Skip to main content

What is RPKI?

RPKI proves the association between specific IP address blocks or ASNs and the holders of those Internet number resources. The certificates are proof of the resource holder's right of use of their resources and can be validated cryptographically. RPKI is based on an X.509 certificate profile defined in RFC3779.

In RPKI, the certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by the IANA to the Regional Internet Registries (RIRs), who in turn distribute them to the Local Internet Registries (LIRs) and, ultimately, to their customers.

RIPE NCC and RPKI

We act as a trusted Certification Authority (CA) and issue certificates to resource holders. Certificate Authorities verify that the public key in the generated certificate is the public key of the identified party.

Benefits of RPKI

  • Routing information corresponds to verified delegated resources, giving resource holders proof that they hold certain resources and have the right to use an IP address or ASN
  • Resource holders can demonstrate their holdership of their resources when distributing them to customers/users
  • Resource users can protect information related to their delegated resources with a digital signature. Any effort to alter this information results in the signature being invalidated
  • Only resource holders with a properly delegated 'right of use' can generate a signature that associates Internet number resources with their signing