Invalid RPKI ROA

1 Sep 2024

I wanted to announce a unique IPv6 subnet from each of my points of presence. To do this I added the prefix 2602:F9F4:20::/44 in ARIN thinking I could then announce the 48’s from that prefix. However, I didn’t specify the Max Length when doing that. This restricted me to only announcing the entire 44.

The wonderful team at HE showed me what I did wrong. Since then I’ve updated the ROA and I’m waiting on that change to propagate. I’m using Cloudflare’s RPKI tool to check it.

2602:f9f4:10::/48,accepted,origin is neighbor AS and origin 46733 RPKI status VALID.
2602:f9f4:20::/48,rejected,origin 46733 RPKI status INVALID_LENGTH.