RPKI chain of trust

• Previous message (by thread): Recently Completed BGP Study on "Peerlock" Defensive Filtering
• Next message (by thread): RPKI chain of trust
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Good morning everyone,
I have a doubt about RPKI chain of trust. The 5 RIRs hold a self-signed
root certificate for all the resources they have in the registry. The root
certificate is used to sign the LIR's certificates that lists LIR's
resources. LIRs use their private key to sign ROAs. LIR's public key is
used to verify ROAs signatures and RIRs public key is used to verify LIR's
signatures.

Is this correct?

Thanks in advance,

Fabiano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200826/a4040547/attachment.html>

• Previous message (by thread): Recently Completed BGP Study on "Peerlock" Defensive Filtering
• Next message (by thread): RPKI chain of trust
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]