ROAs
We sign ROAs for every originated prefix. Invalids are dropped at both route-servers and all bilateral sessions.
| prefix | origin | max-length | state |
|---|---|---|---|
| 198.51.100.0/24 | AS400142 | /24 | valid |
| 2001:db8:7ae::/48 | AS400142 | /48 | valid |
Validator
We run a Routinator validator alongside production. RPKI state is re-evaluated every 10 minutes and fed into BGP decision via validation-state extcommunity.
$ rpki-client -v
198.51.100.0/24 AS400142 maxlen=24 valid
2001:db8:7ae::/48 AS400142 maxlen=48 valid
rpki-client: OK (2 ROAs, 0 invalid)