You are here: Home > Manage IPs and ASNs > Documentation for Resource Management > FAQs: Resource Management > FAQ: Certification > How does RPKI protect me from BGP hijacking?

How does RPKI protect me from BGP hijacking?

Resource Certification (RPKI) allows LIRs to make a cryptographically verifiable statement, known as a Route Origin Authorisation (ROA), indicating which Autonomous Systems are authorised to originate the IP prefixes that the LIR holds. This marks the associated BGP announcements as RPKI Valid. At the same time, any origination of the prefix by an unauthorised AS i.e. a BGP hijack, is marked as RPKI Invalid.

Any network operator can base routing decisions on the information that the RPKI data set provides. In order to do this, there are several validation toolsets available that can integrate into existing workflows.

Please note that in the current implementation, RPKI only provides origin validation, not path validation.

RIPE NCC Survey 2016