How to create and add RPKI ROAs?

RPKI is a certificate-based service that allows users to certify their Internet number resources to help secure Internet routing. It is a Public Key Infrastructure based service that enables IP address holders to specify which Autonomous Systems (ASes) are authorized to originate their IP address prefixes.

RPKI ensures that the BGP announcements coming from a router are validated to ensure that announcements are coming from the resource holder and that a route is a valid route. This is done through Route Object Authorisation (ROA). 

A ROA contains three informational elements:

  1. The AS Number that is authorised
  2. The prefix that may be originated from the AS
  3. The Maximum Length of the prefix

 

How to create ROAs on MyAFRINIC

  1. Create ROA by providing the following:
  2. Select Issue ROA’s
  3. Resource Certification
  4. Go to Resources
  5. Login to https://my.afrinic.net
  1. Enter a unique ROA name
  2. Select the originating ASN
  3. Select the IPv4 Prefix
    1. Click on the plus "+" icon for the ROA creation text fields
    2. Enter your preferred Max Length (The most specific prefixes that may be originated from the AS)
  4. Select the IPv6 Prefix where applicable
    1. Click on on the plus "+" icon for the ROA creation text fields
    2. Enter your preferred Max Length (The most specific IPv6 prefixes that may be originated from the AS)
  5. Select the ROA validity start date
  6. Select the ROA expiry date 
    bpki faq 5 1
  1. Click “add ROA”

 

on Friday May 31 by duksh
Was this helpful?
Date and time in Mauritius -