[RPKI] ARIN Identity.xml format

Cynthia Revström me at cynthia.re
Wed Feb 5 09:54:14 UTC 2020


Hello,

So there is a bit of a lack of documentation when it comes to the format of
the "Up/Down Identity XML" file that ARIN wants when you are setting up
Delegated RPKI and the format of the parent response from ARIN.
ARIN's XML files are not RFC8183 but rather something a bit odd that I had
to craft by hand based on example files I found in old git repositories.
I mainly posted this in the case that someone else has a similar issue
since well as I said, docs are lacking atm. (I have also brought it up with
NLNetLabs so they can discuss it with ARIN)

When running `krillc parents myid` I got something in the format of:
<child_request xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/"
version="1" child_handle="QUL-4">
  <child_bpki_ta>MII...</child_bpki_ta>
</child_request>

Where as ARIN seemingly wanted (and accepted) the format of:
<identity xmlns="http://www.hactrn.net/uris/rpki/myrpki/" version="2"
handle="QUL-4">
  <bpki_ta>MII...</bpki_ta>
</identity>

And the parent response had a similar issue, this is what I got from ARIN:
<parent xmlns="http://www.hactrn.net/uris/rpki/myrpki/"
    version="2"
    valid_until="2120-02-05T09:01:23Z"
    service_uri="http://updown.arin.net/ARIN/QUL-4"
    parent_handle="ARIN"
    child_handle="QUL-4">
  <bpki_resource_ta>
MII...
  </bpki_resource_ta>
  <bpki_child_ta>
MII...
  </bpki_child_ta>
  <repository type="none"/>
</parent>

Where as krill/RFC8183 wants the format of:
<parent_response xmlns="http://www.hactrn.net/uris/rpki/rpki-setup/"
    version="1"
    valid_until="2120-02-05T09:01:23Z"
    service_uri="http://updown.arin.net/ARIN/QUL-4"
    parent_handle="ARIN"
    child_handle="QUL-4">
  <parent_bpki_ta>
MII... <this is the bpki_resource_ta tag from the ARIN format>
  </parent_bpki_ta>
</parent_response>

- Cynthia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20200205/70bc892d/attachment.htm>


More information about the RPKI mailing list