Fresh IPv4 news just dropped — 🎉 see what you’re missing
Blog
RPKI and IPv4 Transfers: Where RIPE Policy Is Heading

RPKI and IPv4 Transfers: Where RIPE Policy Is Heading

April 14, 2025
3 min read

RPKI (Resource Public Key Infrastructure) is becoming standard practice for IPv4 transfers in the RIPE region. While not yet mandatory, the direction is clear: RIPE NCC continues to strengthen RPKI infrastructure, and buyers and sellers should treat ROA setup as part of the transfer process.

Current RIPE RPKI Policy

RIPE NCC provides RPKI tools to all members through the RIPE Database and LIR Portal. Key points:

  • ROA creation is free for RIPE members through the LIR Portal
  • Hosted RPKI is available for organizations that don’t want to run their own Certificate Authority
  • Delegated RPKI is available for those who want full control

Recent policy developments show continued investment in RPKI quality:

Policy 2025-02: Revocation of Non-functional Delegated RPKI CAs was accepted in October 2025, with implementation planned for Q1 2026. This policy mandates RIPE NCC to revoke certificates from Certificate Authorities that have been non-functional for more than three months. The goal is to clean up the RPKI ecosystem and reduce load on Relying Parties.

Why RPKI Matters for Transfers

RPKI and ROAs verify that BGP announcements are authorized. Without a valid ROA, networks that perform Route Origin Validation (ROV) may reject your announcements.

For transfers, this means:

Sellers should:

  • Remove or update their ROA before transfer so the buyer’s announcement isn’t rejected
  • Coordinate timing with the buyer to avoid gaps where no valid ROA exists

Buyers should:

  • Create a ROA for the transferred block once the RIR transfer completes
  • Test announcements against ROV-validating networks to ensure reachability

The process is straightforward through the RIPE LIR Portal, but it requires awareness and action.

RPKI Adoption Is Growing

RPKI validation is increasingly common among major networks:

  • Tier 1 providers like Cogent, NTT, and Lumen validate RPKI
  • Cloud providers including AWS, Google Cloud, and Azure support ROV
  • CDNs like Cloudflare and Akamai validate routes

This means blocks without valid ROAs may experience reachability issues. The practical effect: RPKI is becoming mandatory in practice even if not in policy.

What Buyers Should Do

If you are buying IPv4 in the RIPE region:

  1. Include RPKI in your due diligence. Check if the seller has a ROA in place. Coordinate on timing for ROA removal and recreation.
  2. Create your ROA promptly. Once the RIR transfer completes, create a ROA through the RIPE LIR Portal.
  3. Use hosted RPKI if unsure. RIPE’s hosted RPKI service handles certificate management for you.

Our how to buy IPv4 guide walks through valuation, due diligence, and RIR transfer. RPKI setup is the next step for securing your block.

What Sellers Should Do

If you are selling IPv4 in the RIPE region:

  1. Communicate ROA status to the buyer. Let them know if a ROA exists and when you’ll remove it.
  2. Coordinate timing. Remove your ROA close to when the buyer will create theirs to minimize gaps.
  3. Document the handover. Include RPKI status in transfer documentation.

Bottom Line

RPKI is not yet formally mandatory for RIPE transfers, but the practical reality is clear: networks that validate RPKI are growing, and blocks without valid ROAs may face reachability issues. Policy 2025-02 shows RIPE NCC’s continued investment in RPKI quality. Buyers and sellers in the RIPE region should treat ROA setup as standard practice for every transfer.

Frequently asked questions

Is RPKI required for RIPE IPv4 transfers?
Not yet mandatory, but strongly encouraged. RIPE NCC provides RPKI tools to all members, and industry momentum is pushing toward RPKI as standard practice for transfers.
What is RPKI in IPv4 transfers?
RPKI uses ROAs (Route Origin Authorizations) to verify that BGP announcements are authorized. Setting up RPKI during transfers ensures the new holder can announce the block securely.
What recent RIPE policies affect RPKI?
Policy 2025-02 addresses revocation of non-functional delegated RPKI Certificate Authorities, accepted October 2025 with implementation in Q1 2026. This shows RIPE NCC’s continued investment in RPKI infrastructure quality.
What should IPv4 buyers do about RPKI?
Plan for RPKI as part of your transfer. Create a ROA once you own the block. Our how to buy IPv4 guide covers acquisition; RPKI setup is the next step for security.
Does RPKI affect IPv4 prices?
RPKI adds setup work but does not change scarcity. Blocks with clean RPKI history may be slightly easier to deploy. Organized buyers and sellers who already use RPKI have smoother transfers.
The Real Cost of NOT Having IPv4: What Enterprises Learn Too LatePrivate Equity Enters IPv4: Investment Funds Buying Large IPv4 Portfolios