6 March 2015 - Please find attached a PostMortem Report on the RPKI Validation Incident which occurred on the 2nd of March 2015
Overview of AFRINIC RPKI System
AFRINIC RPKI's system launched on 1st January 2011 is composed of an Offline root CA and a production CA. Both CA publish objects in the RPKI repository available at
Like every CA in the RPKI, the Offline root CA maintains a CRL and a manifest for the certificates it manages and objects in its repository. http://rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ As per CA practices, the CRL and manifest are valid for 30 days
(Next update time is set to 30days). Processes and mechanisms have been put in place to refresh these objects weeks before expiration.
Description of the incident
The CRL and Manifest of the root CA were refreshed on the 01/28/2015 and next update set to 03/02/2015 as showed below:
Object Type: RPKI Manifest
Signing time: 2015-01-28T08:01:29.000Z
This update time: 2015-01-28T08:01:28.000Z
Next update time: 2015-03-02T08:01:28.000Z
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Last Update: Jan 28 08:01:28 2015 GMT
Next Update: Mar 2 08:01:28 2015 GMT
Due to some issues with internal monitoring system, this task was missed and as from 08:01 AM UTC, the 03/02/2015, the CRL and Manifest were invalid and therefore the whole AFRINIC RPKI repository became invalid.
This was the first time this incident occurred since January 2011.
The incident was reported by a ticket opened on our support system the 03/02/2014 at 10:30 PM UTC. Investigations confirmed the issue and immediate corrective measures taken. At 5:55 AM on the 03/03/2015, the repository has been restored to normal mode.
The internal systems and processes have been reviewed and appropriate measures taken such as more stringent monitoring, regular system audit, redundancy, etc to avoid this in the future.