Route Origin Authorization (ROA)
- signed document mapping a certain network-prefix to a specific AS
- is a cryptographically signed object that states which Autonomous System (AS) is authorized to originate a certain prefix
ROA Components
|
ROA Component |
Description |
|---|---|
|
the AS Number that is authorized | |
|
the network-prefix that may be originated from the AS | |
|
Maximum Length |
the Maximum Length specifies the length of the most specific IP prefix that the AS is authorized to advertise. When it is not set, the AS is only authorized to advertise exactly the prefix specified. Any more specific announcement of the prefix will be considered unauthorized. This is a way to enforce aggregation and prevent hijacking through the announcement of a more specific prefix. |
ROA Examples
refer to: ROA - Examples