Sections

You are here: Home > LIR Services > Resource Management > Resource Certification (RPKI) > Publication of Certificates and ROAs

Quick Links

Certification Overview

Contact

Please contact certification _at_ ripe _dot_ net if you need more information.

Stay up to date!

Follow the #RPKI hashtag on Twitter.

Publication of Certificates and ROAs

07 Dec 2011

When you choose to use the hosted system, your certificate and all ROAs you create are automatically published in a repository hosted by the RIPE NCC. Anyone can fetch the contents of this repository to create a local cache and validate if the legitimate holder of the prefix authorises a certain route announcement.

If you run your own Certificate Authority software, you can choose where to publish your certificate and ROA. You can either run a repository yourself, or you can ask a third party to publish for you. Running your own repository means keeping a server up and running at all times. This may not be desirable for everyone. Also, if every member did this, the RPKI system would not scale, because fetching all ROAs would require an enormous amount of connections to get the full data set. It is expected that very large ISPs will run their own ROA repository and smaller ones will publish with a third party.

In 2012, the RIPE NCC will become a publication point, so members running their own Certificate Authority software can publish their objects in the RIPE NCC ROA repository. Until then, you will either have to publish yourself or find a third party who will publish for you. If you are interested in becoming an RPKI publication point, or if you are looking for one, please contact certification _at_ ripe _dot_ net for more information.

More Information:
RIPE NCC Public ROA Repository


<< The Route Origin Authorisation (ROA)		Making Better Routing Decisions Through RPKI Validation >>