nanog mailing list archives

Re: RPKI chain of trust

From: Alex Band <alex () nlnetlabs nl>
Date: Wed, 26 Aug 2020 10:39:04 +0200

Perhaps this clarifies things:

https://rpki.readthedocs.io/en/latest/rpki/introduction.html#mapping-the-resource-allocation-hierarchy-into-the-rpki

As well as this section:

https://rpki.readthedocs.io/en/latest/rpki/securing-bgp.html

Cheers,

Alex

On 26 Aug 2020, at 10:25, Fabiano D'Agostino <fabiano.dagostino96 () gmail com> wrote:

Good morning everyone,
I have a doubt about RPKI chain of trust. The 5 RIRs hold a self-signed root certificate for all the resources they 
have in the registry. The root certificate is used to sign the LIR's certificates that lists LIR's resources. LIRs 
use their private key to sign ROAs. LIR's public key is used to verify ROAs signatures and RIRs public key is used to 
verify LIR's signatures.

Is this correct?

Thanks in advance,

Fabiano

Current thread:

RPKI chain of trust Fabiano D'Agostino (Aug 26)
- Re: RPKI chain of trust Alex Band (Aug 26)
  - Re: RPKI chain of trust Fabiano D'Agostino (Aug 26)
    - Re: RPKI chain of trust Alex Band (Aug 26)