Perhaps this clarifies things: https://rpki.readthedocs.io/en/latest/rpki/introduction.html#mapping-the-resource-allocation-hierarchy-into-the-rpki
As well as this section: https://rpki.readthedocs.io/en/latest/rpki/securing-bgp.html Cheers, Alex > On 26 Aug 2020, at 10:25, Fabiano D'Agostino <fabiano.dagostin...@gmail.com> > wrote: > > Good morning everyone, > I have a doubt about RPKI chain of trust. The 5 RIRs hold a self-signed root > certificate for all the resources they have in the registry. The root > certificate is used to sign the LIR's certificates that lists LIR's > resources. LIRs use their private key to sign ROAs. LIR's public key is used > to verify ROAs signatures and RIRs public key is used to verify LIR's > signatures. > > Is this correct? > > Thanks in advance, > > Fabiano
