Resource Certificate (RC):
RPKI assigns an IP prefix to a public key via a Resource Certificate (RC), issued by the authoritative entity for that IP prefix. This allows the owner of the corresponding private key to issue a ROA specifying the AS numbers of ASes authorized to advertise the IP prefix in BGP.
For example, Deutsche Telekom in the figure below was certified by RIPE for its address space 220.127.116.11/10.
RPKI RCs form a certification hierarchy as follows: At the top of the hierarchy are the five Regional Internet Registries (RIRs). Each RIR holds a root (self-signed) RC covering all IP addresses in its geographical region.
Organizations that were allocated an IP prefix directly by an RIR can request the RIR to issue them an RC, validating their ownership of the IP prefix.
Back to the main page