• In 2025, the RPKI Steering Group will publish both a draft technical specification to standardise Trust Anchor constraints and a roadmap for core RPKI services across RIRs.
• Additional “nice-to-have” innovations—such as hybrid services, testing environments, and BGPsec expansion—are being groomed for future deployment to enrich routing security.
What happened:Strengthening trust anchors
On 25 August 2025, the APNIC blog announced that the NRO RPKI Programme has sharpened its focus for the year ahead, consolidating efforts into two principal objectives.
First, reinforcing the transparency, robustness and security of the RPKI system. To that end, the RPKI Steering Group will publish a consultation draft later this year proposing a technical specification to communicate Internet Number Resource (INR) constraints for each Trust Anchor (TA).
Second, enhancing the consistency of user experience across RIRs. This includes harmonising documentation, terminology and best practice guidance, and agreeing upon a unified roster of core RPKI features—such as hosted and delegated services, ROA-management APIs, ASPA via portal and API, and short-lived TA certificates. A consolidated roadmap for rolling out these services across all RIRs is due in the second half of 2025.
Beyond those essentials, the Steering Group is also cultivating a suite of “nice-to-have” features for future phases—ranging from hybrid services and signed Trust Anchor locators to RPKI checklists, BGPsec support and testing environments. Additionally, the group has completed a gap analysis of RPKI user interfaces across RIRs and launched an RPKI content repository, with an upcoming guide detailing how to create a Route Origin Authorization (ROA) via each RIR expected soon.
Also read: ARIN concludes ICP-2 consultation to update RIR criteria
Also read: ICP-2 principles debate: Shaping Asia’s internet governance
Why it’s important
Routing security is foundational to a resilient, trustworthy Internet. The NRO RPKI Programme’s push to standardise Trust Anchor constraints and align user-facing elements across RIRs directly addresses long-standing fragmentation in RPKI implementations. It ensures operators managing ROAs across multiple regions aren’t tripped up by inconsistent procedures or jargon—accelerating adoption and reducing operational friction.
The planned consultation on TA configurations could resolve technical uncertainties that have constrained trust in RPKI validation. Meanwhile, aligning on core services and releasing a shared roadmap offers transparency and predictability—benefiting network operators, RIR implementers, and the global routing ecosystem.
Looking ahead, the “nice-to-have” features—such as hybrid publishing models, BGPsec capabilities and testing environments—hint at a more ambitious, resilient future for RPKI. Despite optional, such changes could encourage enhanced engagement from the technical community and expedite the move to a secure and globally consistent routing infrastructure. The NRO RPKI Program stares on track to deliver major advances in routing security and usability, bringing us one step closer to a unified and trusted Internet routing fabric. Particular milestones shall be announced for later in 2025.
