Re: [Nanog] BGPMon RPKI Validation Failed (Code: 9)

[Andree Toonk <andree+nanog () toonk nl>]

Hi Michel,

it looks likes you have RPKI validation enabled for this prefix in
BGPmon.net.
This will tell BGPmon to run the RPKI validation checks for the prefix
and alert you if there's no valid ROA found.

This bgpmon alert below is from July 20 which was right around the time
the ROA was created, so I'm guessing the ROA hadn't fully propagated or
rsync'd with our systems yet.

Either way the BGPmon systems considers this prefix as RPKI valid now
and it looks like these alerts have stopped for you:

$ whois -h whois.bgpmon.net 216.230.25.0/24


Prefix:              216.230.25.0/24
Prefix description:  Created by CCI on behalf of TSI Semiconductors
Country code:        US
Origin AS:           14051
Origin AS Name:      Consolidated Communications, Inc.
*RPKI status:         ROA validation successful*
First seen:          2018-04-24
Last seen:           2018-08-01


Little known but handy feature to get all ROA details from the CLI:

$ whois -h whois.bgpmon.net " --roa 14051 216.230.25.0/24"

*0 - Valid*
------------------------
ROA Details
------------------------
Origin ASN:       AS14051
Not valid Before: 2018-07-19 04:00:00
Not valid After:  2028-07-19 04:00:00  Expires in
9y350d22h43m31.3999999761581s
Trust Anchor:     rpki.arin.net
Prefixes:         216.230.25.0/24

Ping me directly for any follow up questions

Cheers
 Andree (BGPmon)


My secret spy satellite informs me that Michel Py wrote On 2018-08-02,
1:27 PM:
> Hi Nanog,
>
> I received recently some of these messages, and I don't understand the logic of them.
> If there is no ROA found, the code should be 1, and the status unknown / not found.
> What is the logic behind getting a Validation failure if there is no ROA ?
>
> Please help RPKI n00b,
> Thanks.
>
>
> ====================================================================
>
> RPKI Validation Failed (Code: 9)
>
> ====================================================================
>
> Your prefix:          216.230.25.0/24:
>
> Prefix Description:   TSI Semiconductors
>
> Update time:          2018-07-20 00:10 (UTC)
>
> Detected by #peers:   4
>
> Detected prefix:      216.230.25.0/24
>
> Announced by:         AS14051 (Consolidated Communications, Inc.)
>
> Upstream AS:          AS2914 (NTT America, Inc.)
>
> ASpath:               25291 2914 14051
>
> Alert details:        https://portal.bgpmon.net/alerts.php?details&alert_id=82315862
>
> Mark as false alert:  https://portal.bgpmon.net/fp.php?aid=82315862
>
> RPKI Status:          No ROA found
>
> TSI Disclaimer:  This message and any files or text attached to it are intended only for the recipients named above 
> and contain information that may be confidential or privileged. If you are not the intended recipient, you must not 
> forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you 
> have received this message in error, please notify the sender immediately by replying to this message, and then 
> delete all copies of it from your system. Thank you!...