Hi Mats, This is caused by an issue at CNNIC regarding updating their CRL and Manifest files (and quite possibly they aren't publishing any new ROAs either). I heard that they have already been contacted about this. If they do not fix the issue, then eventually all of CNNIC's objects will become invalid, meaning that announcements for CNNIC space will become RPKI unknown. Note that if you have an 'rpki invalid == reject' policy, this means these announcements will still be accepted, albeit unprotected by RPKI.
There is nothing you are supposed to with these errors, unless you want to reach out to them as well. However, if you should see many connection failures and stale messages like this across the board, then they could indicate that there is a local connectivity issue with your routinator. Tim > On 14 May 2019, at 15:21, [email protected] wrote: > > Hi > > What to do with the following errors (lots of them i loggfile) > > > rsync://rpki.cnnic.cn/rpki/A9162E3D0000/434/vKNmUQM0s3Q9LdxCYyt5dBbI3oU.crl: > stale CRL. > rsync://rpki.cnnic.cn/rpki/A9162E3D0000/2100/vhT5zP4zduEf4yGQGFeaI0-cvlI.mft: > stale manifest > > All of them refers to rpki.cnnic.cn > > > /mm > -- > RPKI mailing list > [email protected] > https://www.nlnetlabs.nl/mailman/listinfo/rpki -- RPKI mailing list [email protected] https://www.nlnetlabs.nl/mailman/listinfo/rpki
