New release: RPKI test weighs into Internet.nl score

January 28, 2025

As of today, the RPKI test is included in the total Internet.nl test score. This means that domain names that fail the RPKI test can no longer receive a 100% score. In addition, the RPKI test result for these domains will show a red cross icon. Don't forget to poke your hoster in case your domain name fails the RPKI test or any other test. Happy testing!

Why does RPKI get score impact?

More than two years ago, the RPKI test was added to the Internet.nl website and e-mail test. Since then, the RPKI test has not affected the total test score. However, at its introduction it was already announced that the RPKI test would receive scoring impact at a later date. By now, everyone has had ample time to implement RPKI and the usage of RPKI has grown tremendously in recent years. So now the time is more than ripe to include RPKI in the total test score.

How much is RPKI used?

The RPKI usage in the .nl zone has grown from about 68% in August 2022 to 88% in January 2025. The latest measurement "Application of Internet standards for corporate websites, 2023" by Statistics Netherlands (CBS) also showed an adoption rate of over 80%.

For Dutch governments RPKI is one of the mandatory open standards. In fact, an administrative agreement was made that all Dutch governments were required to implement RPKI by the end of 2024. In the related mid 2024 measurement by the Netherlands Standardisation Forum the RPKI adoption for government websites and e-mail had grown to 93% and 92%, respectively.

For more RPKI statistics, see the "usage statistics" section in the RPKI knowledge base. Please check the "Batch and dashboard" page if you want to regularly measure your domain portfolio yourself and collect statistics on it.

Why RPKI?

Resource Public Key Infrastructure (RPKI) is a technique that aims to prevent certain route leaks and hijacks. This concerns cases where Internet traffic is redirected to the systems of an unauthorized network.

Such a detour may be the result of a simple typing error by a network administrator who thereby unintentionally diverts Internet traffic. Or it may be the result of a targeted attack on the infrastructure of the Internet, for example, to make websites unreachable or to steal data from Internet users. A relevant Dutch example concerns an incident where a set of IP addresses belonging to the Ministry of Foreign Affairs was temporarily hijacked by a Bulgarian network operator in 2014.

How does the new score calculation work?

The score is evenly divided over all categories containing one or more required tests. So, currently the maximum score for the RPKI test category in both the website and mail test is 25%. For each RPKI test part (i.e. name servers, web The score is divided equally among all categories containing one or more required tests.servers, mail servers), the "existence" part counts 1/3 and the "validation" part counts 2/3.

In general the following calculation can be used to relate the new to the old score:

new_total_score (0-100%) = old_total_score (0-100%) / 1.33 + score_rpki (0-25%)

For more information on scoring see "Explanation of test report".

What else is important for reliable routing?

Internet.nl currently only checks the publication side and not the validation side. So, it does check for RPKI Route Origin Authorizations (ROA) but not for RPKI Route Origin Validation (ROV). We strongly recommend to also make sure that your network does RPKI ROV. This can be tested with tools like NLnet Lab's RPKI Webtest and Cloudflare's "Is BGP safe yet?" test.

Furthermore, the MANRS initiative provides important best practices for additional techniques, beyond RPKI, that make Internet routing more reliable.

If you want to learn more, also check out the training courses, webinars and e-learning courses on RPKI and BGP routing offered by RIPE NCC.

About Internet.nl

The test tool Internet.nl is an initiative of the Dutch Internet Standards Platform which is a collaboration of partners from the Internet community and the Dutch government. The aim of the platform is to jointly increase the use of modern Internet standards to make the Internet more accessible, safer and more reliable for everyone. The software code of Internet.nl is available under an open source license.

Release notes 1.9.0

1.9.0 (compared to latest 1.8) contains several testing changes, along with content improvements:

The RPKI test is now included in the total test score and its worst score is now a failure. Note that, as the score is evenly divided over all major categories, the score impact from each individual major category has been reduced. Therefore, scoring success on RPKI but fail on other tests, may result in a higher score than with 1.8. See the scoring documentation for details on the scoring algorithm.
Improvements in the null MX recommendation based on SPF values.
SPF test now correctly counts include/redirect for the 10 lookup limit.
DMARC test now detects a missing URI scheme.

Internal changes:

CI now detects missing or conflicting database migrations.
Many documentation improvements.
Improvements in customisability for forked versions.

For all issues, see the 1.9 milestone, though some of those were backported to 1.8 already.