In our experience, I think, we do a 24 month rpki cert tied the key shared with ARIN. You simply create a new rpki cert in the ARIN hosted service. Due operational reasons we will delete an old cert a month after publishing the new cert just to keep things clean. We don't have a lot of space turnover so we will typically do a new cert 2 or 3 times a year.
If your underlying resources are pretty much static, just make your cert good for as long as you can. On Fri, Sep 9, 2022, 9:08 AM Ca By <cb.li...@gmail.com> wrote: > > > On Fri, Sep 9, 2022 at 9:04 AM Brad Gorman <bgor...@arin.net> wrote: > >> A message is sent to points of contact of an Org one month before >> expiration of a ROA in the ARIN repository. At any time prior to the ROA >> expiry, a new (duplicate) ROA can be created for the same resources with a >> new expiry date in the future. The soon to expire ROA can be deleted once >> the new ROA has been published to the repository or you can simply wait for >> it to expire. >> >> >> >> >> >> Brad >> >> > Any chance arin can post a step by step guide on the arin website? > > Seems like a big deal to have an roa expire, and a well documented process > will create a lot of confidence. > > As where an expired roa outage will cause a company to never use rpki > again. > >> >> >> *From: *NANOG <nanog-bounces+bgorman=arin....@nanog.org> on behalf of Ca >> By <cb.li...@gmail.com> >> *Date: *Friday, September 9, 2022 at 10:12 AM >> *To: *John Sweeting <jsweet...@arin.net> >> *Cc: *North American Network Operators' Group <nanog@nanog.org> >> *Subject: *Re: ROA Will Expire Soon - ARIN >> >> >> >> >> >> >> >> On Fri, Sep 9, 2022 at 5:21 AM John Sweeting <jsweet...@arin.net> wrote: >> >> You can contact the ARIN Helpdesk at +1-703-227-0660. Someone will also >> be sending you an email off list. >> >> >> >> John >> >> >> >> Where is ARIN’s documented procedure for how hosted ROAs handle renewal >> prior to expiration ? >> >> >> >> >> >> >> Sent from my iPhone >> >> > On Sep 9, 2022, at 8:01 AM, Terrance Devor <ter.de...@gmail.com> wrote: >> > >> > >> > Can someone from ARIN please reach out to me. We don't want the ROA to >> expire... >> > >> > Kind Regards, >> > Terrance >> >>
