Routing Security Eligibility FAQs

Why am I unable to create ROAs, IRR objects, or DNSSEC records for directly issued Internet number resources?

In order to use ARIN’s routing security services, Internet number resources (IPs or ASNs) must be covered by a Registration Services Agreement (RSA or LRSA). A more detailed explanation of available services can be found at Services Available to Organizations Holding Legacy Resources.

Where can I get a full list of my resources that are ineligible for use with ARIN’s routing security services?

If applicable, an alert will be on your ARIN Online dashboard directing you to a search result restricted to your ineligible networks. Additionally, these results can be downloaded as a CSV file via the ‘Download CSV’ button on the lower right corner.

How do I bring directly issued resources that are not covered by an RSA under agreement?

You can follow the steps at Legacy Application Process.

Please note the Legacy Fee Cap will expire 1 January 2024. If you are interested in utilizing ARIN’s routing security services, we strongly encourage you to sign up for an LRSA before 1 January 2024 in order to secure the most favorable fees for your organization.

Why am I unable to create ROAs, IRR objects, or DNSSEC records for resources assigned to me by my upstream provider?

ARIN’s routing security services only support directly issued resources. Internet number resources reassigned to you by your upstream provider without a signed ARIN RSA or LRSA on file are ineligible to use RPKI, IRR, and DNSSEC services provided to members by ARIN.

What are my options if resources reassigned to me by my upstream provider are not covered by an RSA or LRSA?

If your resources are not under agreement, you need to contact your upstream provider for resolution.

How can I determine who my upstream is?

This info is available in the RDAP, Whois, and on Net View.