Resource Public Key Infrastructure

Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure.

RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP addresses) to a trust anchor. The certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by the IANA to the Regional Internet Registries (RIRs), who in turn distribute them to Local Internet registries (LIRs), who then distribute the resources to their customers. RPKI can be used by the legitimate holders of the resources to control the operation of Internet to prevent route hijacking and other attacks. In particular, RPKI is used to secure the (BGP) through BGPSEC, as well as (ND) for IPv6 through the Secure Neighbor Discovery Protocol (SEND).

The RPKI architecture is documented in RFC 6480. The RPKI specification is documented in a spread out series of RFCs: RFC 6481, RFC 6482, RFC 6483, RFC 6484, RFC 6485, RFC 6486, RFC 6487, RFC 6488, RFC 6489, RFC 6490, RFC 6491, RFC 6492, and RFC 6493. SEND is documented in RFC 6494 and RFC 6495. These RFCs are a product of the IETF's sidr working group, and are based on a threat analysis which was documented in RFC4593. These standards cover BGP origin validation, while work on path validation (BGPSEC) is underway. Several implementations for prefix origin validation already exist.

...
Wikipedia