We will discuss the importance of securing and validating prefix/subnet announcements using the RPKI infrastructure and the ROA. This discussion will review how they work, why they matter, and how to implement them.
Internet routing protocols were designed with a weak security posture, creating vulnerable attack vectors via route hijacking. We’ll break down how RPKI works at a practical level, including certificate hierarchy, ROA creation, and route validation states (valid, invalid, not found). We’ll walk through real-world examples of route leaks and hijacks, showing how RPKI can prevent or mitigate these events. Attendees will leave with a clear understanding of how to implement RPKI/ROA in their environment and immediately improve routing security.
