APRICOT is returning to Indonesia in 2026!
Registration for APRICOT 2026, taking place from 4 to 12 February 2026 at the Sheraton Gandaria City in Jakarta, Indonesia, is now open! APNIC Members are entitled to a 30% registration discount. Don’t miss this opportunity to join Internet leaders from across the Asia Pacific and beyond, share your expertise by submitting a presentation, and help shape the future of the global Internet. Register today and be part of APRICOT 2026!
The Border Gateway Protocol (BGP) underpins global Internet routing, but was not designed with inherent security. Its ‘trust by default’ model leaves networks vulnerable to accidental leaks and malicious route hijacks, where one network falsely claims another’s BGP prefix. To mitigate these risks, the Internet operations community has deployed Resource Public Key Infrastructure (RPKI), which relies on two complementary mechanisms: Route Origin Authorization (ROA) and Route Origin Validation (ROV).
ROAs are cryptographically signed objects by resource holders specifying which Autonomous System Number (ASN) is authorized to originate a particular prefix. ROV is the process by which other networks verify these authorizations. While ROAs form the foundation of secure routing, their effectiveness depends on widespread ROV deployment — without it, signed ROAs provide limited practical protection.
Indonesia’s ROA coverage: From 66% to 90%
Recent APNIC Labs data shows that Indonesia’s ROA coverage has surged from 66.03% to 90.55% in the last three months, reflecting one of the most significant gains in South East Asia. This increase indicates that Indonesian networks are actively creating ROAs for their prefixes and participating in the global effort to secure routing.
In parallel, ROV adoption remains modest but is growing. Approximately 21.72% of Indonesian networks are currently performing ROV and dropping invalid prefixes, illustrating that networks are moving toward implementing RPKI-based policies to improve the security of Internet routing.
Gains and gaps in Asia
Globally, around 54% of prefixes are signed with ROAs, while in Asia, the figure stands at 45.20%, with Maldives, Bangladesh, Bhutan, Viet Nam, and Nepal achieving leading progress. Sub-regionally, South East Asia performs relatively strongly, with overall ROA coverage around 90.68%, driven by Viet Nam, the Philippines, and Malaysia. Indonesia’s jump to 90.55% highlights its emerging leadership in the subregion.
ROV adoption, however, is uneven. Globally, roughly 21.56% of networks implement ROV, compared to 8.35% in Asia and 15.39% in South East Asia. Myanmar leads the subregion at 62.59%, illustrating the potential for significant gains with concerted effort.
Avoiding common ROA creation mistakes
Mis-assigned origin ASNs, mismatched prefix lengths, or outdated ROAs can cause legitimate prefixes to be incorrectly flagged as invalid and dropped by networks with strict routing policies. To prevent this, ensure that each ROA’s origin AS and max length match the actual BGP announcements, update ROAs whenever network changes occur, and create separate ROAs for anycast or multiple origin ASNs. Regular monitoring and timely updates are essential to keep ROAs accurate and functioning correctly.
Looking forward
Indonesia’s rapid ROA coverage increase from 66% to 90% demonstrates the power of coordinated technical action. Coupled with growing ROV deployment, these efforts strengthen Internet routing security, reduce the risk of hijacks and leaks, and serve as an encouraging example for other Asia Pacific economies.
Given the current state of ROA and ROV adoption, focused action can help build a stronger Internet routing security:
- Expand ROA coverage to the remaining ~10% of prefixes in Indonesia.
- Encourage all networks and Internet Exchange Points (IXPs) to implement ROV.
- Promote best practices and tooling — use resources from APNIC and MANRS, as well as guidelines from the local registry, to lower the barrier to entry.
- Continuously monitor for INVALID prefixes, validator consistency, and routing changes.
- Support smaller and rural ISPs with resources or consultancy to ensure security improvements are inclusive.
With concerted effort, Indonesia can move from strong ROA coverage to leadership in validating routing integrity, helping secure both national and regional connectivity.
Check out the RPKI @ APNIC portal for more information on RPKI as well as useful deployment case studies, how-to posts, and links to hands-on APNIC Academy Online Courses and Virtual Labs.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.