Trust Anchor Locator
APNIC operates the RPKI system under a single trust anchor. This has been chosen to cover ‘all resources’ across IPv4, IPv6 and ASNs in line with a decision made by the NRO.
The TAL for APNIC RPKI, and for AS0 RPKI (Authenticated denial of unallocated and unassigned resources) are published here.
Both of these TAL are available in a range of formats: RFC7730, RFC6490, Ripe-Validator, and with the additional https URI for the certificate in the TAL.
Use of the APNIC TAL is governed by our limitations of liability which are published in the CPS page, but also at RPKI liability.
1. APNIC RPKi TAL in RFC7730 format
rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8
qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI
7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr
LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf
i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H
cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou
0wIDAQAB
Should APNIC change the TAL, this will be communicated widely, and software should be updated. The TAL can always be verified by referring to these web pages.
Under this single TAL, APNIC operates a number of subsidiary RPKI CAs to represent the states of Internet number resources we receive from IANA directly, and from other RIRs via transfers. This logistical separation means we can clearly identify transfers in from resources delegated down.
Previously, APNIC operated five distinct TALs, one for each of these cases (the four other RIRs and IANA). A transition plan was enacted which completed in February 2018 and is documented here.
2. Additional TAL for AS0
The Implementation of Prop132 (AS0 ROA for bogons) necessitates the use of an additional TAL, because we operate this service discretely, separated from the main service TAL.
rsync://rpki-as0.apnic.net/repository/APNIC-AS0-AP/apnic-rpki-root-as0-origin.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7xn+C9dYQDHGaEIqFteuEnW3r9KJOajc
6Jl2ZdgB7qps+dvij1ZAhK/FTKBNGgzM7zLLg2dcDiZRBYd7bgFBC+nZouOCsm/o6JRSZqk84bNq
NcxuWuyt0iIBc9n0rZIo4YoJOh1Xjs1lq6B6MikR2iTC1aApFC/haZAS1/i1awNcvAb9xfVdp0/M
pI0Ip8rmJix33NCWtaORkn21JgTrE3H0Ov8oAxYfbHLZQ8sI8gI7yrpipCDok8cCVi7+F579ROXv
SpZUFF5a/rtWABoNfXT5nFYMAZJoGoAazBIFBiCUaxUJsaTVChDdAw10qFQu7ZPKyTdoHh+LD0r8
Sro7qwIDAQAB
Use of the AS0 TAL is governed by our limitations of liability which are published in the CPS page , but also at RPKI liability.