RPKI chain of trust

Alex Band alex at nlnetlabs.nl
Wed Aug 26 08:39:04 UTC 2020


Perhaps this clarifies things:

https://rpki.readthedocs.io/en/latest/rpki/introduction.html#mapping-the-resource-allocation-hierarchy-into-the-rpki

As well as this section:

https://rpki.readthedocs.io/en/latest/rpki/securing-bgp.html

Cheers,

Alex

> On 26 Aug 2020, at 10:25, Fabiano D'Agostino <fabiano.dagostino96 at gmail.com> wrote:
> 
> Good morning everyone,
> I have a doubt about RPKI chain of trust. The 5 RIRs hold a self-signed root certificate for all the resources they have in the registry. The root certificate is used to sign the LIR's certificates that lists LIR's resources. LIRs use their private key to sign ROAs. LIR's public key is used to verify ROAs signatures and RIRs public key is used to verify LIR's signatures.
> 
> Is this correct?
> 
> Thanks in advance,
> 
> Fabiano




More information about the NANOG mailing list