What is ROA?

What is ROA?

A Route Origin Authorisation (ROA) is a cryptographically signed object that states which Autonomous System (AS) is authorized to originate a certain prefix. This means ROAs say something about the BGP announcements that are done with your address space.

A ROA contains three informational elements:

  • The AS Number that is authorized
  • The prefix that may be originated from the AS
  • The Maximum Length of the prefix

Maximum Length specifies the length of the most specific IP prefix that the AS is authorized to advertise. When it is not set, the AS is only authorized to advertise exactly the prefix specified. Any more specific announcement of the prefix will be considered unauthorized. This is a way to enforce aggregation and prevent hijacking through the announcement of a more specific prefix.

Refer to the guides below for ROA creation at specific Regional Internet Registry:

Was this article helpful?

Still need help?

Heficed Slack Community

Get involved in Heficed Slack community. Get updates, ask questions, connect with peers.

Heficed Slack

Need support?

If you need any further help, don't hesitate to send a support request to our support team.