[DBWG] issue report - AFRINIC RPKI intermediate CA overclaim

David Njuki david.njuki at afrinic.net
Thu Dec 14 11:36:01 UTC 2023 

Hi Job,

We completed the re-issue the afrinic-ca with the correct allocation of the 196.x.x resources. 

You can proceed to verify from your side. 

Thank you. 

Regards,
David 

> On 12 Dec 2023, at 11:50, David Njuki <david.njuki at afrinic.net> wrote:
> 
> Hi Job,
> 
> We had some delays on the verification of the resources. 
> 
> We have now scheduled to re-issue afrinic-ca on Thursday 14th Dec, 2023. 
> 
> Regards,
> David 
> 
>> On 11 Dec 2023, at 14:16, Job Snijders <job at fastly.com> wrote:
>> 
>> Dear David,
>> 
>> On Thu, Oct 26, 2023 at 04:40:49PM +0400, David Njuki wrote:
>>> You are welcome :) 
>>> 
>>> We had initially considered to also add the correct listing for the
>>> 196.0.0.0/7 but it needs more time for us to verify.
>>> 
>>> We’ll schedule to reissue the afrinic-ca.cer again as soon as this is
>>> done. We’ll plan for this in early November. 
>> 
>> 
>> Can you please share an update on the reissuance plans?
>> 
>> Kind regards,
>> 
>> Job
>> 
>> 
>>> 
>>> Regards,
>>> David
>>> 
>>> 
>>>> On 26 Oct 2023, at 13:18, Job Snijders <job at fastly.com> wrote:
>>>> 
>>>> Dear David,
>>>> 
>>>> On Thu, Oct 19, 2023 at 02:09:24PM +0400, David Njuki wrote:
>>>>> We are planning to schedule it for next week Thursday, 26th October to
>>>>> coincide with the next CRL update. 
>>>> 
>>>> Many thanks for the swift action. I now observe that 154.16.0.0/8 was
>>>> split into the appropriate more-specifics.
>>>> 
>>>> I'm sorry to not have noticed before that a similar issue exists for the
>>>> subordinate resource listing of 196.0.0.0/7. As I understand the RIR
>>>> delegations, the following blocks are *not* managed by Afrinic:
>>>> 
>>>> 	196.1.1.0/24                 # APNIC
>>>> 	196.1.68.0/24                # APNIC
>>>> 	196.1.104.0 - 196.1.106.255  # APNIC
>>>> 	196.1.108.0/22               # APNIC
>>>> 	196.1.113.0 - 196.1.114.255  # APNIC
>>>> 	196.1.134.0/24               # APNIC
>>>> 	196.3.65.0/24                # APNIC
>>>> 	196.3.72.0/24                # APNIC
>>>> 	196.12.32.0/19               # APNIC
>>>> 	196.15.16.0/20               # APNIC
>>>> 	196.29.64.0/19               # LACNIC
>>>> 	196.32.32.0/19               # LACNIC
>>>> 	196.32.64.0/19               # LACNIC
>>>> 	196.40.0.0 - 196.40.95.255   # LACNIC
>>>> 
>>>> So instead of listing 196.0.0.0/7, I believe the following should be
>>>> listed as subordinate:
>>>> 
>>>> 	196.0.0.0 - 196.1.0.255
>>>> 	196.1.2.0 - 196.1.67.255
>>>> 	196.1.96.0/21
>>>> 	196.1.107.0/24
>>>> 	196.1.112.0/24
>>>> 	196.1.115.0 - 196.1.133.255
>>>> 	196.1.135.0 - 196.3.64.255
>>>> 	196.3.66.0 - 196.3.71.255
>>>> 	196.3.73.0 - 196.12.31.255
>>>> 	196.12.64.0 - 196.15.15.255
>>>> 	196.15.32.0 - 196.29.63.255
>>>> 	196.32.96.0 - 196.39.255.255
>>>> 	196.40.96.0 - 197.255.255.255
>>>> 
>>>> Please double-double-check the above suggestion! :-)
>>>> 
>>>> If you agree with the above assessment, can a new afrinic-ca.cer be
>>>> issued? Hopefully this was the last overclaiming issue.
>>>> 
>>>> Kind regards,
>>>> 
>>>> Job
>>> 
>

More information about the DBWG mailing list