Hello all,


I would like to use ROA filtering on my bird setup to reject invalid prefixes announced by my peers.

I know there is currently no easy way to bind bird to an RPKI validator, right?

I have to create a table in my conf file with
"roa table roa_table_name"

I have read (https://ripe65.ripe.net/presentations/191-BIRD-20120926-OF-RIPE-EIX.pdf) there is a way to populate dynamically this table.
How can I do that? "roa add" in cli?
Is there a way to flush the table?

I have also read (https://github.com/BIRD/bird/blob/master/filter/test.conf) I can use roa_check().

Can I do a filter like this?

 protocol bgp my_peer {
        local as 65000;
        neighbor 192.0.2.1 as 65001;
        import filter peer_in;
}

filter peer_in {
if roa_check(roa_table_name, net, bgp_path.last) = ROA_INVALID then reject;
accept;
}


Cheers!