Creating ROAs for the same ASN

The RPKI module can be accessed from the [Services] / [RPKI] option in the context menu.

In the RPKI section you will find the ROA creation interface. The option “Create ROAs for the same ASN” will allow you to create one or more ROAs for the same ASN: 

The first step for creating the ROAs is to enter the following information:

• [Autonomous System]: Enter the ASN that will advertise the block.
• [Prefix/Length-MaxLength]: Enter the block and prefix for which you will create the ROA, followed by the prefix of the most specific block for which you wish to allow announcements.

In the example, the ASN is 264845, 201.219.252.0 represents the first IP of the block, “/23” is the block prefix, and “-24” is the prefix of the most specific block you wish to allow to be advertised with the ROA.

In this example, the ROA validates the advertisement for the 201.219.252.0/23 block via AS264845. More specific blocks up to a /25 are also allowed, such as 201.219.252.0/24 and 201.219.253.0/24 via AS264845. The advertisement for block 201.219.252.0/22 will be classified as “Not found,” as the ROA is not defined for blocks larger than 201.219.252.0/23. An advertisement via a different ASN will be Invalid.

To continue creating the ROA, click [Save].

Once you click [Save], you will have the option to [Confirm], [Preview]or [Cancel] the changes.

By clicking [Confirm], the specified ROAs will be created.

If you wish to preview how the ROA will affect your announcements before confirming the changes, select [Preview]. For more information on how the preview feature works, go to: [LINK TO “PREVIEW”]