About RPKI

Benefits of RPKI Adoption

Adopting Resource Public Key Infrastructure (RPKI) helps establish a more trusted and collaborative environment among Internet number resource holders and network operators connected to the Internet. By adopting RPKI, companies can rely on verifiable information about IP address and route legitimacy, which can help resolve routing issues and combat network attacks. This leads to a more reliable and secure Internet infrastructure for everyone.

• Creating Route Origin Authorizations (ROAs) for your resources benefits more than just you. Operators make decisions based on Route Origin Validation, leading to a more reliable and secure Internet infrastructure.

• RPKI has been proven to interrupt hijacking attempts before they impact the operation of the global Internet.

• A growing number of Internet service providers require you to create ROAs for your resources before a business relationship is established. Becoming familiar with how RPKI works can help you be prepared for future requests.

• The Internet Engineering Task Force continually defines new features and use cases for RPKI, which helps increase its effectiveness to benefit all Internet users.

Using ARIN’s RPKI Services

There are two ways to use ARIN’s RPKI services: certifying your ARIN resources, or performing Route Origin Validation via ARIN’s repository.

Certify Your ARIN Resources

If you have Internet number resources that are covered by an ARIN Agreement, you can certify that you have authority over routes that originate from your IP addresses. You do this by requesting certificates and creating ROAs. The ROAs are then made available to RPKI validators.

To certify your resources, you’ll need:

• IPv4 or IPv6 resources issued to you directly from ARIN
• An Autonomous System Number (ASN) from ARIN or another Regional Internet Registry
• A signed ARIN Agreement covering the resources you wish to certify
• An ARIN Online account linked to an Admin, Tech, or Routing Point of Contact with authority to manage those resources

Perform Route Origin Validation

You can obtain information about routes from ARIN’s RPKI repository to make routing decisions for your network. This is also known as being a “relying party.”

To collect information from ARIN’s RPKI repository, you’ll need to:

1. Install a RPKI Validator

An RPKI validator is a program used to fetch ARIN’s RPKI repository data, validate its contents, and store the information in its cache. This data can be used by network operators to make more informed routing decisions.

Download an RPKI validator (also known as relying party software) and install it in your network. Consult the validator’s software documentation for system requirements and installation instructions.

2. Obtain Routing Information via ARIN’s Trust Anchor Locator (TAL)

A TAL is a file used to allow relying parties to retrieve RPKI data from a repository. Each Regional Internet Registry has a TAL needed to access its RPKI repository. ARIN’s TAL contains the URL of ARIN’s published RPKI repository and ARIN’s encrypted public key. The public key is used to cryptographically verify that ARIN has signed the artifacts within the repository.

Your validator will connect to ARIN’s RPKI repository via RPKI Repository Delta Protocol or rsync and download the validated RPKI certificates and ROAs from which you can make routing decisions based on RPKI validity data. Validators periodically fetch data from ARIN’s repository every few minutes.