[RPKI-Discuss] AfriNIC RPKI woes (March 30th, 2020)
Amreesh Phokeer
amreesh at afrinic.net
Mon Mar 30 12:45:30 UTC 2020
Dear Job,
We are currently doing a deployment and the RPKI repository is currently under maintenance.
Please check our status page for updates:
https://status.afrinic.net/
Regards,
Amreesh Phokeer
> On 30 Mar 2020, at 16:32, Job Snijders <job at ntt.net> wrote:
>
> Dear all,
>
> It appears the AfriNIC RPKI service is entirely hosed at the moment.
>
> The SKI and AKI are the identifiers on CERTs and are used to match CRLs and
> other CERTs together. Perhaps two CRLs with the same AKI got published?
>
> Currently the AfriNIC RPKI service produces ZERO VRPs. RPKI
> is effectively disabled for the AfriNIC members - all their routes are
> now "not-found".
>
> I think this is an urgent matter.
>
> Kind regards,
>
> Job
>
> job at anton ~$ doas rpki-client -v -t /etc/rpki/afrinic.tal
> rpki-client: rpki.afrinic.net/repository: loading
> rpki-client: rpki.afrinic.net/repository: loaded
> rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: proc_parser_crl: dup aki EB:68:0F:38:F5:D6:C7:1B:B4:B1:06:B8:BD:06:58:50:12:DA:31:B6
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/afrinic-ca.cer: unable to get certificate CRL
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: RFC 6487: duplicate SKI
> rpki-client: rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/lacnic-to-afrinic.cer: unable to get certificate CRL
> rpki-client: all files parsed: generating output
> rpki-client: Route Origin Authorizations: 0 (0 failed parse, 0 invalid)
> rpki-client: Certificates: 31 (25 failed parse, 0 invalid)
> rpki-client: Trust Anchor Locators: 1
> rpki-client: Manifests: 6 (0 failed parse, 0 stale)
> rpki-client: Certificate revocation lists: 6
> rpki-client: Repositories: 1
> rpki-client: VRP Entries: 0 (0 unique)
>
> _______________________________________________
> RPKI-Discuss mailing list
> RPKI-Discuss at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/rpki-discuss
More information about the RPKI-Discuss
mailing list