validation of small blocks when there is a covering ROA

[cwlumen]

Comparing the output from octorpki and routinator there is a difference in the number of valid entries that both tools create. Looking closer, It appears that anything with a prefix larger than /24 (25-32 for v4) is missing from the output octorpki output.

Nlnetalbs snippet... just a couple of examples to look at.

 { "asn": "AS22808", "prefix": "66.112.128.8/29", "maxLength": 29, "ta": "arin" },
 { "asn": "AS58139", "prefix": "188.93.241.224/29", "maxLength": 29, "ta": "ripe" },

Octorpki has matches for the larger blocks from the same AS

  prefix: 66.112.128.0/20
  prefix: 188.93.240.0/21

We have customers who want to create more specific entries for policy routing on our AS (where more specifics are allowed) or use DDoS services etc. These more specific blocks are not getting marked as valid in the current code. Is there a configuration option or something similar to permit these more specific routes? We are using versions v1.5.10.

[ties]

I think that the filter flag should change this behaviour. In contrast to the documentation, this just filters by prefix length:

    Filter        = flag.Bool("filter", true, "Filter out non accessible prefixes and duplicates")
...
    if s.Filter {
        roalist.Data = FilterInvalidPrefixLen(FilterDuplicates(roalist.Data))
    }

    roalist.Data = filterDuplicates(roalist.Data)

[ties]

I think that this default deserves changing, so #155. However octorpki probably needs more changes.