Thanks Ondrej. I'm not fully understanding your first point. When doing a show route, I do indeed see only [?] for 185.186.206.0/24 - But is this view 'correct' ? Basically I'm trying to collect a list of ASNs originating invalids but if any of them have as-sets in them there is no easy way to check. I'd have to first find all invalids, then any invalid without an ASN do a second 'all' lookup to see which ASN was actually advertising that prefix.
As for the check, I wasn't aware that "roa_check(roa_v4)" alone would work but it looks good so I'll switch to that. Thanks! D On Mon, 15 Feb 2021 at 19:36, Ondrej Zajicek <[email protected]> wrote: > On Mon, Feb 15, 2021 at 06:51:18PM -0500, Darren O'Connor wrote: > > When checking ROAs, and the source ASN happens to have an AS-SET, bird > does > > not output the ASN itself. > > The output does not depend on filter expression (that is just used to > specify which routes to print, unless the filter explicitly modifies > routes). The output is (and is supposed to be) the same as the output > of 'show route' (for given table and network). > > Also note that using roa_check(.., bgp_path.last_nonaggregated) is > discouraged, proper RPKI check as defined ny appropriate RFCs is > done with roa_check(roa_v4, net, bgp_path.last), or just > roa_check(roa_v4). > > -- > Elen sila lumenn' omentielvo > > Ondrej 'Santiago' Zajicek (email: [email protected]) > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) > "To err is human -- to blame it on a computer is even more so." >
