Regional Internet registries enhance the routing security
In order to mitigate border gateway protocol (BGP) hijacking risks, APNIC joined other regional Internet Registries (RIRs) such as ARIN, AfriNIC, RIPE NCC, in using resource public key infrastructure (RPKI), as well as to generate ‘AS0’ route origin authorization (ROA). ROA objects are cryptographically-signed binary structures that encode a list of Internet addresses and validate a specific origin-autonomous system. They are used for BGP route filtering and verification of the holder of IP address space to announce routes from a particular set of prefixes. ROA shows the state of received route announcement: valid, not found, and invalid. ‘AS0’ in ROA means that a prefix and all its more specific prefixes as invalid and should not to be used in a routing context.
This measure can greatly enhance the effectiveness of RPKI and routing security in general by network operators.