Your IP address could not be determined at this time.

Trust Anchor Locator (TAL)

Using RPKI Routing as a Relying Party

To act as an RPKI relying party and retrieve data from ARIN's RPKI database, entities should use an RPKI Validator and ARIN's Trust Anchor Locator (TAL).The TAL contains both the location of ARIN's repository and ARIN's public key, which is used to cryptographically verify that ARIN has signed the artifacts within ARIN's repository. RPKI validators can then verify the certificates and ROAs within the repository. 

Follow these steps:

  1. Download a validation tool, such as the RIPE NCC RPKI Validator. (You can also use other validators such as that from Dragon Research or RPSTIR.)
  2. If using the RIPE NCC RPKI Validator, it contains the TALs from these individual IRRs: AFRINIC, APNIC, LACNIC, and RIPE NCC. It doesn't include the ARIN TAL. Download the ARIN TAL (linked below; choose RIPE NCC RPKI Validator format).
  3. Transfer the TAL to your routing policy engine using one of the following methods:
    1. Direct transfer to the router using RTR protocol
    2. Transfer using custom scripts and the REST API
    3. Transfer as RPSL objects

ARIN recommends reading RFC 6810: The Resource Public Key Infrastructure (RPKI) to Router Protocol to learn more about transferring RPKI information to routers.

Software Installation Tools

Software installation tools may download the ARIN TAL on behalf of a user after the user has confirmed their acceptance of the ARIN Relying Party Agreement (RPA) on the ARIN website.  This acceptance must require "agreement to the ARIN Relying Party Agreement (https://www.arin.net/resources/rpki/rpa.pdf)" and obtain a non-ambiguous affirmative action by clicking on, or the entry of, a word of agreement (such as  "yes" or "accept")

Example:

Attention: This package requires the download of the ARIN TAL and agreement to the ARIN Relying Party Agreement (RPA) (https://www.arin.net/resources/rpki/rpa.pdf).

Type "yes" to agree, and you can proceed with the ARIN TAL download: yes

Note: Software developers must notify ARIN (compliance@arin.net) of any software installation tools distributed that download the ARIN TAL as noted above.

ARIN TAL

ARIN publishes all Certificates, Certificate Revocation Lists (CRLs), and RPKI-signed objects in its Resource Public Key Infrastructure (RPKI) Repository. The ARIN Repository is available to anyone under the terms and conditions in the Relying Party Agreement.

ARIN's Trust Anchor Locator (TAL) is used to retrieve and verify ARIN's Resource Public Key Infrastructure (RPKI) Repository.

The ARIN TAL is available in three formats. By accessing ARIN Repository information or downloading the ARIN TAL (regardless of format), you agree to be bound by the Relying Party Agreement.

Please right click and save the format you would like.

Search Related Content

full site search.

Registration Services Help Desk

Interacting With ARIN

Monday through Friday
7:00 AM to 7:00 PM ET
Phone: +1.703.227.0660
Fax: +1.703.997.8844
Email: hostmaster@arin.net
Tips for Calling the Help Desk