A Profile for Route Origin Authorizations (ROAs)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
M. Lepinski, S. Kent, D. Kong · 2012-02
Abstract
RFC 6482 defines the format and validation rules for Route Origin Authorizations (ROAs) within the RPKI framework. A ROA is a signed object that authorizes one or more AS numbers to originate specific IP prefixes, optionally with a maximum prefix length constraint. ROAs are published in RPKI repositories and validated by relying-party software before being consumed by BGP routers.
Why This RFC Matters
ROAs are the core operational artifact of RPKI-based BGP security. By creating a ROA, a network operator makes a cryptographically verifiable statement about which AS is authorized to originate their address space. Routers performing Route Origin Validation (ROV) compare BGP announcements against the validated ROA cache from relying-party software (such as Routinator or OctoRPKI) and mark routes as Valid, Invalid, or NotFound. Invalid routes are typically dropped, preventing prefix hijacks from propagating.