> If you need to protect a prefix that you don't advertise then put ASN > 0 into the ROA for it. Then nobody can advertise it.
not exactly. someone (with credentials) can issue a roa for the same prefix to as 42, and it will validate the origination. there can be many roas which match a single announcement; all it takes is one to be valid. randy _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
