What is ROA?

A Route Origin Authorisation (ROA) is a cryptographically signed object that states which Autonomous System (AS) is authorised to originate a certain prefix. This means ROAs say something about the BGP announcements that are done with your address space.

A ROA contains three informational elements:

  • The AS Number that is authorised
  • The prefix that may be originated from the AS
  • The Maximum Length of the prefix

Maximum Length specifies the length of the most specific IP prefix that the AS is authorised to advertise. When it is not set, the AS is only authorised to advertise exactly the prefix specified. Any more specific announcement of the prefix will be considered unauthorised. This is a way to enforce aggregation and prevent hijacking through the announcement of a more specific prefix.

Read more here: https://www.ripe.net/manage-ips-and-asns/resource-management/certification/resource-certification-roa-management


Refer to the guides below for ROA creation at specific Regional Internet Registry:

Did this answer your question?