RPKI (Resource Public Key Infrastructure) is a cryptographic method that enhances the security of Internet routing, particularly the Border Gateway Protocol (BGP). It involves signing records that associate a route with an originating Autonomous System (AS) number. RPKI connects Internet number resource information, such as IP addresses and AS numbers, to a trust anchor, allowing legitimate holders of resources to control routing operations and prevent unauthorized announcements.
The system uses X.509 PKI certificates with extensions for IP addresses and AS identifiers, providing validatable proof of holdership without containing identity information. RPKI helps prevent accidental route leaks, mitigates incidents caused by human error or BGP optimization software, and reduces the risk of malicious IP resource hijacks that can lead to critical outages or fraudulent traffic manipulation.