Resource Certification

Resource Public Key Infrastructure (RPKI) is a robust security framework, designed to secure Border Gateway Protocol (BGP) routing. RPKI is similar to the IRR “route” objects but adding the authentication with cryptography. Resource certification is based on X.509 PKI certificate standards.

A Route Origin Authorization (ROA) is a cryptographically/Digitally signed object that tells us which Autonomous Number is authorized to originate a particular IP address prefix or set of the prefix. ROA is based on RPKI. RPKI ensures that the BGP announcements coming from resource holders and that route are a valid route.

Benefit of ROA

a) Protection with route hijacking

b) Stop bad routing information/misconfiguration

c) Secure BGP

How to raise request for ROA registration:-

Send a mail at [email protected] from your registered email id along with the below-mentioned details.

1)  ASN (ASN through which you will announce your IP block)

2)  IP Prefix

3)  MSA (Route's most specific announcement Ex:- Length of IP like /22,/23,/24)

For Example:-

1)  AS24029

2)  192.168.0.0/22

3)  /24

It will make 7 ROA prefix entry one of /22 , two of /23 and four of /24

How to check ROA validity:

https://rpki-validator.ripe.net/roas