Advancing RPKI: NRO RPKI Program in 2025 for Trust, Transparency, and User Experience
This blog post is the fifth installment in the NRO RPKI Program series. Read the previous posts here.
The NRO RPKI Program aims to provide a more consistent and uniformly secure, resilient, and reliable Resource Public Key Infrastructure (RPKI) service. For 2025, the RPKI Steering Group, which includes RPKI experts from the five Regional Internet Registries (RIRs), set out to work on two main areas:
- Enhancing the transparency, robustness, and security of the RPKI system.
- Increasing the consistency of the RPKI system user experience across RIRs.
Our first objective is to gain a better understanding and make progress toward improved transparency, robustness, and security of the RPKI system, with a key focus on publishing a consultation for the technical community that puts forth a solution to current concerns regarding the RPKI Trust Anchor configuration. The RIRs are working on a formal specification to communicate Internet number resource constraints for each Trust Anchor. A draft of this specification will be shared with the technical community later this year for feedback and discussion, and keep your eyes peeled for a blog article that will share more about the specification.
For our second objective, we hope to increase the consistency of the RPKI system user experience. This involves consolidating RPKI-related documentation, standardizing terminology, and aligning on recommended best practices. As part of this objective, we have agreed on a list of RPKI features and services that we consider to be core to the RPKI system:
- Hosted service
- Delegated service
- API for Route Origin Authorization (ROA) management
- Autonomous System Provider Authorizations (ASPAs) through Member portal
- ASPAs through API
- Short-lived Trust Anchor certificates
In the second half of 2025, we plan to publish a road map for these core features and services to be offered by all RIRs.
The RPKI Steering Group has also agreed on a set of features that we believe would be nice to have in future releases, and will work toward implementing those across RIRs when possible:
- Hybrid service (publication as a service)
- Signed Trust Anchor Locator
- RPKI signed checklists
- BGPsec
- Testing environment
Additionally, we have been working on a comprehensive gap analysis of RPKI user interfaces across all RIRs. We have also published an RPKI content repository that contains links to relevant RPKI content from the five RIRs. In the coming months, we will publish a document that summarizes the process of creating a ROA through each RIR.
If you would like to get in touch with the RPKI Steering Group, please email rpki_program@nro.net. For more news on the NRO RPKI Program and its outcomes, please watch out for our next blog article.
Learn more about ARIN’s RPKI services at arin.net/RPKI.
Any views, positions, statements, or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness, or validity of any claims or statements, nor shall ARIN be liable for any representations, omissions, or errors contained in a guest blog post.
Recent blogs categorized under: RPKI
GET THE LATEST!
Sign up to receive the latest news about ARIN and the most pressing issues facing the Internet community.
SIGN ME UP →Blog Categories
RPKI • Security • Tips • Training • Updates • IPv6 • Fellowship Program • Caribbean • ARIN Bits • Elections • Outreach • Public Policy • Guest Post • Grant Program • Data Accuracy • Business Case for IPv6 • Internet Governance • IPv4 • Customer Feedback • IRR
