These RFCs are a product of the IETF's SIDR ("Secure Inter-Domain Routing") working group,[1] and are based on a threat analysis which was documented in RFC 4593.
Using the resource certificate, LIRs can create cryptographic attestations about the route announcements they authorise to be made with the prefixes and ASNs they hold.
[4] When a ROA is created for a certain combination of origin AS and prefix, this will have an effect on the RPKI validity[5] of one or more route announcements.
The system does not use a single repository publication point to publish RPKI objects.
In practice this means that when running a certificate authority, an LIR can either publish all cryptographic material themselves, or they can rely on a third party for publication.
[8] It is important for a relying party to regularly synchronize with all the publication points to maintain a complete and timely view of repository data.
[9][10] After validation of ROAs, the attestations can be compared to BGP routing and aid network operators in their decision-making process.
Quagga obtains this functionality through BGP Secure Routing Extensions (BGP-SRx)[15] or a RPKI implementation[16] fully RFC-compliant based on RTRlib.
The RTRlib[17] provides an open source C implementation of the RTR protocol and prefix origin verification.
[18] Developers can integrate the RTRlib into the BGP daemon to extend their implementation towards RPKI.