Routing Security Eligibility FAQ's

Why am I unable to create ROAs, IRR objects, or DNSSEC records for directly issued internet number resources?

Internet number resources (IPs or ASNs) without a signed ARIN Registration Services Agreement (RSA or LRSA) on file, are ineligible to use RPKI, IRR and DNSSEC services provided to members by ARIN.

Why am I unable to create ROAs, IRR objects, or DNSSEC records for resources assigned to me by my upstream provider?

Internet number resources reassigned to you by your upstream provider without a signed ARIN RSA or LRSA on file, are ineligible to use RPKI, IRR and DNSSEC services provided to members by ARIN.

ARIN’s RPKI system only supports directly issued resources.

What are my options if resources reassigned to me by my upstream provider are not covered by an RSA or LRSA?

If your resources are not under agreement, you need to contact your upstream provider for resolution.

Is it possible to see the full list of my resources currently ineligible for these routing security features from ARIN?

Log in to ARIN Online, and, if applicable, an alert will be on your dashboard notifying you that you have networks ineligible for routing security features. Select this link and you will be directed to a search result restricted to your ineligible networks.

Additionally, these results can be downloaded as a CSV file via the ‘Download CSV’ button on the lower right corner.

How can I begin the process of getting direct-issue resources under agreement?

Please follow the steps at Legacy Application Process.

How can I determine who my upstream is?

This info is available in the RDAP, Whois, and on Net View.

Where can I find additional information about services available to organizations holding legacy resources?

A more detailed explanation of available services can be found at Services Available to Organizations Holding Legacy Resources.