How to use ROA/RPKI ?

Arnaud Fenioux afenioux at
Wed Apr 10 16:22:11 CEST 2013

Hello all,

I would like to use ROA filtering on my bird setup to reject invalid
prefixes announced by my peers.

I know there is currently no easy way to bind bird to an RPKI validator,

I have to create a table in my conf file with
"roa table roa_table_name"

I have read ( there
is a way to populate dynamically this table.
How can I do that? "roa add" in cli?
Is there a way to flush the table?

I have also read (
I can use roa_check().

Can I do a filter like this?

 protocol bgp my_peer {
        local as 65000;
        neighbor as 65001;
        import filter peer_in;

filter peer_in {
if roa_check(roa_table_name, net, bgp_path.last) = ROA_INVALID then reject;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Bird-users mailing list