Re: Tell me about AS19111

[Ronald F. Guilmette]

For all of the people who have elected to pick on me for my less
that diplomatic assertion(s), I can only suggest that your time and
effort would be more well spent by looking at the hard data that
I suggested that everyone look at, and then looking to see if any of
the bogus ASNs being used, day in and day out, are being peered
with by your own upstreams, and if so, composing an appropriately
diplomatic email to said upstreams, asking them why they are peering
with bogon ASN(s).

I do not feel that it is a stretch to say that all of this use of
bogon ASNs is arguably even more shameful than the widespread lack
of adherence to BCP 38, owing to the ease with which it may be seen
and documented.  It represents yet another, and equally or perhaps
even more egregious violation of Internet norms which endangers us
all, and all of our customers, every bit as much as the widespread
and inexcusable failures to conform to BCP 38.

The Internet needs to grow up.  This isn't a little government funded
science experiment anymore.  We have a whole planet's full of end users
watching now, and history will not be kind to those who continue to
shirk their responsibilities to the common man in the interests of
lining their own pockets in the short term.


Regards,
rfg

Re: DiviNetworks

[William Herrin]

On Wed, Feb 5, 2020 at 11:15 AM Steve Saner  wrote:
> Has anyone here worked with DiviNetworks (https://divinetworks.com/) to
> "sell" their unused bandwidth?

"Both USED and unused IPs can be utilized. IP allocation is NOT needed. "

"the configuration that we provide will ensure that traffic, which
belongs to sessions generated by our customers will be redirected
through a tunnel to our PoPs while all of your users traffic will be
routed as usual to your users. "


-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: Tell me about AS19111

[Wayne Bouchard]

On Thu, Feb 06, 2020 at 04:35:14PM +1100, Mark Andrews wrote:
> 
> > P.S.  Remember, out of all of the networking engineers in the entire world,
> > by definition, half of them are of below average intelligence.
> 
> Unfortunately there is no basis for that claim as networking engineers are
> not uniformly randomly selected from the population as a whole.
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

Well, aside from the fact that I don't like such statements (they just
don't feel warm and fuzzy to me), his meaning was pretty clear. So to
be pedantic, just tack "WRT other engineers" on the end of that and
the statement holds.

-Wayne

---
Wayne Bouchard
w...@typo.org
Network Dude
http://www.typo.org/~web/

Re: Tell me about AS19111

[Mark Andrews]

> P.S.  Remember, out of all of the networking engineers in the entire world,
> by definition, half of them are of below average intelligence.

Unfortunately there is no basis for that claim as networking engineers are
not uniformly randomly selected from the population as a whole.
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

Re: Tell me about AS19111

[Ronald F. Guilmette]

In message <20200206013024.4b0b213c2...@ary.qy>, 
"John Levine"  wrote:

>1800vitamins.org has a web site at 12.180.219.234 which looks like
>they would sell me vitamins should I or my dog need any.
>
>Routeviews tells me that IP is in AS19111, routed via AS7018.  AS7018
>is AT&T which isn't surprising for a 12/8 address, but ARIN says
>AS19111 doesn't exist.  Huh?

John you have no idea how many folks are using how many bogon ASNs
as we speak.  Nobody does.  Even the guy who is doing weekly routing
table reports isn't listing them all, I think, even after I talked
to him and convinced him to list more things as bogon announcements
than he formerly was listing.  (I think his bogin lists are still not
nearly complete, e.g. if one takes into account bogon ASN announcments.)

Go to bgp.he.net and type in any number from 65000 upwards and look at
all of the effing route announcements!  These are all invalid/reserved
AS numbers which *nobody* should be announcing routes for, at least not
into the global routing table.  And yet the Internet is absolutely awash
in this garbage.

Try to think of a word that is the absolute antonym of "hygiene" and
that's the global routing table.

This stuff would be funny if only it wasn't so sick and pathetic.

Even if we forget about all of the morons who are -using- these invalid
ASNs for actually routing bits to their IPs, you have to ask yourself:
Who are all of the morons who are -peering- with these invalid ASNs?

Regards,
rfg


P.S.  Remember, out of all of the networking engineers in the entire world,
by definition, half of them are of below average intelligence.

Re: Tell me about AS19111

[Jon Lewis]

On Wed, 5 Feb 2020, John Levine wrote:


In article 

 you write:

-=-=-=-=-=-

I do get some results from an online whois or two - https://ipinfo.io/AS19111


I believe you, but isn't ARIN's list of North American ASNs supposed to be 
authoritiative?

Other than the funky ASN there doesn't seem anything particularly naughty about 
the site.


If POCs are unresponsive, and the bill goes unpaid, does ARIN note this in 
whois or just delete data from the db?


Does the answer to that change if the ASN was under an RSA, but allocated 
pre-ARIN?


--
 Jon Lewis, MCP :)   |  I route
 StackPath, Sr. Neteng   |  therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Tell me about AS19111

[John Levine]

In article 

 you write:
>-=-=-=-=-=-
>
>I do get some results from an online whois or two - https://ipinfo.io/AS19111

I believe you, but isn't ARIN's list of North American ASNs supposed to be 
authoritiative?

Other than the funky ASN there doesn't seem anything particularly naughty about 
the site.

-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: Tell me about AS19111

[Christopher Morrow]

On Wed, Feb 5, 2020 at 8:47 PM Suresh Ramasubramanian 
wrote:

> I do get some results from an online whois or two - *https://ipinfo.io/AS19111
> *
>
>
>
> nbty.com is registered with Markmonitor so presumably they’re legit
> enough and large enough to afford brand protection.  “Natures Bounty Inc”
> sounds like a reasonable name for a vendor of vitamins.
>
>
>
> ASNumber:   19111
>
> ASName: NBTY19111
>
> ASHandle:   AS19111
>
> RegDate:2016-02-01
>
> Updated:2016-02-01
>
> Ref:https://whois.arin.net/rest/asn/AS19111
>
>
>
>
>
> OrgName:NBTY, Inc.
>
> OrgId:  NATURE-24
>
> Address:60 Orville Drive
>
> City:   Bohemia
>
> StateProv:  NY
>
> PostalCode: 11716
>
> Country:US
>
> RegDate:2000-11-20
>
> Updated:2016-01-20
>
> Ref:https://whois.arin.net/rest/org/NATURE-24
>
>
>
>
>
> OrgAbuseHandle: MRO234-ARIN
>

Note:   ARIN has attempted to validate the data for this POC, but
has received no response from the POC since 2017-01-19

At a guess... someone got 'uncontctable' and arin (after 2 yrs) pulled the
resources.


> OrgAbuseName:   Roberts, Marlon
>
> OrgAbusePhone:  +1-631-200-5305
>
> OrgAbuseEmail:  mrobe...@nbty.com
>
> OrgAbuseRef:https://whois.arin.net/rest/poc/MRO234-ARIN
>
>
>
> OrgTechHandle: MRO234-ARIN
>
> OrgTechName:   Roberts, Marlon
>
> OrgTechPhone:  +1-631-200-5305
>
> OrgTechEmail:  mrobe...@nbty.com
>
> OrgTechRef:https://whois.arin.net/rest/poc/MRO234-ARIN
>
>
>
> OrgNOCHandle: MRO234-ARIN
>
> OrgNOCName:   Roberts, Marlon
>
> OrgNOCPhone:  +1-631-200-5305
>
> OrgNOCEmail:  mrobe...@nbty.com
>
> OrgNOCRef:https://whois.arin.net/rest/poc/MRO234-ARIN
>
>
>
> 12.13.211.0/24 
>
>  AT&T Services, Inc.
>
> 256
>
> 12.154.146.0/24 
>
>  NBTY, INC
>
> 256
>
> 12.154.150.0/24 
>
>  NBTY, INC
>
> 256
>
> 12.180.219.0/24 
>
>  NBTY, INC
>
> 256
>
> 12.35.230.0/24 
>
>  NBTY, INC
>
> 256
>
> 144.121.136.0/24 
>
>  The Nature's Bounty Co.
>
> 256
>
> 63.116.19.0/24 
>
>  NBTY GLOBAL INC
>
> 256
>
>
>
>
>
> *From: *NANOG 
> *Date: *Thursday, 6 February 2020 at 7:02 AM
> *To: *nanog@nanog.org 
> *Subject: *Tell me about AS19111
>
> 1800vitamins.org has a web site at 12.180.219.234 which looks like
> they would sell me vitamins should I or my dog need any.
>
> Routeviews tells me that IP is in AS19111, routed via AS7018.  AS7018
> is AT&T which isn't surprising for a 12/8 address, but ARIN says
> AS19111 doesn't exist.  Huh?
>
> Signed,
> Confused
> --
> Regards,
> John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. https://jl.ly
>

Re: Tell me about AS19111

[Suresh Ramasubramanian]

I do get some results from an online whois or two - https://ipinfo.io/AS19111

nbty.com is registered with Markmonitor so presumably they’re legit enough and 
large enough to afford brand protection.  “Natures Bounty Inc” sounds like a 
reasonable name for a vendor of vitamins.

ASNumber:   19111
ASName: NBTY19111
ASHandle:   AS19111
RegDate:2016-02-01
Updated:2016-02-01
Ref:https://whois.arin.net/rest/asn/AS19111


OrgName:NBTY, Inc.
OrgId:  NATURE-24
Address:60 Orville Drive
City:   Bohemia
StateProv:  NY
PostalCode: 11716
Country:US
RegDate:2000-11-20
Updated:2016-01-20
Ref:https://whois.arin.net/rest/org/NATURE-24


OrgAbuseHandle: MRO234-ARIN
OrgAbuseName:   Roberts, Marlon
OrgAbusePhone:  +1-631-200-5305
OrgAbuseEmail:  mrobe...@nbty.com
OrgAbuseRef:https://whois.arin.net/rest/poc/MRO234-ARIN

OrgTechHandle: MRO234-ARIN
OrgTechName:   Roberts, Marlon
OrgTechPhone:  +1-631-200-5305
OrgTechEmail:  mrobe...@nbty.com
OrgTechRef:https://whois.arin.net/rest/poc/MRO234-ARIN

OrgNOCHandle: MRO234-ARIN
OrgNOCName:   Roberts, Marlon
OrgNOCPhone:  +1-631-200-5305
OrgNOCEmail:  mrobe...@nbty.com
OrgNOCRef:https://whois.arin.net/rest/poc/MRO234-ARIN

12.13.211.0/24
 AT&T Services, Inc.
256
12.154.146.0/24
 NBTY, INC
256
12.154.150.0/24
 NBTY, INC
256
12.180.219.0/24
 NBTY, INC
256
12.35.230.0/24
 NBTY, INC
256
144.121.136.0/24
 The Nature's Bounty Co.
256
63.116.19.0/24
 NBTY GLOBAL INC
256


From: NANOG 
Date: Thursday, 6 February 2020 at 7:02 AM
To: nanog@nanog.org 
Subject: Tell me about AS19111
1800vitamins.org has a web site at 12.180.219.234 which looks like
they would sell me vitamins should I or my dog need any.

Routeviews tells me that IP is in AS19111, routed via AS7018.  AS7018
is AT&T which isn't surprising for a 12/8 address, but ARIN says
AS19111 doesn't exist.  Huh?

Signed,
Confused
--
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Tell me about AS19111

[John Levine]

1800vitamins.org has a web site at 12.180.219.234 which looks like
they would sell me vitamins should I or my dog need any.

Routeviews tells me that IP is in AS19111, routed via AS7018.  AS7018
is AT&T which isn't surprising for a 12/8 address, but ARIN says
AS19111 doesn't exist.  Huh?

Signed,
Confused
-- 
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: DiviNetworks

[Justin Wilson]

Have several networks using them.  This he networks get paid, and no 
blacklists.  Contact me off list if you want more details



Justin Wilson
li...@mtin.net


—
https://j2sw.com - All things jsw (AS209109)
https://blog.j2sw.com - Podcast and Blog

> On Feb 5, 2020, at 2:14 PM, Steve Saner  wrote:
> 
> Has anyone here worked with DiviNetworks (https://divinetworks.com/) to 
> "sell" their unused bandwidth?
> 
> I'd be curious to hear any thoughts or experiences.
> 
> Steve
> 
> -- 
> --
> Steven Saner   Voice:  316-858-3000
> Director of Network Operations  Fax:  316-858-3001
> Hubris Communicationshttp://www.hubris.net
> 

DiviNetworks

[Steve Saner]

Has anyone here worked with DiviNetworks (https://divinetworks.com/) to 
"sell" their unused bandwidth?


I'd be curious to hear any thoughts or experiences.

Steve

--
--
Steven Saner   Voice:  316-858-3000
Director of Network Operations  Fax:  316-858-3001
Hubris Communicationshttp://www.hubris.net

Re: Has Anyone managed to get Delegated RPKI working with ARIN

[Tim Bruijnzeels]

Hi,

Everyone is welcome to read that list of course, but the TL;DR is:

ARIN currently uses a pre RFC 8183 format for the identity exchange. It would 
be good if this were updated. New versions of rpkid as well as Krill have 
issues with the old format.

In the meantime this XSL provided by rpki.net can be of help:
https://raw.githubusercontent.com/dragonresearch/rpki.net/master/potpourri/oob-translate.xsl
 


Note: if you are planning to give Krill a try we recommend that you wait for 
version 0.5. We expect to have this version ready in 1-2 weeks. It will include 
usability improvements, better monitoring and a UI.

Kind regards,

Tim



> On 5 Feb 2020, at 16:03, Christopher Munz-Michielin  
> wrote:
> 
> Brilliant! Thanks for the write up Cynthia, I'll have a read through!
> 
> Chris
> 
> On 2020-02-05 1:56 a.m., Cynthia Revström wrote:
>> (Re-sent as I forgot to include the ML the first time, oops)
>> Hi Chris,
>> 
>> I recently figured it out and posted it on the NLNetLabs RPKI mailing list. 
>> https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html 
>> 
>> I hope it helps :)
>> 
>> - Cynthia
>> 
>> On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin 
>> mailto:christop...@ve7alb.ca>> wrote:
>> 
>>Hi Nanog,
>> 
>>Posting here since my Google-fu is coming up short.  I'm trying to setup 
>> delegated RPKI in ARIN using rpki.net 's rpkid Python 
>> daemon and am running into an issue submitting the identity file to ARIN's 
>> control panel. The same file submitted to RIPE's  test environment at 
>> https://localcert.ripe.net/#/rpki works without issue, while submitting to 
>> ARIN results in "Invalid Identity.xml file."
>> 
>>The guide I'm following is this one: 
>> https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md
>>  and I'm able to get as far as generating the identity file.
>> 
>>Wondering if anyone has gone down this road before and has any helpful 
>> hints to make this work?
>> 
>>Cheers,
>>Chris
>> 

Re: NANOG Digest, Vol 145, Issue 5

[Chris Orsman]

 core that have expressed an interest in that
> multicast group. In selective multicast forwarding, leaf devices always
> send multicast traffic to the spine device so that it can route
> inter-VLAN multicast traffic through its IRB interface.
>
>
> https://www.juniper.net/documentation/en_US/junos/topics/concept/evpn-selective-multicast-forwarding.html
>
> Kind regards,
> Andrey
>
> Mankamana Mishra (mankamis) via NANOG писал 2020-02-03 18:34:
> > Folks
> >
> > Wondering if there is any known implementation of EVPN multihome
> > multicast routes which are defined in
> >
> > https://tools.ietf.org/html/draft-ietf-bess-evpn-igmp-mld-proxy-04
> >
> > there is some change planned in NLRI , we want to make sure to have
> > solution which does work well with existing implementation.
> >
> > NOTE:  Discussion INVOLVES NOKIA, JUNIPER, CISCO, ARISTA ALREADY. SO
> > LOOKING FOR ANY OTHER VENDOR WHO HAVE IMPLEMENTATION.
> >
> > Mankamana
>
>
>
> --
>
> Message: 10
> Date: Tue, 4 Feb 2020 12:10:00 -0500
> From: Jason Lixfeld 
> To: NANOG mailing list 
> Subject: WTR: 1-2RU @ Equinix Ashburn
> Message-ID: <7bc7d4a3-5691-45d8-9c27-d8a21cd0b...@lixfeld.ca>
> Content-Type: text/plain;   charset=utf-8
>
> Hi,
>
> I’m wondering if anyone is looking to subsidize their Equinix Ashburn colo
> costs by way of carving out 1-2 RU to a friendly for a low density
> networking application.  If so, I’d love to hear from you!
>
> Thanks in advance!
>
> --
>
> Message: 11
> Date: Tue, 4 Feb 2020 13:04:19 -0500
> From: Joseph Severini 
> To: nanog@nanog.org
> Subject: Help with survey on enterprise network challenges?
> Message-ID:
>  sdmxjohr8mve9j9yxmhq+r52pj...@mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi,
>
> My name is Joseph Severini, and I am a PhD student in the Computer
> Science Department at Carnegie Mellon University.
>
> I’m working on a research project to identify common operational
> challenges in modern enterprise computer networks. I’ve put together a
> survey to identify these challenges by analyzing some operational
> problems found in the Network Engineering Stack Exchange open-source
> dataset. You’ll be given a problem from the dataset and asked some
> questions about it.
>
> I would appreciate it if you would consider taking this survey, which
> can be found at the link below:
>
> http://cmu.ca1.qualtrics.com/jfe/form/SV_dm6i9znuPWlLDN3
>
> The survey should take ~15 minutes. Participation is voluntary, with
> no compensation, and all responses are anonymous. You must be at least
> 18 years old to complete the survey.
>
> Thanks,
> Joseph Severini
>
> PhD Student
> CMU Computer Science Department
>
>
> --
>
> Message: 12
> Date: Tue, 4 Feb 2020 15:59:37 -0500
> From: Christopher Morrow 
> To: Mike Meredith 
> Cc: nanog list 
> Subject: Re: Jenkins amplification
> Message-ID:
>  a...@mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> On Tue, Feb 4, 2020 at 11:15 AM Mike Meredith 
> wrote:
> >
> > On Mon, 3 Feb 2020 16:13:34 -0500, Christopher Morrow
> >  may have written:
> > > My experience, and granted it's fairly scoped, is that this sort of
> thing
> > > works fine for a relatively small set of 'persons' and 'resources'.
> >
> > Seeing as managing this sort of thing is my primary job these days ...
>
>  :)
>
> > > it ends up being about the cross-product of #users * #resources.
> >
> > That's the interesting part of the job - coalescing rules in a way that
> > minimises the security impact but maximises the decrease of complexity.
> If
> > you don't, you get an explosion of complexity that results in a set of
> > rules (I know of an equivalent organisation that has over 1,000 firewall
> > rules) that becomes insanely complex to manage.
> >
>
> I think the fact that it's hard to keep all of this going and to
> contain the natural spread of destruction (that it takes someone with
> a pretty singular foc us) makes my point.
>
> > > certainly a more holistic version of the story is correct.
> > > the relatively flippant answer way-back-up-list of: "vpn"
> >
> > I think that "vpn" is the right answer - it's preferrable to publishing
> > services to the entire world that only need to be used by empoyees. But
> > it's not cheap or easy.
>
> Weighing the cost/benefit is certainly each org's decision.
> having lived without vpn for a long while and under the regime of
> authen/author for users with proper token/etc access... I'd not want
> my internal network opened to the wilds of vpn users :( (I actively
> discourage this at work because there are vanishingly small reasons
> why a full network connection is really required by a user at this
> point).
>
> anyway, good luck!
>
>
> --
>
> Message: 13
> Date: Wed, 5 Feb 2020 10:56:51 +0100
> From: Cynthia Revström 
> To: christop...@ve7alb.ca
> Cc: NANOG list 
> Subject: Re: Has Anyone managed to get Delegated RPKI working with
> ARIN
> Message-ID:
> <
> cakw1m3pqtvb6zyjkn5emdbyjtsqxx4seuyfbduf-jqnlwsm...@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> (Re-sent as I forgot to include the ML the first time, oops)
> Hi Chris,
>
> I recently figured it out and posted it on the NLNetLabs RPKI mailing list.
> https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html
> I hope it helps :)
>
> - Cynthia
>
> On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin <
> christop...@ve7alb.ca> wrote:
>
> > Hi Nanog,
> >
> > Posting here since my Google-fu is coming up short.  I'm trying to setup
> > delegated RPKI in ARIN using rpki.net's rpkid Python daemon and am
> > running into an issue submitting the identity file to ARIN's control
> panel.
> > The same file submitted to RIPE's  test environment at
> > https://localcert.ripe.net/#/rpki works without issue, while submitting
> > to ARIN results in "Invalid Identity.xml file."
> >
> > The guide I'm following is this one:
> >
> https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md
> > and I'm able to get as far as generating the identity file.
> >
> > Wondering if anyone has gone down this road before and has any helpful
> > hints to make this work?
> >
> > Cheers,
> > Chris
> >
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.nanog.org/pipermail/nanog/attachments/20200205/49b8cf46/attachment-0001.html
> >
>
> --
>
> Message: 14
> Date: Wed, 05 Feb 2020 02:52:08 -0800
> From: Randy Bush 
> To: "Cynthia Revström" 
> Cc: christop...@ve7alb.ca,  NANOG list 
> Subject: Re: Has Anyone managed to get Delegated RPKI working with
> ARIN
> Message-ID: 
> Content-Type: text/plain; charset=US-ASCII
>
> > I recently figured it out and posted it on the NLNetLabs RPKI mailing
> list.
> > https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html
>
> nice.  thank you.
>
> randy
>
>
> End of NANOG Digest, Vol 145, Issue 5
> *
>

Looking for an AT&T Wireless contact

[Michael Brown]

I'm looking for an AT&T Wireless contact to reach out to me off-list.

We (discourse.org) have reports from multiple customers that their users are 
unable to negotiate SSL with our sites when using their AT&T Wireless data
connection.

The problem is be affecting users around Chicago and Pennsylvania.

Evidence points to some sort of SSL interference/tampering.

Cheers,

Michael Brown

Re: Has Anyone managed to get Delegated RPKI working with ARIN

[Christopher Munz-Michielin]

Brilliant! Thanks for the write up Cynthia, I'll have a read through!

Chris

On 2020-02-05 1:56 a.m., Cynthia Revström wrote:

(Re-sent as I forgot to include the ML the first time, oops)
Hi Chris,

I recently figured it out and posted it on the NLNetLabs RPKI mailing list. 
https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html 

I hope it helps :)

- Cynthia

On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin mailto:christop...@ve7alb.ca>> wrote:

Hi Nanog,

Posting here since my Google-fu is coming up short.  I'm trying to setup delegated RPKI in 
ARIN using rpki.net 's rpkid Python daemon and am running into an issue 
submitting the identity file to ARIN's control panel. The same file submitted to RIPE's  test 
environment at https://localcert.ripe.net/#/rpki works without issue, while submitting to ARIN 
results in "Invalid Identity.xml file."

The guide I'm following is this one: 
https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md
 and I'm able to get as far as generating the identity file.

Wondering if anyone has gone down this road before and has any helpful 
hints to make this work?

Cheers,
Chris

Re: Has Anyone managed to get Delegated RPKI working with ARIN

[Randy Bush]

> I recently figured it out and posted it on the NLNetLabs RPKI mailing list.
> https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html

nice.  thank you.

randy

Re: Has Anyone managed to get Delegated RPKI working with ARIN

[Cynthia Revström]

(Re-sent as I forgot to include the ML the first time, oops)
Hi Chris,

I recently figured it out and posted it on the NLNetLabs RPKI mailing list.
https://lists.nlnetlabs.nl/pipermail/rpki/2020-February/000124.html
I hope it helps :)

- Cynthia

On Wed, Jan 29, 2020 at 6:31 PM Christopher Munz-Michielin <
christop...@ve7alb.ca> wrote:

> Hi Nanog,
>
> Posting here since my Google-fu is coming up short.  I'm trying to setup
> delegated RPKI in ARIN using rpki.net's rpkid Python daemon and am
> running into an issue submitting the identity file to ARIN's control panel.
> The same file submitted to RIPE's  test environment at
> https://localcert.ripe.net/#/rpki works without issue, while submitting
> to ARIN results in "Invalid Identity.xml file."
>
> The guide I'm following is this one:
> https://github.com/dragonresearch/rpki.net/blob/master/doc/quickstart/xenial-ca.md
> and I'm able to get as far as generating the identity file.
>
> Wondering if anyone has gone down this road before and has any helpful
> hints to make this work?
>
> Cheers,
> Chris
>