RPKI Filter

[MrHamel]

Create an command line argument to require RPKI validation when generating the prefix list, to confirm the route(6) object's ASN can announce the prefix.

This may require the prefix to bypass the passed in arguments of "upto" and "le/ge" to maintain validity.

[cdavid14]

Maybe some cooperation with Krill (https://github.com/NLnetLabs/krill) to check and validate this prefixes

[job]

@MrHamel it is not entirely clear to me what you mean.

Can you provide (real) data in a user story to illustrate what should or should not happen?

[MrHamel]

A carrier can easily enforce RPKI as a requirement for a prefix to show up in the DFZ, at the time of turnup.

This idea would be opt-in with a command line argument, not default.

[job]

Can you show with mock-up data / cli output what you mean exactly?

[MrHamel]

Basically NTT IRR data with RPKI source data, but having the program do it's own validation when it's not using NTT data, or if someone is wearing a tinfoil hat.