Your IP address is



key-256Resource Certification is a security framework for verifying the association between Internet number resources (IP addresses and Autonomous System Numbers) and their rightful holders.

It aims to add a verifiable form of a holder's current right to use those resources over the Internet. An important component of the
resource certification framework is the resource Public Key Infrastructure (RPKI) based on the Internet resources management

Since 2006, AFRINIC has been working with other Regional Internet Registries (RIRs) on the resources certification activity, while also following the development of the standards in the Secure Inter-Domain Routing (SIDR) Working Group at
the IETF..

AFRINIC is providing a system with basic features, to be expanded over time in a phased deployment plan. Certification will be offered through a hosted environment via the MyAFRINIC portal. Members are able to sign Route Origin Authorisations (ROAs) and view their certificates. The system takes care of all the crypto operations such as certificate requests and renewals, re-keys and objects publication in the repository (rsync:// Access to the resource certification sub-section requires a Business Public Key Infrastructure (BPKI) certificate.

What can you do with your RPKI certificate?

Resource certificates can be used for various purposes:

  • Prove the right to use resources
  • Sign Route Origin Authorisations
  • Sign Internet Routing Objects
  • Prove ownership of Internet number resources in the context of IPv4 transfer after the exhaustion of the IPv4 pool of the RIR
  • Help to secure the inter-domain routing protocol by conveying the right-to-use of the resources and to validate routing information
Technical background

Resource Certificates are based on the X.509 certificate format (RFC 5280). The format has been extended by the IETF standard, (RFC 3779) to include IP address and AS numbers in a critical certificate extension. These certificates are then published and bound together in a verifiable way in the RPKI. The resource certificates are not identity certificates and can only be used by specialised applications and services that are related to verification of an entity's rights to use an IP address or AS number.

AFRINIC has invested significant resources in the development of its own in-house system based on the APNIC RPKI code. A basic version of the system will evolve during the year in phases. These phases include the extension of the "up/down" protocol, the sub-certification, and the migration to a single Trust Anchor (TA).

To use the system

  1. Activate your account on MyAFRINIC if you have not done so before.

  2. Enroll your BPKI certificate.

  3. Navigate to Resources Certification under Resources.

RPKI codes and tools

AFRINIC RPKI repository:


Policy documents:

Certificate Practice Statement (CPS)

Global statistics
Daily validation details of objects in AFRINIC RPKI repository


RIPE NCC Validator rcynic Validation Tool

RPSTIR - BBN Validation Tool

Implementation of RPKI tools Open Source

Related links
BGP Secure Routing Extension (BGP-SRx) – RPKI for Quagga
RPKI Origin Validation Looking Glass

Resource certification at other RIRs


If you have any questions, please send a mail to rpki-help[at]

There is a mailing list rpki-discuss[at] to discuss RPKI services.

Profile Information

Application afterLoad: 0.002 seconds, 0.71 MB
Application afterInitialise: 0.059 seconds, 2.70 MB
Application afterRoute: 0.099 seconds, 5.95 MB
Application afterDispatch: 0.142 seconds, 7.66 MB
Application afterRender: 0.344 seconds, 10.29 MB

Memory Usage


10 queries logged

  1. SELECT m.*, c.`option` AS component
      FROM www3menu AS m
      LEFT JOIN www3components AS c
      ON m.componentid =
      WHERE m.published = 1
      ORDER BY m.sublevel, m.parent, m.ordering
  2. SELECT jf_content.reference_field, jf_content.VALUE, jf_content.reference_id, jf_content.original_value

      FROM www3jf_content AS jf_content

      WHERE jf_content.language_id=1
      AND jf_content.published=1
      AND jf_content.reference_id IN(1,11,20,304,324,262,231,275,340,393,791,661,12,51,348,805,831,13,52,154,795,14,24,53,793,15,797,16,62,803,17,799,68,97,27,387,619,191,221,172,170,76,171,337,418,521,845,175,174,177,237,176,499,511,455,481,523,547,671,184,185,188,423,837,527,179,181,204,235,156,158,159,384,475,675,629,160,161,162,157,192,621,268,270,266,321,264,265,338,416,483,519,843,276,283,278,282,477,677,279,631,280,281,429,277,382,305,306,307,308,424,835,317,330,318,319,320,325,326,327,328,529,341,342,343,345,350,349,408,351,354,745,489,509,356,479,525,549,673,388,400,403,404,405,406,419,513,399,394,396,397,395,617,615,663,665,801,414,163,731,733,735,737,715,739,741,789,743,269,271,272,292,289,290,291,293,294,339,295,420,386,807,811,285,286,288,819,383,287,515,567,809,817,415,284,633,763,315,312,561,563,565,767,314,380,517,332,333,334,335,336,370,346,347,311,378,787,352,364,362,365,833,719,366,367,368,411,412,453,825,379,357,358,359,360,361,371,431,459,463,467,469,471,473,531,533,537,539,541,543,545,599,609,601,605,485,487,491,493,495,497,551,553,557,559,841,573,575,577,579,581,583,585,591,589,777,779,813,749,751,753,755,747,757,759,761,783,373,374,375,376,721,417,829,669,353,413,461,535,781,727,667,611,597,603,815,769,635,637,639,641,645,643,647,649,651,653,655,657,659,785,821,823,827,697,701,703,705,707,709,711)
      AND jf_content.reference_table='menu'
  3. SELECT *
      FROM www3rokcandy
      WHERE published=1
  4. SELECT template
      FROM www3templates_menu
      WHERE client_id = 0
      AND (menuid = 0 OR menuid = 341)
      ORDER BY menuid DESC
      LIMIT 0, 1
  5. SELECT a.*, AS author, u.usertype, cc.title AS category, s.title AS SECTION, CASE WHEN CHAR_LENGTH(a.alias) THEN CONCAT_WS(":",, a.alias) ELSE END AS slug, CASE WHEN CHAR_LENGTH(cc.alias) THEN CONCAT_WS(":",, cc.alias) ELSE END AS catslug, AS groups, s.published AS sec_pub, cc.published AS cat_pub, s.access AS sec_access, cc.access AS cat_access  
      FROM www3content AS a
      LEFT JOIN www3categories AS cc
      ON = a.catid
      LEFT JOIN www3sections AS s
      ON = cc.SECTION
      AND s.scope = "content"
      LEFT JOIN www3users AS u
      ON = a.created_by
      LEFT JOIN www3groups AS g
      ON a.access =
      WHERE = 151
      AND (  ( a.created_by = 0 )    OR  ( a.state = 1
      AND ( a.publish_up = '0000-00-00 00:00:00' OR a.publish_up <= '2023-10-02 08:00:13' )
      AND ( a.publish_down = '0000-00-00 00:00:00' OR a.publish_down >= '2023-10-02 08:00:13' )   )    OR  ( a.state = -1 )  )
  6. SELECT jf_content.reference_field, jf_content.VALUE, jf_content.reference_id, jf_content.original_value

      FROM www3jf_content AS jf_content

      WHERE jf_content.language_id=1
      AND jf_content.published=1
      AND jf_content.reference_id IN(151)
      AND jf_content.reference_table='content'
  7. UPDATE www3content
      SET hits = ( hits + 1 )
      WHERE id='151'
  8. SELECT *
      FROM www3jcomments_settings

      WHERE lang = 'en-GB'
  9. SELECT id, title, module, POSITION, content, showtitle, control, params
      FROM www3modules AS m
      LEFT JOIN www3modules_menu AS mm
      ON mm.moduleid =
      WHERE m.published = 1
      AND m.access <= 0
      AND m.client_id = 0
      AND ( mm.menuid = 341 OR mm.menuid = 0 )
      ORDER BY POSITION, ordering
  10. SELECT jf_content.reference_field, jf_content.VALUE, jf_content.reference_id, jf_content.original_value

      FROM www3jf_content AS jf_content

      WHERE jf_content.language_id=1
      AND jf_content.published=1
      AND jf_content.reference_id IN(79,330,35,326,331,131,347,345,329,292,335)
      AND jf_content.reference_table='modules'

Language Files Loaded

Untranslated Strings Diagnostic


Untranslated Strings Designer