How to Issue ROA in APNIC

Issuing ROAs via APNIC’s LIR portal is easy:

1. Log in to https://myapnic.net using your account.

2. In the menu at the top, click Resources – RPKI.

3. Check what IP resources you want to be covered by ROA.

4. If you have the RPKI engine enabled, click here under RPKI.

Arrow pointing to a link in APNIC's RPKI  menu.

5. If it is your first time issuing a ROA, you will see the screen where APNIC’s NCC offers to create Certificate Authority for your LIR. Select I want to operate in the MyAPNIC RPKI portal and click Next.

APNIC'S Enable Resource Certification form.

6. Click I accept. Create my Certification Authority.

I accept. Create my Certification Authority button in APNIC's RPKI menu.

NOTE: You may be asked to set up a TOTP login in My profile > TOTP to complete the steps above. Also, if you don‘t agree with APNIC’s agreement, you will not be able to issue ROAs for your IP resources.

7. If you agreed to the APNIC’s agreement, wait until the RPKI engine is activated.

8. Afterward, go to Resources > Routes and click Create a route.

9. Enter the following information:

  • AS number you allow to announce your IP resources via BGP. If you wish that Heficed announces your IP resources, type 61317.
  • Address prefix you want to be announced (e.g., 9.9.9.0/22).
  • The most specific length allowed to announce. This must be 24, because if, for example, you type 22 , AS61317 will announce 9.9.9.0/22 but not more specific prefixes. Therefore, if AS61317 tries to announce prefix 9.9.9.0/24, the announcement will be marked as invalid.
  • Check the ROA box so that ROA would be created for the route

NOTE: Heficed requires you to use 24 as the most specific prefix.

Create route form in APNIC's Create a route menu.

10. Click Next.

11. Select the sub-routes (by default, all are enabled) and click Submit. After this, you should see the message below.

Your deletion request was submitted for processing message after clicking Submit.

12. To review the progress of routes and ROA, click Requests.

Requests button highlighted in MyAPNIC Routes menu.

Here, you can see the progress of ROA and route management. If you see a green checkmark associated with a Create Route task, and you can see the route in the Routes page (image above), ROA was created.

Green checkmarks indicating which ROAs were created in APNIC.

NOTE: Delete your ROAs carefully! You can delete the previously created ROAs but keep in mind that providers who follow RPKI strictly might drop the announcements of your IP resources. This usually happens in a couple of hours and forces the Internet services assigned with your IP resources to stop working.

Related articles:

Was this article helpful?

Still need help?

Heficed Slack Community

Get involved in Heficed Slack community. Get updates, ask questions, connect with peers.

Heficed Slack

Need support?

If you need any further help, don't hesitate to send a support request to our support team.