What is ROA?

ROA stands for Route Origin Authorization — a cryptographically signed object in the RPKI system that authorizes a specific Autonomous System (AS) to originate a particular IP prefix in BGP.

Key Fields:

• Prefix: The IP block being authorized (e.g., 203.0.113.0/24)
• Origin AS: The AS number allowed to announce the prefix (e.g., AS12345)
• Max Length: The maximum prefix length that can be announced (e.g., /24 allows 203.0.113.0/24, but not /25)
• Validity Period: Start and end dates for the ROA’s validity

Purpose:

ROAs are used by routers and validators to determine if BGP announcements are valid, helping to prevent route leaks and hijacks.

Example:

A ROA might state:
“AS64500 is authorized to announce 192.0.2.0/24 with max length /24.”

Without a matching ROA, a route may be marked as Invalid during RPKI validation.