nanog mailing list archives

Re: rpki roa irr - i now believe

From: Aaron1 via NANOG <nanog () lists nanog org>
Date: Sat, 17 May 2025 16:54:28 -0500

It worked for me.  A portion of my address space was being advertised from an ISP in Africa… I quickly learned about 
ARIN RPKI ROA, did it, and within about 10 minutes the wrong routes was gone from looking glass/route servers and 
suddenly all my ARIN-assigned prefixes showed as “validated” and green.

I’m wondering how this works.  Do SP’s have some sort of api or bgp session with a rpki database at ARIN?  I mean this 
all must be linked to gather somehow for it to work as nicely as it did.

Aaron

On May 17, 2025, at 3:23 PM, Randy Bush via NANOG <nanog () lists nanog org> wrote:


If the goal of someone were to hijack your routing, they could
(should) announce it using your ASN and thus it would still be RPKI
valid?


ROV is not a serious security mechanism.  it also does not wash your
car.  it is meant to deter mis-originations.  it seems to work.

randy
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VCU3LBDGVTEFTRQ3L7SV4DWUTGBZ26V2/


_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/PA3RR4CP6ACMETPQNRZLPSMYTGUL4NVR/

Current thread:

rpki roa irr - i now believe Aaron Gould via NANOG (May 15)
- Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
  - Re: rpki roa irr - i now believe Aaron1 via NANOG (May 15)
    - Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
    - Re: rpki roa irr - i now believe Elmar K. Bins via NANOG (May 15)
- Re: rpki roa irr - i now believe Laszlo H via NANOG (May 15)
  - Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
  - Re: rpki roa irr - i now believe Job Snijders via NANOG (May 15)
  - Re: rpki roa irr - i now believe Randy Bush via NANOG (May 17)
    - Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)
    - Re: rpki roa irr - i now believe Randy Bush via NANOG (May 17)
    - Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)
    - Re: rpki roa irr - i now believe Tim Burke via NANOG (May 17)
- Re: rpki roa irr - i now believe Job Snijders via NANOG (May 17)
  - Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)