RPKI

Resource Public Key Infrastructure—a cryptographic framework that validates who owns and announces IP address blocks on the internet. RPKI uses digital certificates to bind IP prefixes to autonomous systems (ASNs), preventing BGP hijacks where an attacker announces someone else's IP space and intercepts traffic. Here's the deal: BGP, the routing protocol that moves packets across the internet, is fundamentally trusting. Anyone can announce any IP block if they control a router. RPKI adds a signature layer—a CA hierarchy managed by regional internet registries (RIRs) issues certificates proving "this AS is authorized to announce this IP range." Routers with RPKI validation enabled check these signatures and reject invalid announcements. It's not perfect—adoption is still partial, and it doesn't prevent hijacks from authorized ASNs—but it stops the obvious attacks. For domain owners, RPKI matters because your DNS infrastructure lives on the internet, and route hijacking can knock it offline. If your registrar or DNS host operates routable IPs without RPKI validation, they're exposed. Most serious operators now use it; some bulletproof hosters skip it entirely. Worth asking your provider.