Advancing RPKI: NRO RPKI Program in 2025 for Trust, Transparency and User Experience

The NRO RPKI Program aims to provide a more consistent and uniformly secure, resilient and reliable RPKI service. For 2025, the RPKI Steering Group, which includes RPKI experts from the five RIRs, set out to work on two main areas:

1. Enhancing the transparency, robustness and security of the RPKI system.
2. Increasing the consistency of the RPKI system user experience across RIRs.

Our first objective is to gain a better understanding and make progress toward improved transparency, robustness, and security of the RPKI system, with a key focus on publishing a consultation for the technical community that puts forth a solution to current concerns regarding the RPKI trust anchor configuration. The RIRs are working on a formal specification to communicate Internet Number Resources (INR) constraints for each Trust Anchor. A draft of this specification will be shared with the technical community later this year for feedback and discussion, and keep your eyes peeled for a blog article that will share more about the specification.

For our second objective, we hope to increase the consistency of the RPKI system user experience. This involves consolidating RPKI-related documentation, standardising terminology, and aligning on recommended best practices. As part of this objective, we have agreed on a list of RPKI features and services that we consider to be core to the RPKI system:

• Hosted service
• Delegated service
• API for ROA management
• ASPAs through Member portal
• ASPAs through API
• Short-lived Trust Anchor certificates

In the second half of 2025, we plan to publish a roadmap for these core features and services to be offered by all RIRs.

The RPKI Steering Group has also agreed on a set of features that we believe would be nice to have in future releases, and will work toward implementing those across RIRs when possible:

• Hybrid service (Publication as a service)
• Signed Trust Anchor Locator
• RPKI Signed Checklists
• BGPsec
• Testing environment

Additionally, we have been working on a comprehensive gap analysis of RPKI user interfaces across all RIRs. We have also published an RPKI content repository that contains links to relevant RPKI content from the five RIRs. In the coming months, we will publish a document that summarises the process of creating a Route Origin Authorisation (ROA) through each RIR.

If you would like to get in touch with the RPKI Steering Group, please email rpki_program@nro.net. For more news on the NRO RPKI Program and its outcomes, please watch out for our next blog article.