[lacnog] Bogon route objects in the LACNIC IRR

Job Snijders job en sobornost.net
Mie Ago 18 13:27:50 -03 2021

On Wed, Aug 18, 2021 at 01:18:24PM -0300, Rubens Kuhl wrote:
> There is no connection whatsoever between RPKI and commercial CAs. The
> only trust anchors in the routing system that routing operators
> actually configure are the RIR ones.  I've never seen a certificate
> saying "" from DigiCert, Comodo etc. And if they issue such,
> nobody would trust such a cert anyways.

Good point of clarification.

The term "Certificate Authority" in context of the RPKI means anyone
(could be you or me) is in possession of the private crypto keys to
muster signatures related to specific RFC 3779 delegated Internet Number

Virtually every individual entity who received Internet Number Resources
from its RIR can become a Certificate Authority. The moment they create
a ROA (also called a 'cryptographic product'), the cryptographic parent
of that ROA (a X.509 "CA:TRUE" Certificate) will appear in the RPKI
publication system.

There are few X.509 tools available to inspect the RPKI by hand, the
'openssl' command line utility is a good starting point.

Kind regards,


Más información sobre la lista de distribución LACNOG