RPKI isn't the whole picture. It's about validating ORIGIN-AS. The rest of IRR is still relevant when it comes to protecting the AS-PATH. Hijacked prefixes of the same size won't travel as far nowadays because of widespread adoption amongst the larger providers.
Eric ________________________________ From: Laszlo H via NANOG <[email protected]> Sent: Thursday, May 15, 2025 4:59 PM To: Aaron Gould via NANOG <[email protected]> Cc: Laszlo H <[email protected]> Subject: Re: rpki roa irr - i now believe If the goal of someone were to hijack your routing, they could (should) announce it using your ASN and thus it would still be RPKI valid? On 2025-05-15 16:26, Aaron Gould via NANOG wrote: > ok ok, now I understand and am a believer! > > some of our address space was hijacked. i did the arin.net roa > entries, and BAM-O... moments later, all my routes are validated and > the erroneous hijacked routes are gone! > > love it > > wanted to share and emphasize to others, if you don't have your > prefixes protected at your RIR (ARIN), do it. it only takes a few > minutes. > > https://www.arin.net/resources/manage/rpki/roa_request/ > > https://youtu.be/cVftieOVn1M > _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/KK57NLCHQE2O5KSEIKMWKC5KT2S4EX6Y/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/IOYCHS272LWCHG6B5W2U3PVE7IN6YHW7/
