RPKI proves the association between specific IP address blocks or ASNs and the holders of those Internet number resources. The certificates are proof of the resource holder's right of use of their resources and can be validated cryptographically. RPKI is based on an X.509 certificate profile defined in RFC3779.
In RPKI, the certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by the IANA to the Regional Internet Registries (RIRs), who in turn distribute them to the Local Internet Registries (LIRs) and, ultimately, to their customers.
We act as a trusted Certification Authority (CA) and issue certificates to resource holders. Certificate Authorities verify that the public key in the generated certificate is the public key of the identified party.