Nathalie Trenaman wrote on 17/02/2021 15:16:
I stand corrected. Tim pointed out to me that APNIC has their own code base, always had and is actually older than the RIPE NCC code. AFRINIC runs a fork from APNIC. ARIN used our code base around 2010 for their pilot, but implemented their own code base from scratch. LACNIC uses the RPKI object library but has their own CA and publication stack.
Hi Nathalie, Ok, was curious. The reason I ask is because the overall complexity of this software is pretty high and we've seen a number of RPKI CA / publication failures from different registries over the last year. If each RIR is using their own internally-developed implementations, then they're also the only organisations testing and developing monitoring systems for them, which means that in each case, exposure to interesting and unusual corner cases is likely to be pretty low. E.g. in comparison to other software suites where there might be anything between 10s and millions of copies in production, and complex bugs tend to get flushed out quickly. This is an observation more than anything else. Obviously the flip side of running in-house software like this is that bugs in one implementation are unlikely to affect any others. Nick