Home / Blogs

IP Address Space Covered by Certificates

Since the RIPE NCC launched its Resource Certification service, there is a steady increase in the number of prefixes covered by certificates.

The Resource Certification (RPKI) service was launched at the beginning of 2011. The system enables network operators to perform Border Gateway Protocol (BGP) origin validation, which means that they can securely verify if a BGP route announcement has been authorised by the legitimate holder of the address block.

Using their resource certificate, network operators can create cryptographically validatable statements about the route announcements they authorise to be made with the prefixes they hold. These statements are called Route Origin Authorisations (ROAs). A ROA states which Autonomous System (AS) is authorised to originate a certain IP address prefix.

So far, 10% of the RIPE NCC membership has opted into requesting a Resource Certificate. In the graph below, you can see the number of IPv4 prefixes (blue) and IPv6 prefixes (red) that have been certified by RIPE NCC members using their certificate. More than 900 IPv4 prefixes are certified. That means that more thanĀ 10% of the IPv4 address space the RIPE NCC is maintaining is covered by certificates. For IPv6, around 250 prefixes are certified. This is a relatively high number compared to the total number of IPv6 prefixes in the routing system.

Number of IPv4 and IPv6 Prefixes covered by Certificates in the RIPE NCC service region (Click to Enlarge)

More information:
• Find out more information about certification.
• See more RPKI related statistics.
• See RIPE Labs for other related information about IP address space.

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com


Sponsored byVerisign