[RPKI-Discuss] AfriNIC RPKI woes (March 30th, 2020)

Job Snijders job at ntt.net
Mon Mar 30 12:32:23 UTC 2020

Previous message: [RPKI-Discuss] SAFNOG-6: Deferred - Coronavirus (COVID-19)
Next message: [RPKI-Discuss] AfriNIC RPKI woes (March 30th, 2020)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear all,

It appears the AfriNIC RPKI service is entirely hosed at the moment.

The SKI and AKI are the identifiers on CERTs and are used to match CRLs and
other CERTs together. Perhaps two CRLs with the same AKI got published?

Currently the AfriNIC RPKI service produces ZERO VRPs. RPKI
is effectively disabled for the AfriNIC members - all their routes are
now "not-found".

I think this is an urgent matter.

Kind regards,

Job

job at anton ~$ doas rpki-client -v -t /etc/rpki/afrinic.tal
rpki-client: rpki.afrinic.net/repository: loading
rpki-client: rpki.afrinic.net/repository: loaded
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
rpki-client: all files parsed: generating output
rpki-client: Route Origin Authorizations: 0 (0 failed parse, 0 invalid)
rpki-client: Certificates: 31 (25 failed parse, 0 invalid)
rpki-client: Trust Anchor Locators: 1
rpki-client: Manifests: 6 (0 failed parse, 0 stale)
rpki-client: Certificate revocation lists: 6
rpki-client: Repositories: 1
rpki-client: VRP Entries: 0 (0 unique)

Previous message: [RPKI-Discuss] SAFNOG-6: Deferred - Coronavirus (COVID-19)
Next message: [RPKI-Discuss] AfriNIC RPKI woes (March 30th, 2020)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the RPKI-Discuss mailing list