What is Route Origin Authorization?

Route Origin Authorization, or ROA for short, is a cryptographically signed object. The purpose of this object is to declare which Autonomous System is authorized to originate a certain prefix.

ROA consist of these components

  • ROA name
  • ASN (Autonomous System Number)
  • IP address or prefix
  • Maximum length of prefix

Maximum length of prefix indicates the length of the most specific IP prefix that the Autonomous System can advertise. If the maximum length is not specified, the AS can only advertise the specified prefix. In this case, more specific advertisements are invalid. This is set in place to prevent IP hijacking.

Learn more