On 2024-02-12 18:12, Job Snijders wrote:
On Mon, Feb 12, 2024 at 05:01:35PM -0600, Richard Laager wrote:
On 2024-02-12 15:18, Job Snijders via NANOG wrote:
On Mon, Feb 12, 2024 at 04:07:52PM -0500, Geoff Huston wrote:
I was making an observation that the presentation material was referring to "RPKI-Invalid" while their implementation was using "ROA-Invalid" There is a difference between these two terms, as I'm sure you're aware.
I'm sure Job is aware, but I'm not. Anyone want to teach me the difference?
... more good explanation snipped ...
A ROA can be invalid (for example, because its X.509 EE certificate expired); a BGP route can be invalid (because no valid RPKI ROA attest that the route could originate from the ASN at hand), and an IRR object can be invalid (because no Valid ROA attest the route object's "origin:" could originate the prefix at hand).
Thanks! This makes perfect sense now that you say it. I just wasn't seeing it immediately before. I figured best to ask and learn something. :) -- Richard