Resource Public Key Infrastructure (RPKI)

Enhance the security and integrity of your network infrastructure by protecting your resources with ARIN’s Resource Public Key Infrastructure (RPKI) services.

What is RPKI?

ARIN RPKI

In the early Internet, routing was dependent on network relationships based on mutual trust. This model proved sufficient when each party expected that transmitted information was safe, accurate, and not affected by accidental or malicious activity. As the Internet grew from a simple platform for sharing information to a commercial platform, it has become increasingly vulnerable to abuse and attack.

RPKI uses cryptographically verifiable statements to ensure that Internet number resources are certifiably linked to the stated holders of those resources. This enables resource holders to attest which Autonomous System Numbers (ASNs) should originate their prefixes (i.e. blocks of IP addresses). Network operators can compare Border Gateway Protocol (BGP) announcements from the global Internet routing table with RPKI validity data to make informed decisions to enhance their routing security.

RPKI at ARIN

How Does RPKI Work at ARIN?

  1. Legitimate resource holders obtain a resource certificate from ARIN.
  2. That certificate allows resource holders to make cryptographically signed statements about the origin Autonomous System Number of a prefix.
  3. Data is fetched from ARIN that confirms the resources are valid.
  4. Network operators act based on this validation, enhancing security on a global scale.

Learn more about how RPKI works globally

Getting Started With RPKI

Adopting RPKI helps establish a more trusted and collaborative environment among Internet number resource holders and network operators connected to the Internet. Learn if your organization is eligible for ARIN’s RPKI services, and what you’ll need to get started.

More information

ARIN’s RPKI Services

Choose between Hosted, Delegated, or our Repository Publication Service, and learn which one is right for your organization.

More information

Route Origin Authorizations (ROAs)

Learn more about ROAs and how to create and manage them.

More information

Autonomous System Provider Authorization (ASPA)

Learn more about ASPAs and how to create and manage them. NOTE: ASPA objects are currently only available in ARIN’s Operational Test & Evaluation (OT&E) environment.

More information

RPKI Help and Resources

Need a little more help? Check out ARIN’s RPKI Help and Resources section to find answers about ROAs, best practices, what happens if you transfer your resources, terminology, and more.

More information

Additional RPKI Resources

ARIN Resources

External Resources