RPKI Mgmt Changes at ARIN (was: Fwd: [arin-announce] Upcoming Changes to ARIN’s Resource Public Key Infrastructure (RPKI))

[John Curran <jcurran () arin net>]

Operators -

Some important information regarding forthcoming RPKI management changes at ARIN.

FYI ,
/John

John Curran
President and CEO
American Registry for Internet Numbers


Begin forwarded message:

From: ARIN <info () arin net>
Date: April 13, 2023 at 1:27:19 PM EDT
To: arin-announce () arin net
Subject: [arin-announce] Upcoming Changes to ARIN’s Resource Public Key Infrastructure (RPKI)

The upcoming May software release will include multiple improvements to ARIN’s Resource Public Key Infrastructure 
(RPKI) services that will impact customers who utilize Hosted RPKI. These improvements will comprise a new, streamlined 
process for Route Origin Authorization (ROA) creation and maintenance, the introduction of auto-renewal for ROAs, and 
automation of previously ticketed processes for a more efficient RPKI experience.

**ROA Creation**

Customers will no longer need a ROA request signing key to register for Hosted RPKI services. Because customers will no 
longer need to create a private key, the ARIN Online user interface will feature streamlined and simplified ROA 
creation forms.

For customers who utilize ARIN’s API, there will be a new RESTful endpoint to create ROAs that will provide parity with 
the user interface improvements. For the foreseeable future, ARIN will continue supporting the existing (now referred 
to as legacy) RESTful provisioning endpoint for organizations with their own internal signing requirements.

**ROA Auto-renewal**

After the May software release, any ROA created via ARIN Online or the new RESTful provisioning endpoint will be 
automatically renewed, meaning all newly created ROAs will persist indefinitely until they are manually deleted. ARIN 
will also apply the auto-renew feature to any existing ROAs when we deploy this new functionality.

Please note: Any new ROAs created with the legacy RESTful endpoint will not be auto-renewed. If you would like your 
ROAs to be auto-renewed, you will need to use ARIN Online or the new RESTful provisioning endpoint. ARIN will be 
contacting customers who have created ROAs in both ARIN Online and REST to determine how they prefer to manage their 
existing ROAs.

**More Efficient Processes**

ARIN will automate resource certificate requests for users who hold Internet number resources under a Registration 
Services Agreement or Legacy Registration Services Agreement with ARIN. We are also improving the user interface for 
ROA generation. After successfully creating a ROA, you will see a confirmation notice before returning to your list of 
ROAs, which puts you one click away from creating your next ROA if necessary.

We hope these changes will make signing up for RPKI services much easier for our customers.

ARIN will inform the community when the software deployments are completed in May. In the meantime, visit the ARIN Blog 
in the coming weeks for additional details on these improvements.

Regards,

Brad Gorman
Senior Product Owner, ARIN Routing Security
American Registry for Internet Numbers (ARIN)
…