Resource Certification
Resource Public Key Infrastructure (RPKI) is a robust security framework, designed to secure Border Gateway Protocol (BGP)
routing. RPKI is similar to the IRR “route” objects but adding the
authentication with cryptography. Resource certification is based
on X.509 PKI certificate standards.
A Route Origin Authorization (ROA) is a cryptographically/Digitally signed object that tells us which
Autonomous Number is authorized to originate a particular IP
address prefix or set of the prefix. ROA is based on RPKI. RPKI
ensures that the BGP announcements coming from resource holders and
that route are a valid route.
Benefit of ROA
a) Protection with route hijacking
b) Stop bad routing information/misconfiguration
c) Secure BGP
How to raise request for ROA registration:-
Send a mail at [email protected] from your registered email id along with the below-mentioned details.
1) ASN (ASN through which you will announce your IP block)
2) IP Prefix
3) MSA (Route's most specific announcement Ex:- Length of IP like /22,/23,/24)
For Example:-
1) AS24029
2) 192.168.0.0/22
3) /24
It will make 7 ROA prefix entry one of /22 , two of /23 and four of /24
How to check ROA validity: