Sections

You are here: Home > LIR Services > Resource Management > FAQs > FAQ: Certification > What is a Route Origin Authorisation (ROA)?

Quick Links

RIPE NCC Survey 2013

RIPE Database Search: By pressing the "Search" button you explicitly express your agreement with the RIPE Database Terms and Conditions.

IPv4 Exhaustion: We are now allocating IPv4 address space from the last /8.; Find out more

Service Announcements

All of our services are operating normally.

What is a Route Origin Authorisation (ROA)?

13 Jun 2012

A ROA is a cryptographically signed object that states which Autonomous System (AS) is authorised to originate a certain prefix. Because a ROA is a child object of a resource certificate, only the legitimate holder of a certain IP address block can create a valid ROA for one of the prefixes that the LIR holds.

In addition, a ROA can specify a maximum prefix length. When present, this specifies the length of the most specific IP prefix that the AS is authorised to advertise. When it is not present, the AS is only authorised to advertise exactly the prefix specified. Any more specific announcement of the prefix will be considered RPKI Invalid. This is a way to enforce aggregation and prevent hijacking through the announcement of a more specific prefix.

More information on ROAs, including several examples, is available.