ARIN's Trust Anchor Locator (TAL)
ARIN’s Trust Anchor Locator (TAL) is a file that contains both the location of ARIN’s Resource Public Key Infrastructure (RPKI) repository and ARIN’s public key, which is used to cryptographically verify that ARIN has signed the artifacts within ARIN’s RPKI repository. The TAL is used with an RPKI Validator to verify the certificates and ROAs within ARIN’s RPKI repository. This validated information can then be used to make routing decisions in your network.
For more information on using ARIN’s TAL and ARIN’s RPKI Repository for routing (also known as being a “relying party”), visit Resource Certification (RPKI).
Before obtaining or using ARIN’s TAL, you must read and accept ARIN’s Relying Party Agreement.
Relying Party Agreement (RPA)
ARIN’s RPA comprises a set of terms and restrictions applicable to any entity wishing to access and/or utilize ARIN’s TAL. In an effort to prevent improper distribution, tampering, or forging of data contained within ARIN’s TAL, all prospective relying parties must read and accept the RPA before gaining access to it.
Software Installation Tools
Software installation tools may download the ARIN TAL on behalf of a user after the user has confirmed their acceptance of the ARIN Relying Party Agreement on the ARIN website. This acceptance must require “agreement to the ARIN Relying Party Agreement” and obtain a non-ambiguous affirmative action by clicking on, or the entry of, a word of agreement (such as “yes” or “accept”).
Attention: This package requires the download of the ARIN TAL and agreement to the ARIN Relying Party Agreement (RPA).
Type “yes” to agree, and you can proceed with the ARIN TAL download: yes
Downloading the ARIN TAL
ARIN’s TAL is used to retrieve and verify its RPKI Repository. ARIN publishes all Certificates, Certificate Revocation Lists (CRLs), and RPKI-signed objects in its RPKI Repository. The ARIN RPKI Repository is available to anyone under the terms and conditions in the Relying Party Agreement. By accessing ARIN RPKI Repository information or downloading the ARIN TAL (regardless of format), you agree to be bound by the Relying Party Agreement.
- Download the latest version of the ARIN TAL: This file is in RFC 7730 format and contains a link to the ARIN trust anchor in both rsync and HTTPS protocols.
- Access the ARIN TAL in a legacy format: These files can be used to configure an older validator.
Redistribution of RPKI-related Data
Organizations that wish to distribute RPKI-related data for purposes not covered in the Relying Party Agreement, including but not limited to distribution for real-time routing purposes may be interested in execution of a Redistributor RPA with ARIN.
Interested organizations should review the Redistributor RPA and contact firstname.lastname@example.org for further information regarding application and qualifications. ARIN will review all Redistributor RPA requests for suitability before entry into the Redistributor RPA with any party.
- ARIN's Trust Anchor Locator (TAL)
- Hosted RPKI
- Delegated RPKI
- Route Origin Authorizations (ROAs)
- RPKI Frequently Asked Questions
- RPKI Troubleshooting
Registration Services Help Desk
7:00 AM to 7:00 PM ET