Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


An RPKI relying party may want to override some of the information expressed via putative TAs and the certificates downloaded from the RPKI repository system. For instances, [RFC6491] recommends the creation of ROAs that would invalidate public routes for reserved and unallocated address space, yet some ISPs might like to use BGP and the RPKI with private address space ([RFC1918], [RFC4193], [RFC6598]) or private AS numbers ([RFC1930], [RFC6996]). Local use of private address space and/or AS numbers is consistent with the RFCs cited above, but such use cannot be verified by the global RPKI. This motivates creation of mechanisms that enable a network operator to publish a variant of RPKI hierarchy (for its own use and that of its customers) at its discretion. Additionally, a network operator might wish to make use of a local override capability to protect routes from adverse actions [RFC8211], until the results of such actions have been addressed. The mechanisms developed to provide this capability to network operators are hereby called Simplified Local internet nUmber Resource Management with the RPKI (SLURM).

SLURM allows an operator to create a local view of the global RPKI by generating sets of assertions. For Origin Validation [RFC6811], an assertion is a tuple of {IP prefix, prefix length, maximum length, AS number} as used by rpki-rtr version 0 [RFC6810] and version 1 [RFC8210]. For BGPsec [RFC8205], an assertion is a tuple of {AS number, subject key identifier, router public key} as used by rpki-rtr version 1. (For the remainder of this document, these assertions are called Origin Validation assertions and BGPsec assertions, respectively.)

You can’t perform that action at this time.