Dear colleagues, The RIPE NCC is in the process of transitioning from the current RPKI Trust Anchor arrangement to a new configuration which was agreed to among the RIRs and announced by the NRO: https://www.nro.net/regional-internet-registries-are-preparing-to-deploy-all... In this new configuration, the RIPE NCC will use an "all resources" Trust Anchor to issue a certificate for its own regional resources (IP and ASNs) only that will be used to issue certificates to its members for their holdings. The RIPE NCC will migrate to the new structure on Thursday, 28 September. What do you need to do? If you are using the hosted RPKI services, you do not need to take any action. However, the migration will require extensive re-signing to be done by our systems and this takes considerable time. We will not be able to process changes to Route Origin Authorisation (ROA) configurations during this migration and we will therefore have to turn off the RPKI user interface during this maintenance. This will take place on Thursday from 9:00 to 17:00 UTC+2. If you are using relying-party software, such as the Dragon Research Labs RPKI Toolkit(1) or the RIPE NCC RPKI Validator(2), no action will be needed. We will continue to use the same Trust Anchor so you do not need to update your Trust Anchor Locator (TAL). We will ensure that the repository remains available during the migration. We will make sure that all appropriate ROAs are re-created under the new structure before switching over the repository. Regards, Tim Bruijnzeels Assistant Manager Software Engineering and Senior Technology Officer RIPE NCC 1) https://github.com/dragonresearch/rpki.net 2) https://www.ripe.net/manage-ips-and-asns/resource-management/certification/t...