Closed AlexStorm1313 closed 4 months ago
Thanks for the PR.
Here are some additional evidence:
@digizeph Is my understanding correct that the prefixes are signed, but not checked by the ISP and is there a way to validate this yourself (locally)?
@digizeph Is my understanding correct that the prefixes are signed, but not checked by the ISP and is there a way to validate this yourself (locally)?
There are two parts for routing security with RPKI for an ISP:
AS15435 used to do both, i.e. sign its routes and filter RPKI invalid announcements. Now it stopped filtering invalid routes and only signs its prefixes.
For checking prefix signing status for any ASN, you can use Cloudflare Radar routing stats page: https://radar.cloudflare.com/routing/as15435?dateRange=7d
For checking RPKI invalid filtering, the check you did you do on isbgpsafeyet.com is the simplest way to do so. You can also check other public measurements to see results from different vantage points: https://stats.labs.apnic.net/rpki/AS15435
Hope this helps.
Update AS15435 from safe to unsafe. Potential proof: #745