Monday, 22 July 2024

In the software release scheduled for 4 November, ARIN plans to implement new features in ARIN Online that will provide tighter integration of ARIN’s Resource Public Key Infrastructure (RPKI) and Internet Routing Registry (IRR) routing security services. These improvements are informed by the community consultation that closed on 20 September 2023.

Based on feedback received from our community during the consultation, ARIN plans to deploy the following features in ARIN Online and in our Application Programming Interface (API) for Hosted RPKI:

  • When a Route Origin Authorization (ROA) is generated, an auto-managed IRR route object will be created based on the contents of the ROA. This feature will be on by default but can be disabled by user action at the Org level. Additionally, a user can opt out of creating an auto-managed IRR route object upon each instance of ROA generation. All auto-managed IRR route objects will be identified as such in a remark field.
  • Auto-managed route objects resulting from ROA generation will use the prefix entry only and not take the maxLength value into consideration (using the least specific match). At ROA generation, the user will have the option to replace any existing, matching, and unmanaged route objects with an auto-managed route object. Users may manually create longer match IRR objects, but these manually created objects will not be auto managed.
  • Deleting a ROA will remove associated auto-managed IRR route objects. A user can opt out of removing auto-managed IRR route objects upon each instance of ROA deletion. If a user chooses to not delete an auto-managed IRR route object, the remarks field will be updated to reflect that the IRR route object is no longer auto-managed. Users maintain the ability to create, modify, or delete all IRR route objects through the Manage IRR page in ARIN Online.
  • ARIN Online users will have the option to selectively create auto-managed IRR route objects based on the Org’s existing ROAs in ARIN’s RPKI repository.

The Reg-RWS API will be updated to reflect the capabilities as described in items one through three above. If you have questions about these upcoming features, please contact us by emailing routing.security@arin.net.

Regards,

Brad Gorman
Senior Product Owner, Routing Security
American Registry for Internet Numbers (ARIN)