Internet routing security has become a critical factor for Internet stability and resilience. In this context, Resource Public Key Infrastructure (RPKI) has established itself as one of the most effective tools for preventing route hijacks and unauthorized BGP announcements, a problem that has historically affected Internet operation worldwide.
In our region, LACNIC has played a central role in RPKI adoption, promoting services, infrastructure, and applications that have enabled operators to protect their resources and enhance the reliability of Internet traffic.
What is RPKI and what is it used for?
RPKI is a cryptographic validation system that allows IP address and Autonomous System Number (ASN) holders to prove they are the legitimate owners of these resources and define which networks are authorized to advertise them on the Internet.
(Free access, no subscription required)
At the heart of the system are Route Origin Authorizations or ROAs, digital objects that link an IP prefix to an authorized ASN. Thanks to these records, routers can validate BGP advertisements and quickly detect configuration errors or route hijacking attempts.
In practical terms, RPKI reduces operational risk, helps prevent incidents with regional or global impact, and makes Internet routing more predictable.
A turning point in 2011
Although at a global level the definition of RPKI began in the mid-2000s (and was quickly standardized by the IETF), 2011 marked a turning point for our region. That year, LACNIC launched our own RPKI infrastructure, supported by code developed by RIPE NCC.
At the heart of the system are Route Origin Authorizations or ROAs, digital objects that link an IP prefix to an authorized ASN. Thanks to these records, routers can validate BGP advertisements and quickly detect configuration errors or route hijacking attempts.
In practical terms, RPKI reduces operational risk, helps prevent incidents with regional or global impact, and makes Internet routing more predictable.
A turning point in 2011
Although at a global level the definition of RPKI began in the mid-2000s (and was quickly standardized by the IETF), 2011 marked a turning point for our region. That year, LACNIC launched our own RPKI infrastructure, supported by code developed by RIPE NCC.
This initial development allowed LACNIC members to begin validating the origin of BGP routes and protecting themselves against hijacking incidents, laying the groundwork for a more proactive approach to routing security.
In countries such as Ecuador, both operators and Internet exchange points began deploying RPKI, integrating it as a best technical practice to strengthen network stability. Many other countries in the region quickly followed suit.
RPKI adoption in the LACNIC region
Recent studies published by LACNIC show sustained growth in RPKI adoption among its members, both in the number of protected prefixes and in the proportion of routes that are effectively validated.
Gráfica 1 – Cantidad de prefijos protegidos por RPKI en LACNIC
Figure 1: Number of LACNIC prefixes protected by RPKI
This progress reflects increased awareness of the importance of routing security and the growing maturity of operational practices among Internet service providers across the region.
Figure 2: Percentage of advertised routes protected by RPKI
Growth is particularly pronounced in IPv6, where adoption is typically faster due to newer network configurations and fewer legacy dependencies.
Following this trend
Over the past five years, RPKI adoption has grown steadily both globally and regionally. A study coordinated by LACNIC and the LACNOG technical community examines this evolution and compares the performance of Latin America and the Caribbean with that of other regions.
Prepared by Erika Vega, chair of the LACNOG Routing Working Group, and coordinated by Guillermo Cicileo of LACNIC, the study analyzes the differences between IPv4 and IPv6, adoption rates, and challenges.
Figure 3: Comparative evolution of RPKI adoption
Global vs. Latin America and the Caribbean
Our thoughts
RPKI has already become a critical service adopted by our community. The momentum provided by the NRO through its support and promotion programs has been key to accelerating its global deployment and consolidation.
Today, RPKI has entered a stabilization phase, where the focus is on strengthening operations, improving adoption, and preparing for the integration of new functionalities.
In its initial stage, RPKI concentrated on solving the most immediate and manageable problem: route origin validation. This objective has been largely achieved.
The challenge now is to move beyond the origin and explore mechanisms that allow the validation of additional elements of route paths, adding greater context and security across the different hops.
This next horizon marks a natural evolution of the model and offers relevant opportunities to further strengthen Internet routing security and resilience.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of LACNIC.
