hi max, > I have just moved a big network from one company to another, and found > that it is not possible to move RPKI records as well, as it works with > all linked (more specific) inetnums, routes, etc.
i bet. as you obviously know, your records are a tree, and you are changing the root. a possible path is that the CA software you use, either delegated or ncc-hosted, could export the semantic (not crypto) content of the resources and roas in a form which could then be imported into new root. i am not aware of CA software, other than the antique DRL, which could export and import csv, which supports this. as it may not be a frequently needed feature, it may be hard to convince CA devs to develop such a thing. > It was a big pain to quickly set it up again in the new account, and > also some risk to lose network connectivity. there should be no risk if you do the mops in order. first delete all roas and give things time to settle, maybe a day or so. then they all go NotFound, you can then populate the new tree's roas at leisure, and bob's your uncle. you might even populate the new tree earlier, iff the CA hierarchy will let you have both trees at the same time. randy ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/ncc-services-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
