<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Dear colleagues,<div class=""><br class=""></div><div class=""> <div class="page" title="Page 2"> <div class="section"> <div class="layoutArea"> <div class="column"><p class="">Security is always high on our list of priorities for RPKI. Every year, we ask an external party to carry out a security audit of our RPKI systems. This is the first year that we are publishing the security report, in an effort to increase transparency and trust in the RPKI system. </p><p class="">Please note that the report also listed several recommendations that should be included in a penetration test. These recommendations have been redacted from the original report, as we will include them in the penetration test scheduled for June 2021. Also, some comments about the proprietary software for the Hardware Security Module have been redacted. </p></div></div><div class="layoutArea"><div class="column"> </div> </div> </div> </div></div><div class="">On <a href="https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/security-and-compliance" class="">https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/security-and-compliance</a> you will now find the RFC compliance report written by Radically Open Security in 2020 and our response to their findings. </div><div class=""><br class=""></div><div class="">We hope you will find these reports useful, and we look forward to your feedback.</div><div class=""><br class=""></div><div class="">Kind regards,</div><div class="">Nathalie Trenaman</div><div class="">Routing Security Programme Manager</div><div class="">RIPE NCC</div></body></html>