Skip to main content

On the Operational Granularity of RPKI ROA Management: Problem Statement and Requirements

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Yanbiao Li , Jiankang Yao , Di Ma
Last updated 2024-04-25 (Latest revision 2023-10-23)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


When using the Resource Public Key Infrastructure (RPKI) to perform route origin validation (ROV) with route origin authorizations (ROAs), there have been security and usability issues identified and reported. This memo revisits these issues from the perspective of the operational granularity of ROA management, demonstrates problems and their root cause with the existing ROA encoding scheme, summarizes design requirements to address them, and evaluates three potential solutions. Though neither of existing solutions satisfies all requirements, a hybrid solution composed of two existing schemes is recommended to use in ROA management.


Yanbiao Li
Jiankang Yao
Di Ma

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)