xiaoyu.net via Manrs-community wrote on 13/11/2024 17:42:

I mean to allow the person who authorizes the use of the IP to submit and manage the ROA and RPKI settings themselves.

Are you talking about a LIR assignment from an allocated block of LIR addresses? If that's the case, then it's the LIR that authorises the use of the IP address block, and they can manage them as appropriate. The holder of the addresses doesn't change because it's been assigned to a customer of theirs.

If you're talking about a direct assignment from the RIPE NCC (i.e ASSIGNED PI), then there's a couple of policy items that would be relevant. One would be that assignments can't be sub-assigned, i.e. if you're thinking of sharing this with other people, it's probably not permitted by policy. Another would be that the annual charge for the address space is low because there's a sponsoring LIR who is a RIPE NCC member, who handles the relationship with the RIPE NCC. I.e. you don't have a direct relationship with the RIPE NCC. If you want a direct relationship with the RIPE NCC, you can become a member and handle your own RPKI.

Or if this is a direct assignment you could ask your sponsoring LIR to set you up with hosted RPKI, and run your own service.

I think it would be a good idea for manrs to set up an RPKI hosting service.

How would a third party organisation be able to attest legally that someone was the canonical holder of a block of IP addresses? The only organisation in the RIPE NCC service region that can do that is the RIPE NCC - because they're the address registry and have the canonical list of assignments and allocations.

Nick