RPKI

What is RPKI?

Resource Public Key Infrastructure (RPKI) is a public key infrastructure framework designed to secure the Internet’s routing infrastructure, specifically the Border Gateway Protocol. RPKI provides a way to connect Internet number resource information (such as IP Addresses) to a trust anchor. Using RPKI, legitimate holders of number resources are able to control the operation of Internet routing protocols to prevent route hijacking and other attacks. More information.

Why do we need RPKI?

Routing protocols are potentially at risk of attacks that can harm individual users or network operations as a whole. RPKI was specified by the IETF to provide a secure means to certify the allocation of Internet number resources, as a step towards securing routing. The Internet Architecture Board considers a “properly designed and deployed RPKI an absolute prerequisite to having a secure global routing system, which is in turn a prerequisite to having a reliable worldwide Internet.”

What is ROA?

A ROA or Route Origin Authorization is an attestation of a BGP route announcement. It attests that the origin AS number is authorized to announce the prefix(es). The attestation can be verified cryptographically using RPKI.

How does SGIX validate ROAs?

We validate ROA objects using relying-party software. These systems are written and maintained by third parties.