A Default Validation Policy for the use of RPKI Manifests in the global Internet Routing System.

Document Type Expired Internet-Draft (individual)
Author Job Snijders 
Last updated 2020-11-16 (latest revision 2020-05-04)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text xml htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Manifests are a critical cornerstone to the global Resource Public Key Infrastructure (RPKI). RFC 6486 describes a validation decision tree which introduced the notion of 'local policy', creating space for ambiguity. This ambiguity has led to various RPKI implementations producing different output when presented with the same input, but also leads to severe operational security implications. This document updates RFC 6486 and introduces the notion of a default policy for Manifest validation to encourage harmony between implementations.


Job Snijders (job@ntt.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)