Reply to comment:
Mirjam Kühne •
We received reports from people getting alert emails from the Resource Certification (RPKI) service. The alerting system can warn you if some of your certified address space has the RPKI validity "Unknown" or "Invalid". The warning will look something like this: > There are alerts about BGP announcements with your certified address > space in the Resource Certification (RPKI) service. > > These are BGP announcements with your certified address space that have > the status Unknown. You should create a ROA for each authorised > announcement to make them Valid: > > AS Number Prefix > AS237 2a00::/12 > > You are able to fix and ignore reported issues, change your alert > settings, or unsubscribe by visiting http://certification.ripe.net/. In this case, the alert is triggered for LIRs who hold an IPv6 address block, but do not announce (all of) it. The *unannounced* address space is being "hijacked" by MERIT as part of its darknet experiment. If you have received the alert, your certified, unannounced IPv6 prefix is hijacked by AS237 because 2a00::/12 is the most specific announcement that overlaps with it. There are two things you can do: 1. Announce *all* of the IPv6 address space you hold. This way AS237 cannot hijack your prefix with a less specific announcement. 2. Suppress the alert for the announcement from AS237 in the Resource Certification (RPKI) system in the LIR Portal. Please note that the RPKI alerting system uses the RIPE NCC Route Collectors to trigger the errors, so there may be slight differences between what they see and what you actually do.