Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Use RPKI data as if it were route-objects #19
RPKI can be used to do Origin Validation and reject invalid announcements, but RPKI can also be used in context of provisioning & creation of whitelists.
If we take as example http://irrexplorer.nlnog.net/search/126.96.36.199/24 - for this prefix there is no IRR route object, but there is a RPKI ROA which states what the authorised origin AS is and this matches what is observed in the DFZ. I'd prefer to accept such a prefix from AS neighbor 6939.
In other words, we should treat RPKI ROAs as if they are IRR route objects.
Implementation suggestion: we can use