An Infrastructure to Support Secure Internet Routing
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
M. Lepinski, S. Kent · 2012-02
Abstract
RFC 6480 describes the Resource Public Key Infrastructure (RPKI), a hierarchical PKI that binds IP address blocks and AS numbers to cryptographic key pairs. RPKI certificates are issued by Regional Internet Registries (RIRs) and enable cryptographic validation of IP resource holdings. The infrastructure supports Route Origin Authorizations (ROAs) and BGPsec path signatures.
Why This RFC Matters
RPKI addresses the fundamental lack of authentication in BGP: any AS can originate any prefix, enabling route hijacks (accidental or malicious). By issuing ROAs that cryptographically attest which AS is authorized to originate a given prefix, RPKI enables routers to perform Route Origin Validation (ROV) and reject invalid announcements. Adoption has grown rapidly since 2019, with major carriers and cloud providers deploying ROV-based filtering, significantly reducing the impact of BGP hijacking incidents.