Creating multiple ROAs

Select the [Services] / [RPKI] option on the organization's context menu to access the section for creating ROAs and managing the details for RPKI:

In the RPKI section you will find the ROA creation interface. Go to the “Create multiple ROAs” section located in the lower left part of the interface, where you will be able to create the corresponding ROAs.

Create multiple ROAs

This option allows users to create various ROAs for different ASNs, as well as to define the *maximum length of the prefix to be announced for each ROA that is generated.

This section provides useful information for generating ROAs using this tool. Lines beginning with # will not be considered for the ROA. It also details the resources of your organization for which it is possible to register ROAs and includes examples of acceptable formats.

* What is the "maximum length"? The maximum prefix that can be advertised regardless of the selected parent block.

Example: /22-24 specifies that the maximum range is a /24, so the ROA accepts that each of the /24s that make up the /22 can be announced independently. Instead, if this was /22-22, it would only be possible to announce the /22 block in its entirety, not divided into parts.

Creation (step by step):

The first step for creating the ROAs is to enter the following information:

• [Prefix/Length-MaxLengthASN]: Enter the block and prefix for which you will create the ROA, followed by the prefix of the most specific block for which you wish to allow announcements. To continue creating the ROA, click [Save].

• Once you click [Save], you will have the option to [Confirm], [Preview], or [Cancel] the changes.

• If you wish to preview the effect the ROA will have on your announcements before confirming the changes, select [Preview]. For more information on how the preview feature works, go to: [LINK TO PREVIEW]

Note: In the example, the ASN is 264845, 201.219.252.0 represents the first IP of the block, “/23” is the block prefix, and “-24” is the prefix of the most specific block you wish to allow to be advertised with the ROA (maximum length).

In this example, the ROA validates the advertisement for the 201.219.252.0/23 block via AS264845. More specific blocks up to a /24 are also allowed, such as 201.219.252.0/24 and 201.219.253.0/24 via AS264845. The advertisement for block 201.219.252.0/22 will be classified as “Not found,” as the ROA is not defined for blocks larger than 201.219.252.0/23. Finally, an advertisement via a different ASN will be Invalid.

• Once you confirm the changes, a pop-up notification will appear: “ROAs successfully created”. This means that the changes have been saved and will appear in the “List of ROAs managed by my Organization,” which you can access from the context menu to the right of the RPKI interface.