Route filtering and RPKI
As referred in the IRR concept page, network operators use IRR records to configure backbone routers. In summary, it is the IRR records that provide information about IP prefixes and the autonomous systems (ASN) authorized to announce them. Then, network operators will apply filtering policies to avoid invalid announcements.
Considering this important role of IRR records, validation via Resource Public Key Infrastructure (RPKI) was introduced. With RPKI, the IP/ASN association is cryptographically validated before being passed on to the routers.
When registering your prefix under one of the five Regional Internet Registries (RIRs)1, you can generate a cryptographically-signed object called Route Origin Authorization (ROA). ROAs are public and you can use Cloudflare's RPKI Portal ↗ or other sources, such as Routinator ↗, to check your prefixes.
-
AFRINIC, APNIC, ARIN, LACNIC, and RIPE. ↩
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark