[RPKI] cannot download the .roa files, with the list of signed bgp prefixes

Alex Band alex at nlnetlabs.nl
Mon Apr 25 09:43:03 UTC 2022 

Hello,

Please do not worry about some ROAs failing validation. We’ve described this here:

https://routinator.docs.nlnetlabs.nl/en/stable/initialisation.html#verifying-initialisation

"Because it is expected that the state of the entire RPKI is not perfect as all times, you may see several warnings about objects that are either stale or failed cryptographic verification, or repositories that are temporarily unavailable.”

Your Routinator is working just fine.

Kind regards,

Alex

> On 25 Apr 2022, at 00:13, gustvieira99 via RPKI <rpki at lists.nlnetlabs.nl> wrote:
> 
> Hi, how are u?
> I cannot download the .roa files using routinator, with the list of the signed bgp prefixes. when I try to download, the following errors appear and the roas are not downloaded. the error says validation failed on some and on others it says the certificate has been revoked. 
> 
> Output from my linux terminal:
> root at linux41:~# routinator -v vrps
> rsync://rpki.afrinic.net/repository/member_repository/F3646C24/1C86B7862B5B11EC8EBEF540D8A014CE/_r9_454NpaYN1sjcZoHO9aJGKC4.mft: No valid manifest found.
> CA for rsync://rpki.afrinic.net/repository/member_repository/F3646C24/1C86B7862B5B11EC8EBEF540D8A014CE/ rejected, resources marked as unsafe:
>    196.13.106.0/24
>    196.43.250.0/24
>    2001:43fd::/48
>    AS327811
> rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/6766FC685F2011EC938150DD5A40D577.roa: certificate has been revoked.
> rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/7F4A98EA6E0511E89C0D6E4BF8AEA228/6766FC685F2011EC938150DD5A40D577.roa: validation failed.
> rsync://rpki.afrinic.net/repository/member_repository/F368F2D0/92F86E1C6E0511E8A1B5854BF8AEA228/3F046A1A1D1E11ECB9949565D8A014CE.roa: validation failed.
> 
> how can in proceed? how can in correct these errors and normally download the .roa files?
> thank u very much for your help and i hope i can solve the problem!!!!
> -- 
> RPKI mailing list
> RPKI at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/rpki

More information about the RPKI mailing list