Resource Public Key Infrastructure (RPKI)
- Created
- 2011-09-08
- Last Updated
- 2025-09-19
- Available Formats
-
XML
HTML
Plain text
Registries Included Below
- RPKI Signed Objects
- RPKI Repository Name Schemes
- rpki-rtr-pdu
- rpki-rtr-error
- rpki-rtr-afi
- BGPsec Capability
- BGPsec_Path Flags
- BGPsec Algorithm Suites
RPKI Signed Objects
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC6488]
- Note
-
Objects of the types listed in this registry, as well as RPKI resource certificates and CRLs, are expected to be validated using the RPKI. - Available Formats
-
CSV
| Name | OID | Reference |
|---|---|---|
| Route Origination Authorization | 1.2.840.113549.1.9.16.1.24 | [RFC9582] |
| Manifest | 1.2.840.113549.1.9.16.1.26 | [RFC9286] |
| Ghostbusters | 1.2.840.113549.1.9.16.1.35 | [RFC6493] |
| Autonomous System Provider Authorization (TEMPORARY - registered 2021-11-08, extension registered 2025-09-19, expires 2026-11-08) | 1.2.840.113549.1.9.16.1.49 | [draft-ietf-sidrops-aspa-profile-16] |
| Trust Anchor Key | 1.2.840.113549.1.9.16.1.50 | [RFC9691, Section 2.1] |
| Signed Checklist | 1.2.840.113549.1.9.16.1.48 | [RFC9323] |
RPKI Repository Name Schemes
- Registration Procedure(s)
-
IETF Review
- Reference
- [RFC6481]
- Available Formats
-
CSV
| Filename Extension | RPKI Object | Reference |
|---|---|---|
| .asa | Autonomous System Provider Authorization (TEMPORARY - registered 2021-11-08, extension registered 2025-09-19, expires 2026-11-08) | [draft-ietf-sidrops-aspa-profile-16] |
| .cer | Certificate | [RFC6481] |
| .crl | Certificate Revocation List | [RFC6481] |
| .gbr | Ghostbusters Record | [RFC6493] |
| .mft | Manifest | [RFC6481] |
| .roa | Route Origination Authorization | [RFC9582] |
| .sig | Signed Checklist | [RFC9323] |
| .tak | Trust Anchor Key | [RFC9691] |
rpki-rtr-pdu
- Registration Procedure(s)
-
RFC Required (Standards Track or Experimental)
- Reference
- [RFC6810]
- Available Formats
-
CSV
| Protocol Version | PDU Type | Description | Reference |
|---|---|---|---|
| 0-2 | 0 | Serial Notify | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 1 | Serial Query | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 2 | Reset Query | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 3 | Cache Response | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 4 | IPv4 Prefix | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 5 | Unassigned | |
| 0-2 | 6 | IPv6 Prefix | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 7 | End of Data | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 8 | Cache Reset | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0 | 9 | Reserved | [RFC8210] |
| 1-2 | 9 | Router Key | [RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 10 | Error Report | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 0-1 | 11 | Reserved | [RFC8210][RFC-ietf-sidrops-8210bis-10] |
| 2 | 11 | ASPA | [RFC-ietf-sidrops-8210bis-10] |
| 0-2 | 12-254 | Unassigned | |
| 0-2 | 255 | Reserved | [RFC6810][RFC8210][RFC-ietf-sidrops-8210bis-10] |
rpki-rtr-error
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Keyur Patel (Primary), John G. Scudder (Secondary)
- Reference
- [RFC6810]
- Available Formats
-
CSV
| Error Code | Description | Reference |
|---|---|---|
| 0 | Corrupt Data | [RFC6810] |
| 1 | Internal Error | [RFC6810] |
| 2 | No Data Available | [RFC6810] |
| 3 | Invalid Request | [RFC6810] |
| 4 | Unsupported Protocol Version | [RFC6810] |
| 5 | Unsupported PDU Type | [RFC6810] |
| 6 | Withdrawal of Unknown Record | [RFC6810] |
| 7 | Duplicate Announcement Received | [RFC6810] |
| 8 | Unexpected Protocol Version | [RFC8210] |
| 9-254 | Unassigned | |
| 255 | Reserved | [RFC6810] |
rpki-rtr-afi
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Unassigned
- Reference
- [RFC-ietf-sidrops-8210bis-10]
- Available Formats
-
CSV
| Bit | Bit Name | Reference |
|---|---|---|
| 0 | AFI (IPv4 == 0, IPv6 == 1) | [RFC-ietf-sidrops-8210bis-10] |
| 1-7 | Reserved, MUST be zero | [RFC-ietf-sidrops-8210bis-10] |
BGPsec Capability
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC8205]
- Available Formats
-
CSV
| Bits | Field | Reference |
|---|---|---|
| 0-3 | Version Value = 0x0 |
[RFC8205] |
| 4 | Direction (Both possible values 0 and 1 are fully specified by [RFC8205]) |
[RFC8205] |
| 5-7 | Unassigned Value = 000 (in binary) |
[RFC8205] |
BGPsec_Path Flags
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC8205]
- Available Formats
-
CSV
| Flag | Description | Reference |
|---|---|---|
| 0 | Confed_Segment Bit value = 1 means Flag set (indicates Confed_Segment) Bit value = 0 is default |
[RFC8205] |
| 1-7 | Unassigned Value: All 7 bits set to zero |
[RFC8205] |
BGPsec Algorithm Suites
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC8608]
- Available Formats
-
CSV
| Algorithm Suite Identifier | Digest Algorithm | Signature Algorithm | Reference |
|---|---|---|---|
| 0x00 | Reserved | Reserved | [RFC8608] |
| 0x01 | SHA-256 | ECDSA P-256 | [National Institute of Standards and Technology (NIST), U.S. Department of Commerce, "Digital Signature Standard", FIPS Publication 186-4, July 2013.][National Institute of Standards and Technology (NIST), U.S. Department of Commerce, "Secure Hash Standard", FIPS Publication 180-4, August 2015.][RFC6090][RFC8608] |
| 0x02-0xF6 | Unassigned | Unassigned | |
| 0xF7-0xFA | Experimentation | Experimentation | [RFC8608] |
| 0xFB-0xFE | Documentation | Documentation | [RFC8608] |
| 0xFF | Reserved | Reserved | [RFC8608] |