{"id":25792,"date":"2024-05-07T18:27:40","date_gmt":"2024-05-07T18:27:40","guid":{"rendered":"https:\/\/blog.lacnic.net\/?p=25792"},"modified":"2024-09-23T15:38:30","modified_gmt":"2024-09-23T15:38:30","slug":"rpki-rov-deployment-reaches-major-milestone","status":"publish","type":"post","link":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/","title":{"rendered":"RPKI ROV Deployment Reaches Major Milestone"},"content":{"rendered":"\n

Written by Doug Madory<\/strong><\/a>  &  Job Snijders<\/strong><\/a><\/p>\n\n\n\n

Originally published in <\/em>Kentik Blog<\/em><\/a><\/p>\n\n\n\n

Summary<\/p>\n\n\n\n

In this blog post, BGP experts Doug Madory of Kentik and Job Snijders of Fastly review the latest RPKI ROV deployment metrics in light of a major milestone.<\/p>\n\n\n\n

\n\n\n\n

As of today, May 1, 2024, internet routing security passed an important milestone. For the first time in the history of RPKI (Resource Public Key Infrastructure), the majority of IPv4 routes in the global routing table are covered by Route Origin Authorizations (ROAs), according to the NIST RPKI Monitor<\/a>. IPv6 crossed this milestone late last year.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

In light of this milestone, let\u2019s take the opportunity to update the figures for RPKI ROV (Route Origin Validation) adoption we\u2019ve been publishing in recent years.<\/p>\n\n\n\n

As you may already know, RPKI ROV continues to be the best defense against accidental BGP hijacks and origination leaks. For ROV to do its job (rejecting RPKI-invalid routes), two steps must be taken:<\/p>\n\n\n\n

    \n
  1. ROAs must be created<\/li>\n\n\n\n
  2. ASes must reject routes that aren\u2019t consistent with the ROAs.<\/li>\n<\/ol>\n\n\n\n

    The first part of this analysis<\/a> began when we explored the first step of ROV: ROA creation. Two years ago at NANOG 84, Doug presented his analysis which showed that we were, in fact, farther along in ROA creation than could be ascertained by analyzing BGP alone. Utilizing Kentik\u2019s aggregate NetFlow, he showed that the majority<\/em> of traffic (measured in bits\/sec) was heading to routes with ROAs, despite only one third<\/em> of BGP routes having ROAs.<\/p>\n\n\n\n

    Ultimate Guide to BGP Routing<\/strong><\/p>\n\n\n\n

    An effective BGP configuration is pivotal to controlling your organization\u2019s destiny on the internet. Learn the basics and evolution of BGP.<\/p>\n\n\n\n

    This discrepancy was due to the fact that major content providers and eyeball networks had completed RPKI deployments in recent years and account for a disproportionate share of internet traffic volume. Of course, traffic volume isn\u2019t the only criteria for achievement \u2014 there is plenty of traffic that is critical, but not voluminous (e.g., DNS). The idea was to simply provide another dimension to consider our progress in deploying RPKI ROV.<\/p>\n\n\n\n

    To measure the second step of ROV (rejection of invalids), we looked at the differences<\/a> in propagation based on a route\u2019s RPKI evaluation. The conclusion at the time was that invalid routes could achieve a propagation no greater than 50% of the BGP sources in Routeviews<\/a>, the public BGP repository from University of Oregon. Oftentimes invalids are propagated far less than 50% \u2014 it all depends on the upstreams involved.<\/p>\n\n\n\n

    The dramatic reduction in propagation of RPKI-invalid routes can be primarily attributed to the tier-1 backbone providers that reject invalids. These providers cast a long shadow with their outsized influence on internet routing. Regardless, the reduction in propagation is RPKI ROV doing its thing: suppressing problematic routes so they don\u2019t cause disruption.<\/p>\n\n\n\n

    ROA (Route Origin Authorization) creation update<\/p>\n\n\n\n

    As mentioned above, over 50% of IPv4 routes<\/a> in the global routing table now have ROAs and are evaluated as valid (with IPv6 at 52%<\/a>). Let\u2019s check what that means for Kentik\u2019s aggregate NetFlow.<\/p>\n\n\n\n

    According to our analysis two years ago<\/a>, we had roughly one third of routes with ROAs and just over 50% of internet traffic as \u201cvalid\u201d (traffic to routes evaluated as valid in bits\/sec). Now with over half of IPv4 routes with ROAs, our current aggregate NetFlow reveals a whopping 70.3% of internet traffic being valid!<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    How much higher can this metric go? It remains to be seen. As depicted below in another NIST diagram, the upward slope of the percentage of routes with ROAs has held remarkably steady for the past four years. It stands to reason we will eventually see the slope flatten out as the number of easy wins begins to dwindle. However, it is important to recognize the progress made to date.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Invalid route propagation update<\/p>\n\n\n\n

    The aforementioned progress in the creation of ROAs is useless<\/em> if networks are not rejecting RPKI-invalid BGP routes. So, the next step in understanding where we are at with RPKI ROV adoption is to better understand the degree to which the internet rejects RPKI-invalid routes.<\/p>\n\n\n\n

    Among the internet\u2019s largest transit providers (i.e., transit-free) providers, all but a couple were rejecting RPKI-invalid routes when we published our post, How much does RPKI ROV reduce the propagation of invalid routes?<\/a> As a result, we concluded that \u201cthe evaluation of a route as invalid reduces its propagation by anywhere between one half to two thirds.\u201d<\/p>\n\n\n\n

    Now, two years later, we can explore how this metric has evolved over this period of time. Using historical RPKI data made available via Job\u2019s RPKIviews<\/a> site and BGP routing data from Routeviews<\/a>, we evaluated the IPv4 global routing table every month going back to the beginning of 2022 to determine how the propagation of RPKI-invalid routes has changed over time.<\/p>\n\n\n\n

    Recall that in this methodology, we measure the propagation of a route by counting how many Routeviews vantage points have the route in their tables. More vantage points means greater propagation. For more explanation on this approach, see our invalid route propagation analysis<\/a>.<\/p>\n\n\n\n

    The graphic below shows the average number of Routeviews vantage points for each RPKI-invalid route over time. We only include routes seen by at least 10 vantage points to avoid internal routes shared with Routeviews vantage points. At the beginning of the plot, we identify 4,978 RPKI-invalid routes that were seen, on average, by 82.5 vantage points. In the last data point from April 1, 2024, we observe 4,211 RPKI-invalid routes seen by 62.5 vantage points. Note, we used a well-known globally routed prefix (Google\u2019s 8.8.8.0\/24) as control prefix for the effects of temporary changes in the count of Routeviews vantage points.<\/em><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    The main challenge to this type of analysis is that it is quite noisy. The set of persistently RPKI-invalid routes does not stay constant and propagation is heavily influenced by which providers are transiting a route. Those challenges aside, the analysis above shows a 24% decline in the propagation of RPKI-invalid routes since the beginning of 2022.<\/p>\n\n\n\n

    To explore this phenomenon further, we can take a look at the routing of intentionally RPKI-invalid routes over time and see that they also experience a similar decline in propagation.<\/p>\n\n\n\n

    RIPE NCC announces numerous \u201cRouting Beacons<\/a>\u201d for measurement purposes. Among these are routes which are intentionally RPKI-invalid (and RPKI-valid for a control). Not to be outdone, Job also announces RPKI-invalid routes along with a control route from his network, AS15562<\/a>.<\/p>\n\n\n\n

    Below is a graphic displaying the Routeviews vantage point count for each of these measurement routes over time. The plots corresponding to the RPKI-invalid routes appear in the lower portion of the graphs, in keeping with our observation that RPKI-invalid routes propagate significantly less.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    The three plots in this graphic all show a noticeable decline in the number of vantage points observing the various RPKI-invalid routes. This decline matches the drop in the average number of vantage points observing any given RPKI-route from earlier.<\/p>\n\n\n\n

    There is one final observation to make based on this analysis. In the panel on the right (\u201cJob\u2019s Beacons\u201d), there are two RPKI-invalid routes with slightly differing degrees of propagation.<\/p>\n\n\n\n

    209.24.0.0\/24 (green) has its ROA published via the ARIN Trust Anchor Locator (TAL), while 194.32.71.0\/24\u2019s (orange) is reachable via the RIPE TAL. A TAL is a file with a public key used by Relying Parties to retrieve RPKI data from a repository.<\/p>\n\n\n\n

    The likely issue is that using the ARIN TAL requires agreeing to a lengthy Relying Party Agreement<\/a>, which some providers refuse to do. As a result, ROAs published by ARIN are seen by slightly fewer networks that reject RPKI-invalid routes, decreasing the efficacy of RPKI for ARIN managed IP space.<\/p>\n\n\n\n

    ARIN\u2019s strong indemnification clause comes from their worry about being sued due to something that happens as a result of the data they publish in the RPKI. This obstacle to RPKI ROV adoption was covered in a 2019 academic article, Lowering Legal Barriers to RPKI Adoption<\/a> by professors Christopher S. Yoo and David A. Wishnick of the University of Pennsylvania.<\/p>\n\n\n\n

    But alas, let\u2019s get back to the progress we\u2019re seeing in the rejection of RPKI-invalids.<\/p>\n\n\n\n

    At the beginning of this section, we mentioned how all but two transit-free providers were rejecting RPKI-invalid routes. Well, the other milestone that occurred this past month is that that number dropped to just one as US telecom operator Zayo (AS6461) began rejecting RPKI-invalid routes from its customers.<\/p>\n\n\n\n

    In 2022, Zayo announced<\/a> that it had begun rejecting RPKI-invalids from its settlement-free peers. However, since nearly all of its big peers were already rejecting those routes, the impact was relatively minor.<\/p>\n\n\n\n

    But on April 1, we began seeing AS6461 begin rejecting RPKI-invalids from customers for the first time. In the Kentik visualization below, RPKI-invalid route 103.36.106.0\/24<\/a> stopped being transited by AS6461 at 16:24 UTC.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    The rollout of Zayo\u2019s rejection of RPKI-invalids was done in phases and a couple of weeks later we started seeing other parts of their global network rejecting RPKI-invalids. At 18:54 UTC on April 12, we observed AS6461 begin rejecting RIPE\u2019s RPKI-invalid beacons, 93.175.147.0\/24 and 2001:7fb:fd03::\/48, for the first time.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Once completed, we expect Zayo\u2019s rejection of RPKI-invalid routes from its customer base to continue to lower the propagation of these problematic routes reducing the risk of traffic disruption or misdirection due to many types of routing mishaps.<\/p>\n\n\n\n

    And finally, for anyone still skeptical about the degree to which invalid routes are being rejected, may we direct your attention to the Orange Espa\u00f1a outage<\/a> in January. I summarized the incident in a blog post published the day after the hack.<\/p>\n\n\n\n

    Using a password found in a public leak of stolen credentials, a hacker was able to log into Orange Espa\u00f1a\u2019s RIPE NCC portal using the password \u201cripeadmin.\u201d Oops! Once in, this individual began altering Orange Espa\u00f1a\u2019s RPKI configuration, rendering many of its BGP routes RPKI-invalid<\/p>\n\n\n\n

    The wielding of RPKI as a tool for denial of service was only possible due to the pervasive extent to which ASNs reject RPKI-invalid routes.<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    Propagation for an Orange Espa\u00f1a route dropped to less than 20% during the attack.<\/p>\n\n\n\n

    Conclusion: Benefits of deploying RPKI<\/p>\n\n\n\n

    In our blog post<\/a> from one year ago, we made the following bold prediction:<\/p>\n\n\n\n

    If we are to assume steady growth of the share of BGP routes with ROAs, it should become the majority case in about a year from now (May 2024). Mark your calendars!\"RPKI-ROV<\/p>\n\n\n\n

    In December, we polled fellow BGP nerds on Twitter\/X<\/a> and LinkedIn<\/a> when they believed we would hit this mark and they were decidedly more pessimistic than the prediction above:<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    The progress detailed in this blog post was years in the making and involved the dedicated efforts of hundreds of engineers at dozens of companies. Improving the security of the global internet routing system is not a small task and will continue to be a years long effort.<\/p>\n\n\n\n

    Each of the two lines of analysis from this post should serve as motivation for additional networks to deploy RPKI ROV.<\/p>\n\n\n\n

      \n
    1. Reject RPKI-invalid BGP routes on EBGP sessions.<\/strong> Given that the majority of internet routes are covered by ROAs (including a super majority of traffic), network operators should reject RPKI-invalid routes to avoid mistakenly egressing customer traffic towards mis-originated routes.<\/li>\n\n\n\n
    2. Create ROAs.<\/strong> And given the scale to which RPKI-invalid routes are suppressed, it would benefit resource holders to create ROAs for their address ranges to enable networks around the world to automatically reject mis-originated routes.<\/li>\n<\/ol>\n\n\n\n

      Networks who do so enjoy immediate benefits!<\/p>\n\n\n\n

      But RPKI ROV doesn\u2019t solve all of the issues surrounding internet routing security. In fact, this is only an opening salvo towards addressing the various \u201cdetermined adversary\u201d scenarios best characterized by the recent attacks against cryptocurrency services<\/a>. These attacks take advantage of existing weaknesses in internet security that we will need to work to limit by building off the progress made by routing security mechanisms like RPKI ROV.<\/p>\n\n\n\n

      <\/p>\n","protected":false},"excerpt":{"rendered":"

      Written by Doug Madory  &  Job Snijders Originally published in Kentik Blog Summary In this blog post, BGP experts Doug Madory of Kentik and Job Snijders of Fastly review the latest RPKI ROV deployment metrics in light of a major milestone. As of today, May 1, 2024, internet routing security passed an important milestone. For the […]<\/p>\n","protected":false},"author":6,"featured_media":25669,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[919],"tags":[1280],"archivo":[1345,1451],"taxonomy-authors":[1418],"tipo_autor":[1455],"class_list":["post-25792","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-routing","tag-routing","archivo-editions","archivo-highlights-2023","taxonomy-authors-doug-madory-en","tipo_autor-colaborador"],"acf":{"author":"Doug Madory\u00a0 &\u00a0 Job Snijders","related_notes":""},"yoast_head":"\nLACNIC Blog | RPKI ROV Deployment Reaches Major Milestone<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LACNIC Blog | RPKI ROV Deployment Reaches Major Milestone\" \/>\n<meta property=\"og:description\" content=\"Written by Doug Madory  &  Job Snijders Originally published in Kentik Blog Summary In this blog post, BGP experts Doug Madory of Kentik and Job Snijders of Fastly review the latest RPKI ROV deployment metrics in light of a major milestone. As of today, May 1, 2024, internet routing security passed an important milestone. For the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/\" \/>\n<meta property=\"og:site_name\" content=\"LACNIC Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/lacnic\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-07T18:27:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-23T15:38:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png\" \/>\n\t<meta property=\"og:image:width\" content=\"680\" \/>\n\t<meta property=\"og:image:height\" content=\"330\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Gianni\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@lacnic\" \/>\n<meta name=\"twitter:site\" content=\"@lacnic\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/\"},\"author\":{\"name\":\"Gianni\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\"},\"headline\":\"RPKI ROV Deployment Reaches Major Milestone\",\"datePublished\":\"2024-05-07T18:27:40+00:00\",\"dateModified\":\"2024-09-23T15:38:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/\"},\"wordCount\":2025,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png\",\"keywords\":[\"Routing\"],\"articleSection\":[\"Routing\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/\",\"url\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/\",\"name\":\"LACNIC Blog | RPKI ROV Deployment Reaches Major Milestone\",\"isPartOf\":{\"@id\":\"https:\/\/blog.lacnic.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png\",\"datePublished\":\"2024-05-07T18:27:40+00:00\",\"dateModified\":\"2024-09-23T15:38:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png\",\"width\":680,\"height\":330},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/blog.lacnic.net\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RPKI ROV Deployment Reaches Major Milestone\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.lacnic.net\/#website\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"name\":\"LACNIC Blog\",\"description\":\"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.\",\"publisher\":{\"@id\":\"https:\/\/blog.lacnic.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.lacnic.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/blog.lacnic.net\/#organization\",\"name\":\"LACNIC Blog\",\"url\":\"https:\/\/blog.lacnic.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"contentUrl\":\"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg\",\"caption\":\"LACNIC Blog\"},\"image\":{\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/facebook.com\/lacnic\",\"https:\/\/x.com\/lacnic\",\"https:\/\/www.instagram.com\/lacnic\/?hl=es-la\",\"https:\/\/uy.linkedin.com\/company\/lacnic\",\"https:\/\/www.youtube.com\/user\/lacnicstaff\",\"https:\/\/www.lacnic.net\/podcast\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab\",\"name\":\"Gianni\",\"url\":\"https:\/\/blog.lacnic.net\/en\/author\/gianni\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LACNIC Blog | RPKI ROV Deployment Reaches Major Milestone","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/","og_locale":"en_US","og_type":"article","og_title":"LACNIC Blog | RPKI ROV Deployment Reaches Major Milestone","og_description":"Written by Doug Madory  &  Job Snijders Originally published in Kentik Blog Summary In this blog post, BGP experts Doug Madory of Kentik and Job Snijders of Fastly review the latest RPKI ROV deployment metrics in light of a major milestone. As of today, May 1, 2024, internet routing security passed an important milestone. For the […]","og_url":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/","og_site_name":"LACNIC Blog","article_publisher":"https:\/\/facebook.com\/lacnic","article_published_time":"2024-05-07T18:27:40+00:00","article_modified_time":"2024-09-23T15:38:30+00:00","og_image":[{"width":680,"height":330,"url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png","type":"image\/png"}],"author":"Gianni","twitter_card":"summary_large_image","twitter_creator":"@lacnic","twitter_site":"@lacnic","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#article","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/"},"author":{"name":"Gianni","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab"},"headline":"RPKI ROV Deployment Reaches Major Milestone","datePublished":"2024-05-07T18:27:40+00:00","dateModified":"2024-09-23T15:38:30+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/"},"wordCount":2025,"commentCount":0,"publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png","keywords":["Routing"],"articleSection":["Routing"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/","url":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/","name":"LACNIC Blog | RPKI ROV Deployment Reaches Major Milestone","isPartOf":{"@id":"https:\/\/blog.lacnic.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage"},"image":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png","datePublished":"2024-05-07T18:27:40+00:00","dateModified":"2024-09-23T15:38:30+00:00","breadcrumb":{"@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#primaryimage","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png","width":680,"height":330},{"@type":"BreadcrumbList","@id":"https:\/\/blog.lacnic.net\/en\/rpki-rov-deployment-reaches-major-milestone\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/blog.lacnic.net\/en\/"},{"@type":"ListItem","position":2,"name":"RPKI ROV Deployment Reaches Major Milestone"}]},{"@type":"WebSite","@id":"https:\/\/blog.lacnic.net\/#website","url":"https:\/\/blog.lacnic.net\/","name":"LACNIC Blog","description":"En el Blog de LACNIC encontrar\u00e1s art\u00edculos t\u00e9cnicos vinculados al desarrollo de Internet en la regi\u00f3n de Am\u00e9rica Latina y el Caribe.","publisher":{"@id":"https:\/\/blog.lacnic.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.lacnic.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/blog.lacnic.net\/#organization","name":"LACNIC Blog","url":"https:\/\/blog.lacnic.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/","url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","contentUrl":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2023\/03\/lacnic-blog.svg","caption":"LACNIC Blog"},"image":{"@id":"https:\/\/blog.lacnic.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/lacnic","https:\/\/x.com\/lacnic","https:\/\/www.instagram.com\/lacnic\/?hl=es-la","https:\/\/uy.linkedin.com\/company\/lacnic","https:\/\/www.youtube.com\/user\/lacnicstaff","https:\/\/www.lacnic.net\/podcast"]},{"@type":"Person","@id":"https:\/\/blog.lacnic.net\/#\/schema\/person\/1338d9cfdb0137e8bc5581f3771f39ab","name":"Gianni","url":"https:\/\/blog.lacnic.net\/en\/author\/gianni\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/blog.lacnic.net\/wp-content\/uploads\/2024\/05\/validacion-de-origen-rpki-2024.png","jetpack_sharing_enabled":true,"wpml_current_locale":"en_US","wpml_translations":[{"locale":"es_ES","id":25666,"post_title":"Importante hito en el despliegue de validaci\u00f3n de origen con RPKI","slug":"importante-hito-en-el-despliegue-de-validacion-de-origen-con-rpki","href":"https:\/\/blog.lacnic.net\/importante-hito-en-el-despliegue-de-validacion-de-origen-con-rpki\/"},{"locale":"pt_BR","id":25794,"post_title":"Marco importante na implanta\u00e7\u00e3o da valida\u00e7\u00e3o de origem com RPKI","slug":"marco-importante-na-implantacao-da-validacao-de-origem-com-rpki","href":"https:\/\/blog.lacnic.net\/pt-br\/marco-importante-na-implantacao-da-validacao-de-origem-com-rpki\/"}],"_links":{"self":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/25792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/comments?post=25792"}],"version-history":[{"count":2,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/25792\/revisions"}],"predecessor-version":[{"id":27326,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/posts\/25792\/revisions\/27326"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media\/25669"}],"wp:attachment":[{"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/media?parent=25792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/categories?post=25792"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tags?post=25792"},{"taxonomy":"archivo","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/archivo?post=25792"},{"taxonomy":"taxonomy-authors","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/taxonomy-authors?post=25792"},{"taxonomy":"tipo_autor","embeddable":true,"href":"https:\/\/blog.lacnic.net\/en\/wp-json\/wp\/v2\/tipo_autor?post=25792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}