Hi Stephane, NANOG –

Do the math for all pertained prefixes in the pastes, those 3 prefixes were just examples I had at hand, 
and the event is still of quite some significance. Albeit ROA-validating routers being an argument that 
extenuates probabilities and the ensuing effect, deployment of such still lacks, hence my mention of 
reaching levels of (random guess) 90% global visibility still, taken the attacker understands ROA.

It is certainly unlikely that networks that are known for rather puerile filtering, or lack of adequate filtering 
to filter the networks, so ultimately they will inevitably still transpire in the global tables. An impression 
emerges that commitment in resolving this incident lacks, apart from  the guys over at NTT which, 
from what I gathered, suspended their IRR account temporarily to prevent further damage. 

Cheers,
Florian Brandstetter
On 27. Jan 2020, 7:03 PM +0100, Stephane Bortzmeyer <bortzmeyer@nic.fr>, wrote:
On Sat, Jan 25, 2020 at 12:06:51AM +0100,
Florian Brandstetter <florianb@globalone.io> wrote
a message of 53 lines which said:

Examples of affected networks are:

193.30.32.0/23
45.129.92.0/23
45.129.94.0/24

Note that 193.30.32.0/23 has also a ROA (announces by 42198). So,
announces by AS8100 would be RPKI-invalid.

45.129.92.0/23 also has a ROA. Strangely, the prefix stopped being
announced on sunday 26.

45.129.94.0/24 has a ROA and is normally announced.

So, if AS8100 were to use its abnormal route objects , announces would
still be refused by ROA-validating routers.