What is RPKI?

What is RPKI?

RPKI (Resource Public Key Infrastructure) is an authentication infrastructure which verifies who is a legitimate owner of the resources e.g. IP addresses and AS numbers. Even if your prefix is hijacked by someone, RPKI enables other Internet participants to verify to whom that prefix really belongs, and reject the forged one. RPKI system has been operated by each Regional Internet Registries. In Asia-Pacific region, APNIC has been running it officially, and JPNIC has been running it on the trial basis in Japan since 2013.

What is ROA?

ROA (Route Origin Authorization) is the data which proves the correct combination of IP Addresses and AS numbers in BGP messages. At this time, ROA public cache information we provide is the ROA information which MF provides in public. ROA can be described with multiple prefixes, and it enables routers to validate whether the BGP route announced from the Internet is truly correct or not. And there is a concept "maxlen (maximum prefix length)" in ROA. In addition to Prefix and Origin AS, this describes that until how long prefix length are allowed. As a result, a ROA enables to describe even if longer prefixes.

What is BGP Origin Validation?

BGP Origin Validation is to validate reliability of information of Origin AS when a BGP routers receives prefixes.

What is RPKI-RTR

RPKI-RTR (RPKI-to-Router) is a transfer protocol for the part of the ROA information provided by RPKI system to routers. It is defined in RFC6810. This protocol can make routers obtain necessary information for BGP Origin Validation.