I second this. I used to be scared of possibly going offline during the security filter updates, but I was given the advice to first get IRR route objects behind everything already advertised and then publish ROAs. ARIN's process is pretty slick that it auto-associates new ROAs with existing IRR routes. Something to remember is that some of the larger tier providers only update their filter lists daily or bi-daily. ________________________________ From: Aaron Gould via NANOG <nanog@lists.nanog.org> Sent: Thursday, May 15, 2025 12:26 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Aaron Gould <aaron1@gvtc.com> Subject: rpki roa irr - i now believe ok ok, now I understand and am a believer! some of our address space was hijacked. i did the arin.net roa entries, and BAM-O... moments later, all my routes are validated and the erroneous hijacked routes are gone! love it wanted to share and emphasize to others, if you don't have your prefixes protected at your RIR (ARIN), do it. it only takes a few minutes. https://www.arin.net/resources/manage/rpki/roa_request/ https://youtu.be/cVftieOVn1M -- -Aaron _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/PRA2CQTR...