Global Prefix/Origin Validation using RPKI

The graph above represents the daily snapshot of validation results for unique Prefix/Origin pairs.

The Prefix/Origin pairs are extracted from BGP table dumps from the RouteViews Oregon Collector. The table dumps are collected 3 times per day, every 8 hours. The union of all unique Prefix/Origin pairs observed in a given day is validated against the global RPKI using the algorithm described in [RFC 6811].

As described in RFC 6811, Prefix/Origin validation results in one of three outcomes: 'not found', 'valid', and 'invalid'. The validation result 'not found' is also known as 'unknown' [RFC 6483].

The graph below depicts the history of daily validation results for unique Prefix/Origin pairs.

The graph below shows the validation results of unique IPv4 Prefix/Origin pairs in terms of address space in /24 equivalents (instead of the number of pairs as shown above).

The history graph will be included later. The graph below shows the above validation results over time.

The graph above represents the daily snapshot of the details of 'Invalid' unique Prefix/Origin pairs. The 'Invalid' [RFC 6811] Prefix/Origin pairs are further classified into the following four different categories [RFC 6907, Section 7.1]:

• Invalid:AS Covering ROA Prefix with maxLength Satisfied and AS Mismatch.
• Invalid:ML Covering ROA Prefix with maxLength Exceeded and AS Match.
• Invalid:ML-AS Covering ROA Prefixes, one (+) maxLength Exceeded and one (+) AS Mismatch.
• Invalid:AS-SET The origin AS could not be determined from the BGP update used to announce the prefix (i.e., because it contains an AS-SET), and a ROA covering the prefix exists.

The graph below depicts the history of the details of unique Prefix/Origin pairs that were 'Invalid'.

The graph below shows BGP Prefix/Origin pairs invalid due to the length (the categoriy of 'Invalid:ML' above) in terms of prefix length.

The graph below shows BGP Prefix/Origin pairs invalid due to origin AS in terms of prefix length (combined three categories above: 'Invalid:AS', 'Invalid:ML-AS and Invalid:AS-SET).

The graph above represents the daily snapshot of the details of 'Not Found' unique Prefix/Origin pairs. The 'Not Found' [RFC 6811] Prefix/Origin pairs are further classified into the following two different categories:

• Not Found:Simple Origin AS was determinable from the BGP update used to announce the prefix, and Covering ROA Prefix was not found.
• Not Found:AS-SET Origin AS could not be determined from the BGP update used to announce the prefix (i.e., because it contains an AS-SET), and Covering ROA Prefix was not found.

The graph below depicts the history of the details of unique Prefix/Origin pairs that were 'Not Found'.

25 Autonomous Systems with the most Prefixes VALID by RPKI

The graph below depicts the 25 autonomous systems based on the number of BGP originated prefixes valid by RPKI.

25 Autonomous Systems with the most Address Space VALID by RPKI

The graph below depicts the 25 autonomous systems by the size of address space (/24 equivalents) of BGP origination valid by RPKI.

25 Autonomous Systems with the most Prefixes INVALID by RPKI

The graph below depicts the 25 autonomous systems based on the number of BGP originated prefixes invalid by RPKI.

25 Autonomous Systems with the most Address Space INVALID by RPKI

The graph below depicts the 25 autonomous systems by the size of address space (/24 equivalents) of BGP origination invalid by RPKI.