RPKI / ROA
Resource Public Key Infrastructure: a cryptographic system where IP-block holders publish Route Origin Authorisations (ROAs) saying which ASNs may announce their prefixes, used to detect and reject BGP hijacks.
RPKI (Resource Public Key Infrastructure) lets the holder of an IP block sign a Route Origin Authorisation (ROA) stating "AS X may originate this prefix at length up to /Y". Routers performing Route Origin Validation (ROV) check incoming BGP announcements against ROAs and reject INVALID ones, blocking the most common form of prefix hijack. RPKI is anchored at the five RIRs (ARIN, RIPE, APNIC, LACNIC, AFRINIC), each running a Trust Anchor. Adoption has crossed 50% of routed prefixes globally; the remaining gap is what lets hijacks still succeed against unprotected origins. MANRS bundles RPKI deployment with other routing-security best practices.