% of Declared IPv4 Space Covered By ROAs

[compare]

This graph depicts the percentage of IPv4 address space declared in the RPKI Trust Anchors that is covered by ROAs. The percentage shown in this graph is computed with normalized address space (in units of /24 equivalents).

Note that RIPE NCC has included "legacy" address space in its TA since October 2013.

Distribution of RPKI Certificate Path Depths Including ROA EEs

EEs for manifests and CRLs are excluded

[compare]

This graph shows the number of certificates at various levels of certificate-path depth within the RPKI hierarchy (for each RIR).

Number IPv4 Address Blocks Contained in CA Certs

TA Certs and ROA EEs are Excluded

[compare]

This graph shows the number of IPv4 address blocks (regardless of block size) declared in CAs certs at various levels of certificate-path depth within the RPKI hierarchy. TA certs and EEs for the ROA are not considered for generating this graph.

Normalized IPv4 Address Space Contained in CA Certs

TA Certs and ROA EEs are Excluded

[compare]

This graph shows normalized IPv4 address space in /24s declared in CAs at various levels of certificate-path depth within the RPKI hierarchy. TA certs and EEs for the ROA are not considered for generating this graph.

Number IPv6 Address Blocks Contained in CA Certs

TA Certs and ROA EEs are Excluded

[compare]

This graph shows the number of IPv6 address blocks (regardless of block size) declared in CAs certs at various levels of certificate-path depth within the RPKI hierarchy. TA certs and EEs for the ROA are not considered for generating this graph.

Number of ROAs that a Given AS Appears in

[compare]

Each ROA contains exactly one AS number (ASN), but each ASN can appear in multiple ROAs. A point (x,y) on the plot in the above graph conveys that there are in total "y" ASNs each of which appears in exactly "x" number of ROAs.

Published ROAs

Analysis of Prefixes in ROAs

[compare]

The graph above depicts the number of IP prefixes (both IPv4 and IPv6) listed in ROAs. All IPv4(6) Count includes any repeated prefixes appearing in multiple ROAs, possibly with different OAS, whereas Uniq IPv4(6) Count includes only unique prefixes.

[compare]

Each ROA may contain multiple prefixes. A point (x,y) on the plot in the graph above conveys that there are in total "y" ROAs each of which contains exactly "x" number of prefixes (including both IPv4 and IPv6).

[compare]

The graph above depicts the total number of prefixes registered in all ROAs as a function of prefix length.

[compare]

Looking closer at the IPv4 prefixes declared within ROA's the graph above depicts the characteristics of the usage of Maxlength within the prefix declaration. The question is how many of the observed prefixes do specify a max length other than the prefix length.

[compare]

The graph above depicts the average of the span (max length - prefix length) of prefixes registered in ROA's as a function of the prefix length. Larger span implies greater vulnerability to faked-origin hijack (in the absence of path validation), and hence not recommended [draft-ietf-sidr-origin-ops].

RPKI ROA Autonomous Systems Statistics

25 Autonomous Systems that appear the most in ROAs


25 Autonomous Systems with the most Prefixes declared in ROAs


25 Autonomous Systems with the most Address Space (/24 Equivalents) declared in ROAs

RPKI ROA Address Holders Statistics

25 Address Holders with the most Address Space (/24 Equivalents) COVERED by ROAs

[compare]

The graph above shows the ISP-level IP address holders with the most address space covered by ROAs.