APNIC W3C/MIT APNIC Unaffiliated NLnet Labs This document defines a Trust Anchor Locator (TAL) for the Resource Public Key Infrastructure (RPKI). TALs allow Relying Parties in the RPKI to download the current Trust Anchor (TA) CA certificate from one or more locations, and verify that the key of this self-signed certificate matches the key on the TAL. Thus, Relying Parties can be configured with TA keys, but allow these TAs to change the content of their CA certificate. In particular it allows TAs to change the set of Internet Number Resources included in the RFC3779 extension of their certificate. This document obsoletes the previous definition of Trust Anchor Locators in RFC 7730 by adding support for HTTPS URIs.