The NRO RPKI Program aims to provide a more consistent and uniformly secure, resilient and reliable RPKI service. In 2025, the RPKI Steering Group, which includes RPKI experts from all five Regional Internet Registries (RIRs), are set to work on two main areas:
- Enhancing the transparency, robustness and security of the RPKI system
- Increasing the consistency of the RPKI system user experience across RIRs
Our first objective is to gain a deeper understanding and make progress toward improving the transparency, robustness, and security of the RPKI system, with a key focus on publishing a consultation for the technical community that proposes a solution to current concerns regarding the RPKI Trust Anchor (TA) configuration. The RIRs are working on a formal specification to communicate Internet number resource (INR) constraints for each TA. A draft of this specification will be shared with the technical community later this year for feedback and discussion. Please keep an eye out for a blog article that will provide more information about the specification.
Through our second objective, we hope to increase the consistency of the RPKI system user experience. This involves consolidating RPKI-related documentation, standardizing terminology, and aligning on recommended best practices. As part of this objective, we have agreed on a list of RPKI features and services that we consider to be core to the RPKI system:
- Hosted service
- Delegated service
- API for ROA management
- ASPAs through the member portal
- ASPAs through API
- Short-lived TA certificates
In the second half of 2025, we’ll publish a roadmap for these core features and services to be offered by all RIRs.
The RPKI Steering Group has also agreed on a set of features that we believe would be nice to have in future releases, and will work toward implementing those across RIRs when possible:
- Hybrid service (publication as a service)
- Signed Trust Anchor Locator
- RPKI Signed Checklists
- BGPsec
- Testing environment
Additionally, we have been working on a comprehensive gap analysis of RPKI user interfaces across all RIRs. We have also published an RPKI content repository that contains links to relevant RPKI content from all RIRs. In the coming months, we will publish a document that summarizes the process of creating a Route Origin Authorization (ROA) through each RIR.
If you would like to get in touch with the RPKI Steering Group, please email rpki_program@nro.net. For more news on the NRO RPKI Program and its outcomes, please stay tuned for our next blog article.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.