New RPKI Trust Anchor

Posted: Wednesday, 20 September 2017

On 19 September 2017, ARIN held a key ceremony to move to a RPKI Trust Anchor that reflects all holdings (0/0) to fulfill our commitment to the deadline set by the Number Resource Organization (NRO) for all of the Regional Internet Registries (RIRs). This action is detailed in the “All Resources Applicability Statement” dated 21 January 2017:

"This document provides an applicability statement for the use of multiple, over-claiming ‘all resources’ (0/0) RPKI certificate authorities (CA) certificates used as trust anchors (TAs) operated by the Regional Internet Registry community to help mitigate the risk of massive downstream invalidation in the case of transient registry inconsistencies."

To mitigate the risk and alleviate this threat, the RIRs agreed to move from a Trust Anchor that reflects only their current holdings to one that reflects all holdings. This improvement will provide a more robust way of allowing resources that are covered under RPKI to be transferred from one RIR to another.

Note that current ARIN RPKI users do not need to re-download the TAL, as the TAL has not changed.

If you are new to RPKI and want to start validating RPKI data from the ARIN region, you can download the ARIN TAL from the following location:


Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)