BGP Prefix Origin Validation
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
P. Mohapatra, J. Scudder, D. Ward, R. Bush, R. Austein · 2013-01
Abstract
RFC 6811 specifies how BGP speakers perform Route Origin Validation (ROV) using the RPKI. It defines a new BGP path attribute (ORIGINATOR_VALIDATION_STATE) and describes the validation states—Valid, Invalid, and NotFound—that result from comparing a BGP UPDATE's origin AS and prefix against the validated ROA cache obtained from RPKI relying-party software.
Why This RFC Matters
RFC 6811 translates the RPKI framework into concrete BGP router behavior, specifying exactly how validation state is computed and how it can influence route selection policy. The three-state model (Valid/Invalid/NotFound) gives operators flexibility: strict deployments reject Invalid routes outright, while more conservative ones deprioritize them. This document, combined with RFC 6480 and RFC 6482, forms the operational foundation for RPKI-based BGP security deployments now running on thousands of routers globally.