[RPKI] Invalid identity certificate: validation error with APNIC

Christopher Munz-Michielin christopher at ve7alb.ca
Tue Mar 31 17:39:29 UTC 2020


Trying to get Krill setup with my APNIC account, I've successfully submitted my identity file to APNIC and receivied the parent response, however, once I attempt to import the response krill just kicks back "Invalid RFC8183 XML: Invalid identity certificate: validation error"

The response I got back from APNIC looks alright:
<?xml version="1.0"?>
<oob:parent_response xmlns:oob="http://www.hactrn.net/uris/rpki/rpki-setup/" version="1" service_uri="http://rpki.apnic.net/up-down/APNIC-AP/" parent_handle="APNIC-AP" child_handle="A912C8360000"><oob:parent_bpki_ta>MII....


Though the oob: stuff looks a little strange.  I tried removing it but get the same error.

This is the command I am attempting to run:
krillc parents add remote --parent apnic --rfc8183 ./response.xml --ca FRC-CA

I have also tried via the webGUI but it just kicks back "error 400"

Krill version is 0.5.0

Anyone managed to get krill working with APNIC?

More information about the RPKI mailing list