This work addresses the vulnerability of the current RPKI infrastructure to quantum attacks due to its reliance on RSA cryptography, while acknowledging that naively adopting post-quantum signatures such as Falcon or ML-DSA incurs prohibitive increases in key and signature sizes, thereby inflating bandwidth consumption and validation overhead. To overcome this, the authors propose pqRPKI, a novel framework that introduces a multi-layer Merkle Tree Ladder structure to shift verification material from certificates to Manifests, re-engineering the RPKI manifest and delegation chain to enable top-down differential localization and bottom-up tree reconstruction. The design maintains backward compatibility, supports incremental deployment, and enables efficient batch validation. Experimental results demonstrate a 65.5%–83.1% reduction in repository size (averaging 546.8 MB), full validation in 102.7 seconds, end-to-end update latency of 118.3 seconds, and only 3.4% overhead in dual-stack deployment.

The Resource Public Key Infrastructure (RPKI) secures Internet routing by binding IP prefixes to authorized Autonomous Systems, yet its RSA foundations are vulnerable to quantum adversaries. A naive swap to post-quantum (PQ) signatures (eg Falcon) is a poor fit for RPKI's bulk model: every relying party (RP) repeatedly fetches and validates the entire global repository, so larger keys and signatures inflate bandwidth and CPU cost, especially during a long dual-stack transition. We present pqRPKI , a post-quantum RPKI framework that pairs a multi-layer Merkle Tree Ladder (MTL) with RPKI objects, customized to relocate per-object verification material from certificates into the Manifest. To update RPKI for Merkle tree based schemes, pqRPKI redesign the RPKI manifest and delegation chain, introduces a ladder-guided sync and bulk-verification workflow that lets validators localize diffs top-down and rebuild trees bottom-up. pqRPKI also preserves current RPKI objects and encodings, supports both hosted and delegated operation, and provides an additive migration path that coexists with today's trust anchors for dual-stack deployment with little size overhead. Implemented as a working publication point (PP) and RPs, we show that pqRPKI reduces repository footprint to 546.8 MB on average (65.5%/83.1% smaller than Falcon/ML-DSA), cuts full-cycle validation to 102.7 s, and achieves 118.3 s end-to-end PP to Router time, enabling sub-2-minute operating cadences with full-repository validation each cycle. Dual-stack deployment with RSA only adds just 3.4% size overhead versus today's RPKI repositories.