LACNIC releases a new version of its Resource Certification system (RPKI).

This new software upgrades the version that has been in production for almost 2 years.

The system includes new features such as the following:

  • The Up/Down provisioning protocol is now supported. This means organizations interested in operating their own certification authorities (CAs) will be able to do so. The system also features a new graphical user interface that will simplify certificate management.
  • Automatic certificate and ROA extension and updating.
  • A new notification system which will emit warnings regarding upcoming expiration dates, ROA creation suggestions, warnings regarding possible resource hijacking and statistics.
  • A command line tool (CLI) for those users that are not comfortable operating their own CA but need to automate processes including ROA creation and maintenance.


Migration to the new system will take place on Thursday, November 29th, 2012 at 12.00 UTC and will take approximately 2 hours. During this period of time the RPKI system's web interface will not be available; however, the repository's current content will not be affected so no downtime is expected for validation tools.

At the same time, LACNIC will take the opportunity presented by the migration and perform a key rollover of its resource certificates. This means that the file known as the "Trust Anchor Locator" (TAL) will change.

The new TAL file can be downloaded at https://rpki.lacnic.net/tal/lacnic-201212.tal. The file is also being made available in the format expected by RIPE-NCC's validation tool. This file can be downloaded at https://rpki.lacnic.net/tal/lacnic-ripeval-201212.tal.

The new root resource certificate pointed to in this TAL is already published and active, so the new TAL can be added to the configuration of your validation tools. The migration of the material created in version 1 of the RPKI system to its version 2 is also scheduled for Thursday 29, in this case at 14.00 UTC.

Please note that modifying the TAL has no impact and does not require any actions on the part of those who have only created material in the RPKI system (either resource certificates or ROAs) but are not currently running any validation tools.

 

If you have any questions do not hesitate to write us at rpki-admin@lacnic.net.

 

CHK_LACNIC