In its original statement on the deployment of the RPKI, the IAB strongly recommended the use of a single trust anchor, aligned with the root of the allocation hierarchy. That recommendation was based on the avoidance of unnecessary complexity.
Operational experience in deployment has caused the RIRs to conclude that the RPKI system would be less brittle using multiple overlapping trust anchors. This change is intended to make the system more robust in cases of transient operational failures in validation or transfers of number resources between RIRs.
The IAB’s primary motivation in putting forward its original statement was to encourage deployment and correct operation of the RPKI system. We believe that correct operation of the RPKI system can be achieved with multiple anchors, and that the RIRs have considered the impact of the complexity this requires in this update.
3 April 2018