ARIN's Trust Anchor Locator (TAL)
ARIN’s Trust Anchor Locator (TAL) is a file that contains both the location of ARIN’s RPKI repository and ARIN’s public key, which is used to cryptographically verify that ARIN has signed the artifacts within ARIN’s repository. The TAL is used with an RPKI Validator to verify the certificates and ROAs within ARIN’s RPKI repository. This validated information can then be used to make routing decisions in your network.
For more information on using ARIN’s TAL and ARIN’s RPKI Repository for routing (also known as being a “relying party,” visit Resource Certification (RPKI).
Before obtaining or using ARIN’s TAL, you must read and accept ARIN’s Relying Party Agreement.
Relying Party Agreement (RPA)
ARIN’s RPA comprises a set of terms and restrictions applicable to any entity wishing to access and/or utilize ARIN’s TAL. In an effort to prevent improper distribution, tampering, or forging of data contained within ARIN’s TAL, all prospective relying parties must read and accept the RPA before gaining access to it.
Software Installation Tools
Software installation tools may download the ARIN TAL on behalf of a user after the user has confirmed their acceptance of the ARIN Relying Party Agreement on the ARIN website. This acceptance must require “agreement to the ARIN Relying Party Agreement” and obtain a non-ambiguous affirmative action by clicking on, or the entry of, a word of agreement (such as “yes” or “accept”).
Attention: This package requires the download of the ARIN TAL and agreement to the ARIN Relying Party Agreement (RPA).
Type “yes” to agree, and you can proceed with the ARIN TAL download: yes
ARIN publishes all Certificates, Certificate Revocation Lists (CRLs), and RPKI-signed objects in its RPKI Repository. The ARIN Repository is available to anyone under the terms and conditions in the Relying Party Agreement.
ARIN’s Trust Anchor Locator (TAL) is used to retrieve and verify ARIN’s Resource Public Key Infrastructure (RPKI) Repository.
The ARIN TAL is available in three formats. By accessing ARIN Repository information or downloading the ARIN TAL (regardless of format), you agree to be bound by the Relying Party Agreement.
Please right click and save the format you would like.
- RFC 7730 format
- RFC 6490 format
- RIPE NCC RPKI Validator format
Redistribution of RPKI-related Data
Organizations that wish to distribute RPKI-related data for purposes not covered in the Relying Party Agreement, including but not limited to distribution for real-time routing purposes may be interested in execution of a Redistributor RPA with ARIN.
Interested organizations should review the Redistributor RPA and contact firstname.lastname@example.org for further information regarding application and qualifications. ARIN will review all Redistributor RPA requests for suitability before entry into the Redistributor RPA with any party.
- ARIN's Trust Anchor Locator (TAL)
- Hosted RPKI
- Delegated RPKI
- Route Origin Authorizations (ROAs)
- RPKI Frequently Asked Questions
- RPKI Troubleshooting
Registration Services Help Desk
7:00 AM to 7:00 PM ET