Avoiding Route Origin Authorizations (ROAs) Containing Multiple IP Prefixes

Avoiding Route Origin Authorizations (ROAs) Containing Multiple IP Prefixes CNNIC IIJ Research Lab & Arrcus, Inc. Jinan University RIPE NCC CNNIC When using the Resource Public Key Infrastructure (RPKI), address space holders need to issue Route Origin Authorization (ROA) object(s) to authorize one or more Autonomous Systems (ASes) to originate BGP routes to IP address prefix(es). This memo discusses operational problems that may arise from ROAs containing multiple IP prefixes and recommends that each ROA contain a single IP prefix.