What are RPKI and ROA, and what does a ROA authorize?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

What are RPKI and ROA, and what does a ROA authorize?

Explanation:
RPKI is a PKI-based framework that cryptographically binds IP prefixes to the autonomous systems that originate them. The key artifact is the Route Origin Authorisation, a signed statement that allows a specific AS to originate a given prefix (and it can specify a maximum prefix length). Validators pull ROAs from trusted repositories, and routers use that data to determine whether a BGP route is valid, invalid, or unknown based on whether its origin matches a ROA. This mechanism helps prevent misoriginations and prefix hijacks by ensuring only authorized origins can announce a prefix. ROAs do not encrypt BGP updates or sign the path; they authorize the origin only. They are not hardware devices but signed objects used within the RPKI framework. In short, RPKI provides the trust framework, and a ROA explicitly authorizes a particular AS to originate a specific prefix (within the allowed length).

RPKI is a PKI-based framework that cryptographically binds IP prefixes to the autonomous systems that originate them. The key artifact is the Route Origin Authorisation, a signed statement that allows a specific AS to originate a given prefix (and it can specify a maximum prefix length). Validators pull ROAs from trusted repositories, and routers use that data to determine whether a BGP route is valid, invalid, or unknown based on whether its origin matches a ROA. This mechanism helps prevent misoriginations and prefix hijacks by ensuring only authorized origins can announce a prefix. ROAs do not encrypt BGP updates or sign the path; they authorize the origin only. They are not hardware devices but signed objects used within the RPKI framework. In short, RPKI provides the trust framework, and a ROA explicitly authorizes a particular AS to originate a specific prefix (within the allowed length).

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy