It worked for me. A portion of my address space was being advertised from an ISP in Africa… I quickly learned about ARIN RPKI ROA, did it, and within about 10 minutes the wrong routes was gone from looking glass/route servers and suddenly all my ARIN-assigned prefixes showed as “validated” and green.
I’m wondering how this works. Do SP’s have some sort of api or bgp session with a rpki database at ARIN? I mean this all must be linked to gather somehow for it to work as nicely as it did. Aaron > On May 17, 2025, at 3:23 PM, Randy Bush via NANOG <[email protected]> > wrote: > > >> >> If the goal of someone were to hijack your routing, they could >> (should) announce it using your ASN and thus it would still be RPKI >> valid? > > ROV is not a serious security mechanism. it also does not wash your > car. it is meant to deter mis-originations. it seems to work. > > randy > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/VCU3LBDGVTEFTRQ3L7SV4DWUTGBZ26V2/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/PA3RR4CP6ACMETPQNRZLPSMYTGUL4NVR/
