Creating ROAs for *all* the announcements that are done with your prefixes, both on your own AS and the ones announced by AWS, is probably the best way forward from both a routing security and ease-of-management perspective.
-Alex > On 28 Oct 2022, at 17:00, Samuel Jackson <bobin.pub...@gmail.com> wrote: > > Hello, > I am new to RPKI/ROA and still learning about RPKI. From all my reading on > ARIN's documents I am not able to answer some of my questions. > We have a public ARIN block and advertise smaller subnets from that to our > ISP's. We do not have any RPKI configs. > We need to setup ROA's to take another subnet from the ARIN block to AWS. > Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI > service after which I can configure ROA's for the networks I am taking to AWS. > > My question is, will this impact my existing advertisements to my ISP's. The > current advertisements do not have ROA's. > Will having RPKI for my ARIN network, without ROA's for the existing > advertisements impact me? > > Thanks for your help. > > Ref: > https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html > https://www.arin.net/resources/manage/rpki/roa_request/ > https://www.arin.net/resources/manage/rpki/hosted/
