RPKI Trust Anchors
In the context of RPKI architecture, the Trust Anchor Locator (TAL) is a file that contains information needed for an RPKI validator to access the repository location and begin the validation process.
The Trust Anchor Locator contains several elements:
- A URL pointing to LACNIC's RPKI repository
- LACNIC's public key, properly encoded
LACNIC's RPKI TAL:
https://rrdp.lacnic.net/ta/rta-lacnic-rpki.cer
rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KRc3MeWx3ne
Xx4/wbnJWGbNAtbYqXg3uU5J4HFzPgk/VIppgSKAhlO0H60DRP48by9gr5/yDHu2KXhOmnMg4
6sYsUIpfgtBS9+VtrqWziJfb+pkGtuOWeTnj6zBmBNZKK+5AlMCW1WPhrylIcB+XSZx8tk9GS
/3SMQ+YfMVwwAyYjsex14Uzto4GjONALE5oh1M3+glRQduD6vzSwOD+WahMbc9vCOTED+2McL
HRKgNaQf0YJ9a1jG9oJIvDkKXEqdfqDRktwyoD74cV57bW3tBAexB7GglITbInyQAsmdngtfg
2LUMrcROHHP86QPZINjDQIDAQAB
The implementation of LACNIC policy LAC-2019-12 (RPKI ROAs with Origin ASN 0), requires downloading a specific TAL and installing it in your validator.
The TAL file used for the implementation of “RPKI ROAs with Origin ASN 0” is the following:
https://rrdp.lacnic.net/ta/rta-lacnic-rpki-as0.cer
rsync://repository.lacnic.net/rpkias0/lacnic/rta-lacnic-rpki-as0.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhW5FgZ9Foda5ZpboK99IzhnBG4Gu9t0M
bzaqUI7rEH70RKbxpYtBguktrwVX3CaK7BiDtxOEtQv6iikt2DyfLZ14tpwoh/1NBqPilb+PfvNC
N75LU9WYv5Fy651bC+N9kO7tAZeWY1NhZCYi3FjFjBRvv7IbUuWx5Us+xoV0g1jVVI5PI69Cbp/j
1a3CutCe92yJ5z9VTJQYXPw32ti0gAAERCepr21y4sO4rJiJtdDGk2+ezFzSgvgitX+/aqaoTpsD
HCcSu0ScdsuY+XIQuq0f/Pcg/ClwSmRX2M+7nsbiOHv0GP4VubEW14u9lvu+XdpaPcZVBRldaP9h
5I1f2QIDAQAB
While most validation tools already include the necessary TAL files, in certain cases it may be useful to keep the TAL file separate.
This file can be downloaded from the following links:
https://www.lacnic.net/rpki/lacnic.tal
https://www.lacnic.net/rpki/lacnic-as0.tal
The TAL file format is specified in documents prepared by the Internet Engineering Task Force (IETF), RFC 8630 (previously RFCs 6490 and 7730).