If I got feedback in my community they don't feel this needs HSM backing, I can avoid the problem.
That sounds logical. It leads me to the question: what's the threat model for protecting the "RIR AS0 key"? In other words what happens if an attacker can sign stuff (CAs, ROAs, ...) of their choosing with it [1]? Depending on the severity of scenarios in the answer [2], the use of HSM for the TA may or may not make a difference. Robert [1] note that in order to "sign stuff of their choosing" does not mean they need to get the key (which is of course harder when using an HSM). They only need to convince the system to sign the attacker's blobs, which is a very different problem. [2] random ideas: * does the AS0 TA cover 0/0 or only the unallocated space? * If someone makes a non-AS0 ROA under this TA, how does that interact with a ROA from under a different TA? * does this whole thing matter if some address space (ie. from other RIRs) is not covered by an AS0 TA anyway?