[RPKI] Is ROA to VRP 1-to-1 Mapping?

Jacquie Zhang jac.tech0 at gmail.com
Fri Oct 1 07:48:59 UTC 2021


My company is working on implementing RPKI with Routinator so I have some
questions I'd like to ask. I'm breaking the questions into multiple emails.

My first question is, is ROA to VRP 1-to-1 mapping, ie. there is only one
VRP resulted from each ROA?

I went through my ASN, AS4804, and compared the ROAs listed in the
following public places to the ROAs we signed in APNIC and the VRPs in my
Cisco router. They were exactly the same, 364.

1. https://rpki.cloudflare.com/?view=explorer&asn=4804   showed 364
2. http://nong.rand.apnic.net:8080/roas showed 364
3. My lab Cisco router which is connected to a Routinator. It showed 364.
4. MYAPNIC portal, it showed 364.

This lead me to think that the mapping is 1-to-1. Each ROA after processing
by a validator software only generates one VRP.

But from the following URL, it clearly shows that it is a 1-to-many mapping.

Take RIPE as an example, ROA count was 25,704. VRP count was 138,630, which
was 5.39 times of the ROA count. All other RIRs have VRP counts must
greater than the ROA counts.


[image: image.png]

Reading the Routinator document at
it says "If the ROA passes validation, Routinator will produce one or
more *plain
text* validated ROA payloads (VRPs) for each ROA, depending on how many IP
prefixes are contained within it."

Can someone please help explain which one is correct, 1-to-1 or 1-to-many?
Maybe different scenarios produce differently? Which scenario will produce
multiple VRPs from a single ROA?

 I'm not talking about VRP to prefix mapping. I understand in the case max
len is greater than the prefix len in a VRP, multiple IP prefixes will be
covered by this VRP.

Jacquie from Optus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20211001/a4f0d2da/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 121564 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20211001/a4f0d2da/attachment-0001.png>

More information about the RPKI mailing list