29 May 2015 - AFRINIC is pleased to announce a new release of the RPKI core infrastructure (v2.0) as well as an updated interface of the Resource Certification section on MyAFRINIC (https://my.afrinic.net).
To access the Resource Certification section, connect to MyAFRINIC and navigate to Resources->Resource Certification, a BPKI certificate will be requested to authenticate yourself.
Currently RPKI enrolled members, who already have a certificate with AFRINIC, will have to re-activate their engine. However, their current engine as well as old ROAs will remain active until revoked. You are invited to re-activate your engine and re-create your ROAs.
For AFRINIC members, who have not yet activated their engine, please visit the Resource Certification page on http://afrinic.net/en/initiatives/resource-certification for more details.
For more information and a live demonstration, please join us at AIS2015 in Tunis for a full-day RPKI training on the Saturday, 30 May 2015. See agenda http://internetsummitafrica.org/en/programme/agenda for more details.
Salient features of the new release
- The AFRINIC Root certificate now cover *ALL* resources managed by AFRINIC.
- Members can now get all allocated/assigned resources certified.
- AFRINIC has adopted a new minority-majority certification model. Instead of using one certificate, AFRINIC now manages a split certificates set namely:
- AFRINIC-CA (Covers AFRINIC managed space for which AFRINIC is majority space holder)
- APNIC-TO-AFRINIC (Covers AFRINIC managed space for which APNIC is majority space holder)
- ARIN-TO-AFRINIC (Covers AFRINIC managed space for which ARIN is majority space holder)
- LACNIC-TO-AFRINIC (Covers AFRINIC managed space for which LACNIC is majority space holder)
- RIPE-TO-AFRINIC (Covers AFRINIC managed space for which RIPE is majority space holder)
- AFRINIC has changed its repository structure from “flat” to “hierarchical”. All objects (certificates and ROAs) can be retrieved from one single URI (rsync://rpki.afrinic.net/repository)
- AFRINIC now supports MAX LENGTH as stipulated by RFC6482 on the ROA format.
- AFRINIC certificates are now compliant to RFC7318 on policy qualifiers.