Resource Public Key Infrastructure (RPKI)

  1. What is RPKI?
  2. Why do we need RPKI?
  3. What is a ROA?
  4. How do I validate ROAs?

What is RPKI?

Resource Public Key Infrastructure (RPKI) is a public key infrastructure framework designed to secure the Internet’s routing infrastructure, specifically the Border Gateway Protocol. RPKI provides a way to connect Internet number resource information (such as IP Addresses) to a trust anchor. Using RPKI, legitimate holders of number resources are able to control the operation of Internet routing protocols to prevent route hijacking and other attacks. More information.

Why do we need RPKI?

Routing protocols are potentially at risk of attacks that can harm individual users or network operations as a whole. RPKI was specified by the IETF to provide a secure means to certify the allocation of Internet number resources, as a step towards securing routing. The Internet Architecture Board considers “a properly designed and deployed RPKI an absolute prerequisite to having a secure global routing system, which is in turn a prerequisite to having a reliable worldwide Internet.”

What is a ROA?

A ROA or Route Origin Authorization is an attestation of a BGP route announcement. It attests that the origin AS number is authorized to announce the prefix(es). The attestation can be verified cryptographically using RPKI.

How do I validate ROAs?

ou can validate ROA objects using relying-party software such as the Dragon Research Labs RPKI Toolkit, RIPE’s RPKI Validator or Relying Party Security Technology for Internet Routing.

For further assistance, please contact the
APNIC Helpdesk:

Email Email
Phone Phone
+61 7 3858 3188
Multi-language phone support

Bahasa Indonesia, Bengali, Cantonese, English, Filipino (Tagalog), Hindi, and Mandarin.

Voip VoIP
Fax Fax
+ 61 7 3858 3199