🎯 RPKI is a critical security framework that protects your organization’s IP addresses from theft and misuse, similar to how property deeds protect real estate
💰 Financial impact is substantial – routing hijacks can lead to service outages, reputation damage, and lost revenue that can cost businesses millions
🚀 Strategic action required – implementing RPKI through services like “Publish in Parent” offers significant protection with minimal technical overhead
⚠️ Business risk – organizations without RPKI protection face increasing vulnerability as attackers become more sophisticated and regulatory requirements tighten
Imagine waking up to discover your company’s website is unreachable, your email is down, and customer data is potentially being intercepted – all because someone has effectively “stolen” your digital address. This nightmare scenario happens more frequently than you might think, and it’s precisely what Resource Public Key Infrastructure (RPKI) is designed to prevent.
In simple terms, RPKI is like a digital property deed and security system for your organization’s IP addresses. It verifies that your company is the legitimate owner of specific IP addresses and prevents others from fraudulently using them. Without this protection, your digital assets are vulnerable to hijacking, potentially leading to service disruptions, data theft, and significant reputational damage.
The stakes are particularly high today. As a leader at InterLIR, I’ve witnessed firsthand how IP address management has transformed from a purely technical concern into a critical business asset requiring executive attention. With IPv4 addresses becoming increasingly scarce and valuable (there are only 4.3 billion possible combinations, all of which have been allocated), securing these digital assets is now as important as protecting your physical infrastructure or intellectual property.
The business implications extend far beyond your IT department. Routing security affects your ability to maintain consistent service delivery, protect customer data, comply with emerging regulations, and maintain trust in your brand. In an era where digital presence is synonymous with business existence, RPKI represents a fundamental security layer that business leaders can no longer afford to ignore.
In this guide, I will break down what RPKI is in simple terms, explain why managing it correctly is critical for your business, and provide a clear roadmap for making smart decisions about implementing this security framework – even if you don’t have a technical background.
Let me take you back to the early days of the internet. In the 1980s, when the internet was primarily an academic and military network, IP addresses were distributed freely with little concern for scarcity. It was like a small town with plenty of street addresses to go around. Organizations could request large blocks of addresses with minimal justification, and the administrators of this system (which would later become Regional Internet Registries like RIPE NCC) happily obliged.
As the internet grew from a niche network to the backbone of global commerce, the situation changed dramatically. The IPv4 addressing system, with its limit of approximately 4.3 billion addresses, suddenly seemed inadequate for a world where not just computers but phones, cars, refrigerators, and countless other devices needed to connect. It’s similar to how a growing city might run out of telephone numbers or street addresses and need to create a new system.
This scarcity transformed IP addresses from simple technical identifiers into valuable business assets. At InterLIR, we’ve seen the market value of IPv4 addresses increase substantially, with prices rising from around $15 per address in 2015 to $27-50 in recent years. Organizations now lease, buy, and sell these addresses like real estate, and entire businesses (including ours) have emerged to facilitate this marketplace.
This shift from abundance to scarcity created a high-stakes market with hidden risks for unprepared businesses. When something becomes valuable, it also becomes a target. Just as valuable real estate attracts fraudsters and thieves, valuable IP address space attracts malicious actors who attempt to “steal” or “squat on” these digital addresses through a practice called BGP hijacking.
The challenge is that the original internet routing system (Border Gateway Protocol or BGP) was designed with trust as a fundamental assumption. It’s as if the early internet was built as a small town where everyone knew each other, but it now operates as a massive global city where trust alone is insufficient. RPKI emerged as a solution to this problem – a way to verify ownership and prevent unauthorized use of these increasingly valuable digital assets.
Implementing RPKI protection for your organization’s IP addresses is comparable to securing a valuable property. It requires a systematic approach that verifies ownership, establishes proper documentation, and ensures secure transactions. Let me walk you through how this works in practical terms.
Before implementing RPKI or acquiring new IP addresses, it’s crucial to understand their history. At InterLIR, we perform comprehensive background checks on all IP addresses in our marketplace. This includes verifying whether the addresses have been used for spam, are on blacklists, or have been associated with malicious activities. This step is similar to checking a used car’s history report before purchase – you want to ensure you’re not inheriting someone else’s problems.
For your existing IP addresses, this means working with your technical team or a specialized provider to verify the reputation and status of your address space. Clean IP addresses are essential for business operations, as addresses with poor reputations can lead to email delivery problems, website access issues, and other business disruptions.
RPKI creates a cryptographically verifiable chain of ownership for IP addresses, similar to how property deeds establish real estate ownership. This process involves working with your Regional Internet Registry (RIR) – organizations like RIPE NCC, ARIN, or APNIC that manage IP address allocation for different regions of the world.
The verification process creates what’s called a Route Origin Authorization (ROA) – essentially a digital certificate that proves your organization is the legitimate holder of specific IP addresses and authorizes particular networks (identified by Autonomous System Numbers or ASNs) to announce these addresses. This prevents unauthorized parties from claiming your address space in the global routing system.
Once ownership is verified, you need to implement the technical aspects of RPKI. This is where services like RIPE NCC’s “Publish in Parent” become valuable. This service allows organizations to maintain control over their RPKI certificates while leveraging the RIR’s infrastructure for publication – reducing technical complexity without sacrificing security.
There are two primary approaches to implementing RPKI:
| Implementation Approach | Description | Best For |
|---|---|---|
| Hosted CA | The RIR handles all technical aspects of certificate management | Organizations with limited technical resources |
| Delegated CA with Publish in Parent | Organization manages certificates but uses RIR for publication | Organizations wanting more control with reduced infrastructure requirements |
| Fully Delegated CA | Organization manages both certificates and publication infrastructure | Large organizations with specialized security teams |
For most businesses, the middle option provides an optimal balance of control and simplicity. It’s like having your own security system but contracting with a security company to monitor and respond to alerts.
When evaluating RPKI implementation, many organizations focus solely on the direct costs of the service. However, this narrow view fails to account for the substantial business risks of inadequate IP address security. Let me frame this in terms of business impact rather than technical details.
💸 Revenue loss from outages – When your IP addresses are hijacked, your services become unreachable. For e-commerce businesses, this can mean thousands or millions in lost sales per hour
🔥 Brand and reputation damage – If attackers use your hijacked IP addresses for spam or attacks, your organization’s reputation suffers. This can lead to blacklisting that persists long after the immediate incident is resolved
📉 Marketing ineffectiveness – Email campaigns sent from IP addresses with poor reputations often land in spam folders or are blocked entirely, wasting your marketing investments
👥 Operational disruption – IT teams forced to respond to routing incidents face significant distraction from strategic initiatives, creating opportunity costs beyond the immediate incident
⚖️ Regulatory exposure – As cybersecurity regulations evolve, organizations may face compliance issues if they haven’t implemented basic security measures like RPKI
Implementing RPKI through services like “Publish in Parent” represents a minimal investment compared to the potential costs of an incident. At InterLIR, we’ve seen organizations experience significant business disruptions due to routing security issues that could have been prevented with proper RPKI implementation.
Consider this real-world example: A mid-sized e-commerce company experienced a 12-hour routing hijack that made their website and payment processing systems unreachable. The direct revenue loss exceeded $150,000, but the long-term impact on customer trust was even more significant. Post-incident analysis revealed that implementing RPKI would have cost less than $5,000 annually – a 30x return on investment just from preventing this single incident.
The business case for RPKI implementation isn’t about technical compliance – it’s about business continuity, revenue protection, and brand preservation. When viewed through this lens, the investment becomes not just justifiable but essential.
For organizations leasing or purchasing IP addresses (as many InterLIR clients do), ensuring proper RPKI implementation is even more critical. These addresses represent significant investments that must be protected. Just as you would insure a new office building, you should secure your digital address space with appropriate protections.
As routing security continues to evolve, business leaders need a clear path forward. Let me outline both the emerging trends and a practical action plan for implementing RPKI in your organization.
🔮 Increasing regulatory focus – Government agencies are beginning to mandate routing security measures for critical infrastructure, with RPKI often featured as a baseline requirement
🔧 Expanded protection mechanisms – Beyond basic ROAs, new RPKI object types like ASPA (Autonomous System Provider Authorization) are being developed to provide more comprehensive protection
📈 Growing adoption creating network effects – As more organizations implement RPKI, its effectiveness increases, creating a virtuous cycle that enhances internet security for all participants
At InterLIR, we’re closely monitoring these developments to ensure our clients’ IP address assets remain secure and compliant with evolving standards. The RIPE NCC’s planned expansion to support additional RPKI object types after 2025 represents an important advancement in routing security that forward-thinking organizations should prepare for.
1️⃣ Assess your current posture – Ask your technical team about your organization’s current RPKI implementation status and any routing security incidents in the past 24 months
2️⃣ Inventory your digital assets – Create a comprehensive inventory of your organization’s IP addresses, including those acquired through various means (direct allocation, transfer, or lease)
3️⃣ Evaluate implementation options – Determine whether a Hosted CA, Delegated CA with Publish in Parent, or Fully Delegated CA best suits your organization’s needs and capabilities
4️⃣ Allocate resources – Budget for implementation costs, which are typically minimal compared to the value of the assets being protected
5️⃣ Implement and verify – Work with your technical team or a specialized provider like InterLIR to implement RPKI and verify its correct operation
For organizations with limited technical resources, services like RIPE NCC’s “Publish in Parent” offer an excellent balance of security and simplicity. At InterLIR, we help clients navigate these options and implement the most appropriate solution for their specific needs.
Remember that RPKI implementation is not a one-time project but an ongoing security practice. As your IP address holdings change through acquisition, lease, or reallocation, your RPKI implementation must be updated accordingly. Building this into your standard operating procedures ensures continuous protection.
The most successful organizations view IP address security not as a technical checkbox but as a fundamental business practice – similar to financial controls or physical security measures. By elevating RPKI implementation to this level of importance, you protect not just your technical infrastructure but your business continuity and brand reputation.
RPKI represents a critical but often overlooked component of business security in the digital age. As IP addresses have transformed from simple technical identifiers into valuable business assets, the need for verifiable ownership and protection has become essential. By implementing RPKI through services like “Publish in Parent,” organizations can significantly reduce their vulnerability to routing attacks while maintaining operational flexibility.
At InterLIR, we’ve seen firsthand how proper IP address security practices protect our clients’ digital assets and business operations. The relatively small investment in RPKI implementation provides substantial protection against potentially devastating routing incidents. As regulatory requirements evolve and cyber threats become more sophisticated, this protection will only become more valuable. I encourage you to make RPKI implementation a priority in your organization’s security strategy – not just as a technical measure, but as a fundamental business protection.
Evgeny Sevastyanov
Support Team Leader
A Beginner’s Guide to Subnetting IPv4 and IPv6 Addresses Subnetting is a critical
Why IPv4 Leasing Is Becoming the Smart Choice for Businesses in 2025 1. Introduction
As CEO of InterLIR, I’ve witnessed firsthand how network isolation strategies
What is an ASN? ASN stands for Autonomous System Number. It is a unique identifier
Anycast DNS: A Leader’s Guide to Protecting Your Digital Infrastructure Executive
RPKI Certification: A Leader’s Guide to Internet Routing Security Executive
Executive Summary: What You Need to Know 🎯 Strategic Importance – Internet
When AWS DynamoDB failed in October 2025, thousands of businesses discovered that
Executive Summary: What You Need to Know 🎯 IP reputation directly impacts your
Mastering Subnetting and Routing for Modern Networks Why Subnetting Matters in Today’s
