LACNIC RPKI Outage May 2023 =========================== rpki-20230511T001557Z.tgz contains a validly signed copy of repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft with manifestNumber 55E7. This is non-repudiable data. In other words, without possession of LACNIC's keypair, it is impossible to manufacture this manifest. The manifest was archived just after midnight on May 11th, 2023 (UTC). This directory also contains all RRDP delta files in the time range May 10th, 13:37 through May 11th, 09:21 (deltas 14223 through 14332). The filenames of the copies of the manifest are in versions-of-ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft.txt The filenames are the SHA256 hash of the content of the file. The versions-of-ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft-decoded.txt file contains human-readable decoded versions of all the copies of the manifests seen in the RRDP delta stream. Manifest number: 55CC Manifest number: 55CD Manifest number: 55CE Manifest number: 55CF Manifest number: 55D0 Manifest number: 55D1 Manifest number: 55D2 Manifest number: 55D3 Manifest number: 55D4 Manifest number: 55D5 Manifest number: 55D6 Manifest number: 55D7 *gap 1* Manifest number: 55D9 Manifest number: 55DA *gap 2* *gap 3* Manifest number: 55DD *gap 4* *gap 5* Manifest number: 55E0 Manifest number: 55E1 Manifest number: 55E2 *gap 6* *gap 7* Manifest number: 55E5 *gap 8* *gap 9* Manifest number: 55E8 Manifest number: 55E9 Manifest number: 55EA Manifest number: 55EB Manifest number: 55EC None of the RRDP delta files contains a of ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft with manifestNumber 55E7. This is an 'impossible' situation (shouldn't happen) and means there is something wrong with the LACNIC RRDP server. Either the RRDP files are retro-actively modified, or there are multiple RRDP servers using the same Session ID but serving different files. Unless RRDP servers are perfectly synchronised, they should not use the same session ID.