Re: Your Input Needed: Can ROA Replace LOA? ? Short Survey (7 mins)

[owen--- via NANOG <nanog () nanog org>]

> On Nov 17, 2023, at 07:02, Tom Beecher <beecher () beecher cc> wrote:
>
> > Therefore, Cogent currently does not have and is not member of ARIN. It refuses to sign contract with ARIN and 
> > currently Cogent is not bound by this RUD rules and regulations.
> >
> > There is one downfall to not being ARIN member, Cogent cannot currently issue ROAs or RPKIs. They only update RIR in 
> > ROADB database for the leased out IP addresses.
>
> Not entirely accurate. 
>
> Cogent Communications is already a General Member of ARIN. You can see that for yourself here : 
> https://account.arin.net/public/member-list . *Membership* is not a prerequisite for anything RPKI. 

Membership is not, but…

You can’t have ARIN resources under contract without also getting membership along with them any more, so, effectively, 
you can’t get RPKI without membership.

However, just because you are a member doesn't mean you can get RPKI for all of your resources… Indeed, you can only 
get RPKI for your resources under ARIN contract.

> ARIN requires an RSA or LRSA in place covering a number resource before they will be the trust anchor for that number 
> resource. In the design of RPKI, this should make logical sense. Many legacy resource holders have their own reasons 
> on why they chose not to sign an LRSA for those resources, so there is a chicken/egg problem here. 

Interestingly, RIPE-NCC will issue RPKI for non-contracted resources if they have a sponsoring LIR. Generally this 
means paying 70-100EU/year/resource to some RIPE member (who ends up passing 50EU of that to RIPE as part of their 
annual fees). LIR Prices vary greatly, so be prepared to negotiate.

Or just don’t bother with RPKI, you’re not really missing anything.

Owen