ASN 0 is used for this purpose. Look for the word "zero" in https://tools.ietf.org/html/rfc6907
Thanks, Jakob. > Date: Mon, 13 Jun 2016 17:53:45 -0500 (Central Sommerzeit) > From: Matthias Waehlisch <[email protected]> > To: Theodore Baschak <[email protected]> > Cc: NANOG Operators' Group <[email protected]> > Subject: Re: RPKI and offline routes > > Hi, > > the creation of a ROA does not require the announcement of the prefix. > Creation of a ROA, prefix announcement, and validation of the prefix are > decoupled. If you are the legitimate resource holder you can create a > ROA for this prefix (even if you don't advertise the prefix). As soon as > the prefix is advertised, third parties can validate based on the > created ROA. > > However, in case the hijacker is able to use the legitimate origin > ASN, the validation outcome would be valid. You would need to assign the > prefix to an ASN that cannot be hijacked or is dropped for other > reasons. (Or do BGPsec. ;) > > > Cheers > matthias > > On Mon, 13 Jun 2016, Theodore Baschak wrote: > > > Can RPKI be used with routes that are not being advertised at the moment? > > As in to sign a route that *could* be there, but is not there presently. > > > > There's been several BGP hijacks that I've followed closely that > > involved hijacking IP space as well as the ASN that would normally > > originate it. I'm wondering if having valid ROAs/RPKI would have > > helped in this case or not. > > > > > > Theodore Baschak - AS395089 - Hextet Systems > >
