BGP RPKI-Based Origin Validation on Export

Document Type Replaced Internet-Draft (individual)
Authors Randy Bush  , RĂ¼diger Volk  , Jakob Heitz 
Last updated 2019-12-01 (latest revision 2019-05-30)
Replaced by RFC 8893
Stream (None)
Intended RFC status (None)
Expired & archived
plain text htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-sidrops-ov-egress
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


A BGP speaker may perform RPKI origin validation not only on routes received from BGP neighbors and routes that are redistributed from other routing protocols, but also on routes it sends to BGP neighbors. For egress policy, it is important that the classification uses the effective origin AS of the processed route, which may specifically be altered by the commonly available knobs such as removing private ASs, confederation handling, and other modifications of the origin AS.


Randy Bush (
RĂ¼diger Volk (unknown-email-Ruediger-Volk)
Jakob Heitz (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)