Autonomous System Provider Authorizations (ASPAs)
Autonomous System Provider Authorization (ASPA) Overview
Note: Currently, ASPA functionality is only active in the Operational Test and Evaluation Environment for testing purposes.
An ASPA is a cryptographically signed object made by the authorized resource holder, that allows holders of Autonomous System (AS) identifiers in their capacity as Customers to authorize other ASes as their Providers. ASPAs may only be generated for Internet number resources covered by your resource certificate.
Creating an ASPA in ARIN Online
- Log in to ARIN Online and select Routing Security from the navigation menu.
- In the ‘Your Organization’ window, select Manage RPKI for the organization for which you want to add an ASPA.
- In the top menu, select ASPAs.
- Above the ‘Autonomous System Provider Authorizations’ window, select Create ASPA.
- In the ‘Create an Autonomous System Provider Authorization (ASPA)’ window, complete the required fields, then select Create ASPA.
- In the ‘Review ASPA’ window, review and submit your ASPA request by selecting Submit.
Viewing Your ASPAs
You can view your ASPAs using these methods:
Using the API
Visit ARIN’s RESTful provisioning system (Reg-RWS) to view a list of ASPAs for an organization. (Note that you will need an ARIN Online account with an API Key to use Reg-RWS.)
Using ARIN Online
- Log in to ARIN Online and select Routing Security from the navigation menu.
- In the ‘Routing Security Dashboard’ window, select Manage RPKI.
- Select ‘ASPAs’ in the top menu to view those created for the organization.
You can view your ASPAs for another organization by using the drop-down menu in the upper left to select a different Org ID and selecting ASPAs in the top menu.
Verifying Your ASPAs Are Active
The RPKI repository is updated every few minutes. To verify that your resources are active, you’ll need to use an RPKI validator and obtain ARIN’s RPKI repository. Visit Using ARIN’s RPKI Repository for Routing for more information.
Removing an ASPA
Removing a ASPA removes it from the RPKI repository, and adds it to the Certificate Revocation List (CRL) of the parent certificate. CRLs are published as part of the repository. Note that there is a system limitation for revocations in CRLs.
You can delete your ASPAs using one of the following methods:
Using the API
Visit ARIN’s RESTful provisioning system (Reg-RWS) to delete an ASPA (note that you will need an ARIN Online account with an API Key to use Reg-RWS).
Using ARIN Online
- Log in to ARIN Online and select Routing Security from the navigation menu.
- In the ‘Your Organization’ window, select Manage RPKI to view those created for the organization.
- In the ‘Autonomous System Provider Authorizations (ASPAs)’ window, select Remove.
- Choose Remove again to confirm the removal. Changes will take effect in the RPKI database immediately and will be reflected in the public RPKI repository within 24 hours.
Resource Certification (RPKI)
- ARIN's Trust Anchor Locator (TAL)
- Hosted RPKI
- Using ARIN’s RPKI with Bring Your Own IP Services
- ARIN Repository Publication Service (RPS) - 'Hybrid RPKI'
- Delegated RPKI
- ARIN's IRR Auto-Manager
- Autonomous System Provider Authorizations (ASPAs)
- Resource Public Key Infrastructure (RPKI) FAQs & Best Practices
- Route Origin Authorizations (ROAs)
- RPKI Troubleshooting
Registration Services Help Desk
7:00 AM to 7:00 PM ET
Phone: +1.703.227.0660
Fax: +1.703.997.8844