How to Issue ROA in RIPE

Issuing ROAs via RIPE’s LIR portal is easy:

  1. Log in to https://my.ripe.net using your account.
  2. In the menu on the left, click Resources and then My Resources.
  3. Check what IP resources you want to be covered by ROA.
  4. Click Resources and then RPKI Dashboard.

    If it is your first time issuing a ROA, you will see a screen where RIPE NCC offers to create Certificate Authority for your LIR.
    Read the Terms and Conditions carefully. In Article 2, you can select Hosted to choose the hosted type of certificate authority, which ensures easier ROA management with RIPE NCC.
    If you agree with the Terms and Conditions, click the I accept. Create my Certificate Authority button. If you do not agree with RIPE‘s conditions, you will not be able to issue ROAs for your IP resources.

  5. If you agree with RIPE’s conditions, wait for the RPKI dashboard to load. In the BGP Announcements tab, you should see all AS numbers that are currently announcing your IP resources regardless of whether or not any ROAs were issued earlier. To issue a new ROA, move to the Route Origin Authorisations (ROAs) tab and click the +New ROA button:
  6. Enter the following information:
    • AS number you allow to announce your IP resources via BGP. If you wish that Heficed announces your IP resources, type 61317.
    • Address prefix you want to be announced (e.g., 9.9.9.0/22).
    • The most specific length allowed to announce. This must be 24, because if, for example, you type 22, AS61317 will announce 9.9.9.0/22 but not more-specific prefixes. Therefore, if AS61317 tries to announce prefix 9.9.9.0/24, the announcement will be marked as invalid.

      NOTE: Heficed requires you to use 24 as the most specific prefix.

  7. Click the Floppy Disk (Save) icon on the right.

    You have created and saved a ROA for your IP resources. For it to take effect, you need to publish it.

  8. Once you save your ROA, you should find the Review and Publish pop-up in the bottom right corner of the screen. Click it. Review your saved ROA, and if you are sure that no mistakes were made, click Publish.

    NOTE: Delete your ROAs carefully! You can delete previously created ROAs, but keep in mind that providers who follow RPKI strictly might drop the announcements of your IP resources (usually this happens in a couple of hours), forcing the Internet services assigned with your IP resources to stop working.

Was this article helpful?

Still need help?

Heficed Slack Community

Get involved in Heficed Slack community. Get updates, ask questions, connect with peers.

Heficed Slack

Need support?

If you need any further help, don't hesitate to send a support request to our support team.