Look into your router OS of choice’s RPKI validation implementation — here’s a (somewhat dated) example for IOS-XR: https://archive.nanog.org/sites/default/files/Patel.pdf Routinator from NLnet Labs (https://www.nlnetlabs.nl/projects/routing/routinator/) is a great validation service/proxy/etc. to deploy on your local telemetry network, and have the routers pull from. On May 17, 2025, at 4:54 PM, Aaron1 via NANOG <nanog@lists.nanog.org> wrote: It worked for me. A portion of my address space was being advertised from an ISP in Africa… I quickly learned about ARIN RPKI ROA, did it, and within about 10 minutes the wrong routes was gone from looking glass/route servers and suddenly all my ARIN-assigned prefixes showed as “validated” and green. I’m wondering how this works. Do SP’s have some sort of api or bgp session with a rpki database at ARIN? I mean this all must be linked to gather somehow for it to work as nicely as it did. Aaron On May 17, 2025, at 3:23 PM, Randy Bush via NANOG <nanog@lists.nanog.org> wrote: If the goal of someone were to hijack your routing, they could (should) announce it using your ASN and thus it would still be RPKI valid? ROV is not a serious security mechanism. it also does not wash your car. it is meant to deter mis-originations. it seems to work. randy _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/VCU3LBDG... _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/PA3RR4CP...