Talk details: Non-functional Delegated RPKI CAs, Tim Bruijnzeels, Bart Bakker

Non-functional Delegated RPKI CAs

This is a draft agenda: changes are still being made.

Speakers:: Tim Bruijnzeels, RIPE NCC
Bart Bakker, RIPENCC
Date:: Wednesday, 20 May
Time:: 12:05 (UTC +0100)
Room:: Main Room
Session:: Routing
Duration:: 15 min
Transcript:: Not Available
Meetecho chat:: Not Available
Type:: Talk
Slides:: —

Abstract

Policy 2025-02 requires that the RIPE NCC revokes persistently non-functional delegated RPKI CAs.

This seemingly simple request gets quite interesting when one zooms in on the details: how do we actually determine that a CA is non-functional? And how can we help operators of delegated CAs to identity and fix their issues?

In this talk we will explain:
* the various moving parts of delegated CAs, publication servers, and RPKI validation interconnect
* how we monitor delegated CAs, and
* what troubleshooting tools we can provide delegated CAs operators with

Recording

Video will be added soon.

Speakers

Tim Bruijnzeels

Bart Bakker

Specialist Software Engineer working on Internet Routing Security at RIPE NCC.

Rate this talk

Rating will open: Monday, 18 May 2026 09:00 (+0100).