[RPKI-Discuss] AfriNIC RPKI woes (March 30th, 2020)
Job Snijders
job at ntt.net
Mon Mar 30 12:32:23 UTC 2020
Dear all,
It appears the AfriNIC RPKI service is entirely hosed at the moment.
The SKI and AKI are the identifiers on CERTs and are used to match CRLs and
other CERTs together. Perhaps two CRLs with the same AKI got published?
Currently the AfriNIC RPKI service produces ZERO VRPs. RPKI
is effectively disabled for the AfriNIC members - all their routes are
now "not-found".
I think this is an urgent matter.
Kind regards,
Job
job at anton ~$ doas rpki-client -v -t /etc/rpki/afrinic.tal
rpki-client: rpki.afrinic.net/repository: loading
rpki-client: rpki.afrinic.net/repository: loaded
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: all files parsed: generating output
rpki-client: Route Origin Authorizations: 0 (0 failed parse, 0 invalid)
rpki-client: Certificates: 31 (25 failed parse, 0 invalid)
rpki-client: Trust Anchor Locators: 1
rpki-client: Manifests: 6 (0 failed parse, 0 stale)
rpki-client: Certificate revocation lists: 6
rpki-client: Repositories: 1
rpki-client: VRP Entries: 0 (0 unique)
More information about the RPKI-Discuss
mailing list