Hi Jeff, While I can’t offer you a solution today, I’m happy to tell you we’ve recognised this particular use case and are working on a free, open source solution.
We're building a toolset that allows you to run a CA as a child of one or multiple RIRs transparently and publish using your own or a third party publication server. In addition, we’ll provide validation software. https://www.nlnetlabs.nl/projects/rpki/project-plan/ For the validation software we have running code that is already used in production in various places: https://github.com/NLnetLabs/routinator With development ongoing, we’re still in the process of getting this fully funded as we’re a small non-profit. So far the RIPE NCC Community Projects Fund and Brazilian registry NIC.br are contributing to financing this project. Our goal to to provide something that is on par with our other projects, such as NSD and Unbound. Happy to keep you updated on the progress. Cheers, Alex Band NLnet Labs > On 23 Nov 2018, at 18:51, Jeff McAdams <je...@iglou.com> wrote: > > OK, I'm trying to do the responsible thing and further the progress and > deployment of RPKI. I feel like I have a pretty good handle on a path > forward for doing validation and routing-policy based on ROA validation. > > However, I also feel like I'm really banging my head against a wall trying > to set up publication of ROAs. $employer has IP space from several RIRs, > and enough space that there is a pretty strong desire to have our own > publication system for this, but I'm really struggling to find extant > software to do this. > > Are there people doing their own publication? Or is everyone just using > Hosted ARIN/RIPE/APNIC/etc. systems? My colleagues and I feel like trying > to manage and automate processes against multiple RIRs is not ideal, so > setting up a publication system that can use the Up-Down protocol, or > perhaps publish our own publication points, or whatever is the best way to > handle this would be desired. > > Can anyone point me to some facilitating resources on this? Software > packages that are reasonably current and maintained and not a total pain > to deploy? > > -- > Jeff
