APNIC operates the RPKI system under a single trust anchor. This has been chosen to cover ‘all resources’ across IPv4, IPv6 and ASNs in line with a decision made by the NRO.
The TAL for APNIC RPKI, and for AS0 RPKI (Authenticated denial of unallocated and unassigned resources) are published here.
Both of these TAL are available in a range of formats: RFC7730, RFC6490, Ripe-Validator, and with the additional https URI for the certificate in the TAL.
1. APNIC RPKi TAL in RFC7730 format
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8 qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI 7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou 0wIDAQAB
Should APNIC change the TAL, this will be communicated widely, and software should be updated. The TAL can always be verified by referring to these web pages.
Under this single TAL, APNIC operates a number of subsidiary RPKI CAs to represent the states of Internet number resources we receive from IANA directly, and from other RIRs via transfers. This logistical separation means we can clearly identify transfers in from resources delegated down.
Previously, APNIC operated five distinct TALs, one for each of these cases (the four other RIRs and IANA). A transition plan was enacted which completed in February 2018 and is documented here.
2. Additional TAL for AS0
The Implementation of Prop132 (AS0 ROA for bogons) necessitates the use of an additional TAL, because we operate this service discretely, separated from the main service TAL.
rsync://rpki-as0.apnic.net/repository/APNIC-AS0-AP/apnic-rpki-root-as0-origin.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7xn+C9dYQDHGaEIqFteuEnW3r9KJOajc 6Jl2ZdgB7qps+dvij1ZAhK/FTKBNGgzM7zLLg2dcDiZRBYd7bgFBC+nZouOCsm/o6JRSZqk84bNq NcxuWuyt0iIBc9n0rZIo4YoJOh1Xjs1lq6B6MikR2iTC1aApFC/haZAS1/i1awNcvAb9xfVdp0/M pI0Ip8rmJix33NCWtaORkn21JgTrE3H0Ov8oAxYfbHLZQ8sI8gI7yrpipCDok8cCVi7+F579ROXv SpZUFF5a/rtWABoNfXT5nFYMAZJoGoAazBIFBiCUaxUJsaTVChDdAw10qFQu7ZPKyTdoHh+LD0r8 Sro7qwIDAQAB