RPKI is a certificate-based service that allows users to certify their Internet number resources to help secure Internet routing. It is a Public Key Infrastructure based service that enables IP address holders to specify which Autonomous Systems (ASes) are authorized to originate their IP address prefixes.
RPKI ensures that the BGP announcements coming from a router are validated to ensure that announcements are coming from the resource holder and that a route is a valid route. This is done through Route Object Authorisation (ROA).
A ROA contains three informational elements: