RPKI for time.cloudflare.com IPv6

time.cloudflare.com (the NTP/NTS service) uses these IPs:

time.cloudflare.com has address
time.cloudflare.com has address
time.cloudflare.com has IPv6 address 2606:4700:f1::1
time.cloudflare.com has IPv6 address 2606:4700:f1::123

There is an ROA for, but there is none for 2606:4700:f1::/48. See e.g.:


While Cloudflare has over 200 unsigned routes, this one seems particularly concerning, since the NTP service is (unlike NTS) unauthenticated, and the IPs are seemingly not announced by every PoP, putting them at greater risk for hijacking.

Are there plans to sign that announcement?

Is there any news on this?

In the meantime, are there plans to correct Cloudflare’s public statements that all routes are signed?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.