What is RPKI?

Basically, RPKI (Resource Public Key Infrastructure) is a security framework that proves that network operators or IP resource owners, do have a right to use the IP blocks.

How does RPKI work?

Trusted Certification Authorities (CA) issue certificates to IP owners, and stores them in the IRR database. ISP checks these databases, and if a specific subnet doesn't have an RPKI certificate issued to them, or is announced from different ASN, they can drop announcements and all traffic from these subnets. By doing so stopping possible IP hijacking.

Why do you need RPKI?

There are already a few big ISPs that drop announcements and traffic from sources that do not have RPKI. That might limit access from part of the internet.

Did this answer your question?