You can access through the following link http://rpki.lacnic.net
RPKI is a public key infrastructure which offers providers additional tools to verify a client's right to use Internet resources. For example, if a client requests routing a certain address block from a certain ASN, the provider may request the corresponding cryptographic material and conduct its verification following the RPKI hierarchy.
Each provider chooses which information is appropriate for building their filters. In some cases, the information that exists in Internet Routing Registries is used; in others, providers have web interfaces where clients chooses the prefixes they wish to announce. Today, generating Internet filters quickly and efficiently is an essential tool to ensure proper Internet operation, combat resource hijacking and, at the same time, maintain the dynamism required to allow topology modifications.
No, RPKI is a public key infrastructure which may be used to generate router filters. RPKI will not replace IRRs, as it does not implement several of the latter's functionalities, such as policy registry by ASN.
However, the IRR section of the MiLacnic platform uses the ROAs that are generated as its source of information.
Resource hijacking can occur when an ASN announces our prefix “as is” or with a longer prefix, whether due to an error or maliciously. The most well-known case of route hijacking is that of Pakistan Telecom. For more information, check out the following video https://youtu.be/IzLPKuAOe50
The two major peculiarities of an RPKI certificate are the lack of identifying information regarding the object of the certificate and the use of extensions to include both IPv4 and IPv6 addresses, as well as ASNs. These extensions were defined in RFC 3779.
It is not necessary that your routers support RPKI in order to generate certificates and ROAs. However, routing software that supports RPKI is required for routers to be able to make routing decisions taking into account the authenticity of routes based on RPKI.
The RPKI Project LACNIC is working on allows two options: "delegated" and "hosted" mode, where members organizations can perform all task relating to RPKI architecture through a user-friendly website without the need to implement a Certificate Authority (CA).
Some validation software are:
Most of the equipment providers already support origin validation, among them Cisco System, Juniper Network, Quagga, Huawei.
To verify that your prefixes have been properly signed and that there are no errors marking the routes as invalid, you can use LACNIC?s origin validation tool: https://milacnic.lacnic.net/lacnic/rpki/state