Tue, Nov 01, 2022 at 12:01:46PM -0400, Jon Lewis: > One danger with RPKI, is shooting yourself (or customers) in the foot by > creating too general a ROA. i.e. Suppose you have an ARIN /20. You have > a multihomed customer to whom you've assigned a /24 from your /20. You > create a ROA for the /20 saying your ASN is authorized to originate your > /20. Now that customer /24 has become an RPKI-invalid, and the customer > may find that their other provider is filtering their /24 advertisement.
ie: you must also create roa(s) for your bgp customer's more specific(s) of your aggregate.
