Resource Public Key Infrastructure (RPKI)
Enhance the security and integrity of your network infrastructure by protecting your resources with ARIN’s Resource Public Key Infrastructure (RPKI) services.
What is RPKI?
In the early Internet, routing was dependent on network relationships based on mutual trust. This model proved sufficient when each party expected that transmitted information was safe, accurate, and not affected by accidental or malicious activity. As the Internet grew from a simple platform for sharing information to a commercial platform, it has become increasingly vulnerable to abuse and attack.
RPKI uses cryptographically verifiable statements to ensure that Internet number resources are certifiably linked to the stated holders of those resources. This enables resource holders to attest which Autonomous System Numbers (ASNs) should originate their prefixes (i.e. blocks of IP addresses). Network operators can compare Border Gateway Protocol (BGP) announcements from the global Internet routing table with RPKI validity data to make informed decisions to enhance their routing security.
RPKI at ARIN
How Does RPKI Work at ARIN?
- Legitimate resource holders obtain a resource certificate from ARIN.
- That certificate allows resource holders to make cryptographically signed statements about the origin Autonomous System Number of a prefix.
- Data is fetched from ARIN that confirms the resources are valid.
- Network operators act based on this validation, enhancing security on a global scale.
Learn more about how RPKI works globally
Getting Started With RPKI
Adopting RPKI helps establish a more trusted and collaborative environment among Internet number resource holders and network operators connected to the Internet. Learn if your organization is eligible for ARIN’s RPKI services, and what you’ll need to get started.
ARIN’s RPKI Services
Choose between Hosted, Delegated, or our Repository Publication Service, and learn which one is right for your organization.
Route Origin Authorizations (ROAs)
Learn more about ROAs and how to create and manage them.
Autonomous System Provider Authorization (ASPA)
Learn more about ASPAs and how to create and manage them. NOTE: ASPA objects are currently only available in ARIN’s Operational Test & Evaluation (OT&E) environment.
RPKI Help and Resources
Need a little more help? Check out ARIN’s RPKI Help and Resources section to find answers about ROAs, best practices, what happens if you transfer your resources, terminology, and more.
Additional RPKI Resources
ARIN Resources
External Resources
- RPKI Documentation at readthedocs.io
- RFC 6810: The Resource Public Key Infrastructure (RPKI) to Router Protocol
- Resource Certification Explained video from the Number Resource Organization (NRO)
- SIDR Working Group Documents
- Resource Certification at AFRINIC
- Resource Certification at APNIC
- Resource Certification at LACNIC
- Resource Certification at RIPE NCC
Resource Public Key Infrastructure (RPKI)
- About RPKI
- RPKI Deployment Options
- Route Origin Authorizations (ROAs)
- Autonomous System Provider Authorizations (ASPAs)
- RPKI Help and Information
Related
- RPKI RESTful API User Guide
- ARIN’s Trust Anchor Locator (TAL)
- ARIN’s Operational and Test Environment (OT&E)
- Training & Education Resources at ARIN
- ARIN Certification Practice Statement for Resource Certification
- Why RPKI?: Enhance the Security and Integrity of Your Network Infrastructure
Registration Services Help Desk
7:00 AM to 7:00 PM ET
Phone: +1.703.227.0660
Fax: +1.703.997.8844