Majority of Announced IPv6 Address Space Now Secured by ROAs

This post was originally published on the Internet Society Pulse website on 19 April 2022.

Internet measurement results from our friends at APNIC show that efforts to improve the security and resilience of the Internet’s routing system passed a significant milestone recently. More than 50% of advertised IPv6 address space has a valid Route Origin Authorisation (ROA). This means that now, for the first time, the majority of announced IPv6 address space is secured with RPKI.

This is a notable milestone in the evolution of the Internet towards a more resilient and secure foundation and should be celebrated. The overall figure masks some large regional disparities of course and it’s also worth noting that all regions of Africa, Eastern and Central Asia, and Southern Europe are all still some way away from reaching this threshold. The IPv4 Internet is also several years behind IPv6 as at the time of writing around 33% of announced IPv4 address space is secured by an accompanying ROA.

What is Route Origin Authorisation and why is it important?

A Route Origin Authorisation (ROA) is a cryptographically signed object that secures the binding between a network and a portion of Internet address space. For a network operator performing Route Origin Validation (ROV), ROAs provide the means to validate that a network originating a given portion of IP address space is authorised to make such an announcement. ROAs are a fundamental piece of making the Internet more secure for everyone. Learn more from these how-to videos.