Quality of ROAs in RPKI repositories

Daniele Iamartino danieleiamartino at gmail.com
Tue Feb 24 12:49:14 UTC 2015


Hi all,

As part of my master thesis and research work at IIJ, I've created a
page to monitor the "quality" of ROAs in all RIR's RPKI repositories.

http://rpki.me/quality.html

Overall, the ROAs are quite good. Of course there are problems: I found
out some ROAs which are very likely to be mis-registrations
and make several BGP announcements invalid.
On the page you can see the list of those ROAs, and the list of BGP
announcements related to each of them.

I would suggest to check if any of your prefixes are on this list.
These problems could be easily fixed by registering correct ROAs.

What I do is basically origin-validating BGP announcements that I find
in a RIB dump from LINX node of route-views, using ROAs taken from a
validated RPKI cache (using rcynic).

You can find other information on under the "what does this table mean?"
button.

I'm also keeping updated a page monitoring which DNS root servers have
their BGP announcements covered by a valid ROA:
http://rpki.me/dns.html


I would appreciate to hear any comment or suggestion.


Regards

-- 
Daniele Iamartino
Student at Politecnico di Milano, Italy



More information about the NANOG mailing list