Hi Alex, thank you. I read that documentation and I was reading this one from page 201: https://www.ripe.net/support/training/material/bgp-operations-and-security-training-course/BGP-Slides-Single.pdf
It seems that RIRs have a self-signed root certificate. They use this certificate to sign LIR's certificates and LIR's private key is used to sign ROAs. I am not very sure about the use of public keys. Fabiano Il giorno mer 26 ago 2020 alle ore 10:39 Alex Band <[email protected]> ha scritto: > Perhaps this clarifies things: > > > https://rpki.readthedocs.io/en/latest/rpki/introduction.html#mapping-the-resource-allocation-hierarchy-into-the-rpki > > As well as this section: > > https://rpki.readthedocs.io/en/latest/rpki/securing-bgp.html > > Cheers, > > Alex > > > On 26 Aug 2020, at 10:25, Fabiano D'Agostino < > [email protected]> wrote: > > > > Good morning everyone, > > I have a doubt about RPKI chain of trust. The 5 RIRs hold a self-signed > root certificate for all the resources they have in the registry. The root > certificate is used to sign the LIR's certificates that lists LIR's > resources. LIRs use their private key to sign ROAs. LIR's public key is > used to verify ROAs signatures and RIRs public key is used to verify LIR's > signatures. > > > > Is this correct? > > > > Thanks in advance, > > > > Fabiano > >
