What is
RPKI?
RPKI is a security framework that verifies the authenticity of BGP route announcements, preventing route hijacking and BGP attacks.
Why it
matters.
RPKI prevents attackers from hijacking your IP address space by announcing unauthorized routes. This is critical for infrastructure security. Without RPKI, attackers can redirect traffic intended for your domain to malicious servers, even if DNS and other security measures are in place.
What can
go wrong.
Without RPKI: attackers can hijack your IP address space, redirect all traffic to malicious servers, intercept communications, and cause widespread service disruption. Route hijacking is a serious threat to internet infrastructure.
Technical
details.
RPKI checks verify: 1) Route Origin Authorization (ROA) records exist for your IP address space, 2) Route announcements are valid according to RPKI. ROA records specify which ASNs are authorized to announce specific IP prefixes. Invalid announcements are rejected by RPKI-validating networks.
Check your domain’s
RPKI status.
Run a free security check to see how your domain scores across all sixteen checks, including RPKI validation.