Hello Andrew, Thanks for your question.
* Only holders of resources received directly from ARIN are able to create ROAs for those resources. * Organizations who are recipients of reallocated or detailed reassignments can create IRR objects, not RPKI ROAs for those resources. * Organizations who are recipients of simple reassignments may not user IRR or RPKI services. Best regards, Brad Gorman Sr Product Owner, Routing Security ARIN From: arin-tech-discuss <[email protected]> on behalf of Andrew Gallo <[email protected]> Date: Monday, June 24, 2024 at 10:52 To: David Farmer <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [arin-tech-discuss] Who can generate ROAs when a holder reassigns or reallocations address space? I like that idea. I was thinking along the same lines. When a prefix is delegated, associate a Routing POC with the prefix which would be allowed to generate ROAs and IRR objects. If no association is made, only the parent can take these actions. Question- do you think the delegating/parent holder should be allowed to generate ROAs if there is a downstream Routing POC? On 6/24/2024 10:08 AM, David Farmer wrote: > I wonder if a tactic to address this issue is expanding the use of the > Router POC. Maybe a Router POC could be created at the resource level or > with a Detailed Reassignment instead of a Router POC at the Organization > Level, providing a fine-grained mechanism to delegate control of ROA and > IRR. > > Just a thought. > > On Mon, Jun 24, 2024 at 8:34 AM Andrew Gallo <[email protected]> wrote: > >> If a holder of address resources reassigns or reallocates a portion of >> that space, who can create an RPKI ROA? The original holder (parent), >> the downstream org that has the delegated portion of the space? >> >> The three options for reassignment/reallocation are >> Simple Reassignment >> Detailed Reassignment >> Reallocation >> (definitions below) >> >> Based on my reading, Simple Reassignment allows only the 'parent' (or >> delegating) org allowed to create ROAs. But what about Detailed? The >> downstream org can have POCs and maintain reverse nameserver records. >> Can they also generate ROAs or IRR objects? >> >> What about Reallocation? >> >> Thank you. >> >> >> >>> Simple Reassignment >>> Use this option if you will manage abuse and network contacts for >>> your customer. >>> >>> Detailed Reassignment >>> Use this for a downstream organization that needs to maintain its >>> own reverse nameservers and/or separate Point of Contact (POC) >>> information. >>> >>> Reallocation >>> Use this for a downstream organization that needs to maintain its >>> own reverse nameservers and/or separate Point of Contact (POC) >>> information and make reassignments of IP addresses to its own customers. >>> >> _______________________________________________ >> arin-tech-discuss mailing list >> [email protected] >> https://lists.arin.net/mailman/listinfo/arin-tech-discuss >> >
_______________________________________________ arin-tech-discuss mailing list [email protected] https://lists.arin.net/mailman/listinfo/arin-tech-discuss
