Perhaps I am naive, but I assumed one would validate RPKI on the eBGP edge and simply reject INVALID routes. Why would one want to accept INVALID at all? If we agree one would reject INVALID, then what is left to tag? -- Richard