Resource Public Key Infrastructure (RPKI):
The Resource Public Key Infrastructure (RPKI) [RFC6480] is a hierarchical certification system.
RPKI stores Route Origin Authorizations (ROAs), signed records that bind an IP address block to the AS that is allowed to advertise it in BGP.
ROAs can be leveraged by BGP routers to perform Route-Origin Validation (ROV): identifying and discarding "invalid" BGP route-advertisements from unauthorized ASes, thus protecting against IP prefix hijacking.
Beyond being the leading and, thus far, only standardized solution to prefix hijacking, RPKI is also a prerequisite for prominent routing security mechanisms such as BGPsec, and for other proposals for defending against BGP path-manipulation attacks, such as soBGP and path-end validation.


Back to the main page