APNIC Routing Security SIG at APRICOT 2026: Social Engineering, RPKI, ASPA, & TA Constraints

Indonesia’s RPKI rollout illustrates how coordinated policy and outreach can transform routing security in a short time frame. By mandating a drop‑invalid stance at the Indonesian Internet Exchange, more than 800 autonomous systems were compelled to publish valid ROAs, pushing national coverage from under 1% in 2021 to over 90% in 2026. This model provides a blueprint for other regional exchanges seeking to leverage market pressure rather than voluntary adoption, reinforcing the shift from "Connect First, Fix Later" to a security‑first mindset.

Beyond origin authentication, the SIG spotlighted Autonomous System Provider Authorization (ASPA) as a next‑generation tool for path validation. ASPA objects let a customer ASN cryptographically declare its preferred upstream provider, enabling routers to detect unauthorized AS‑PATH segments, route leaks, and valley‑free violations. Early deployments, such as the RIPE Dashboard integration, suggest ASPA could complement ROAs once validation logic is embedded in routing software. Parallel research like MESec demonstrates that similar security guarantees can be achieved with minimal exposure of peering relationships, addressing privacy concerns that have long hindered broader ASPA uptake.

Operational efficiency received equal attention with the introduction of the Erik synchronization protocol, designed to overcome rsync and RRDP bottlenecks in RPKI repository distribution. Erik reduces fetch serialization, cuts encoding overhead, and streamlines re‑initializations, promising faster propagation of trust anchors and state objects. Coupled with tighter TA constraints via signed state and transfer objects, these enhancements tighten the RPKI supply chain. Together, they raise the bar for defending against sophisticated attacks, including the social‑engineering hijack demonstrated in 2025, underscoring the need for layered defenses that combine origin, path, and infrastructure integrity.