Hi Sasha,
However, right now, this will not result in an immediate loss of routing for the prefix(es) concerned. With an rpki implementation where the NCC is the trust root and validation is pretty much automatic, it can and will.
As I tried to explain to you in previous replies: it is up to the network operators to decide what they will and will not route. It is definitely not automatic. [REF1]: Routing is decided by network operators. RPKI is a tool they can use, nothing is imposed, the operator remains the authority for his/her own network.
To put it in 2 sentences:
1) I don't want a top-down hierarchy imposed on the DFZ, and in its current form this is what rpki certs + ROAs will do.
See [REF1]
2) I don't want the NCC (or the ITU or anyone else, for that matter) to be the singular Routing Authority for the entire service region.
See [REF1]
In random order: http://www.ripe.net/lir-services/resource-management/certification/router-co... http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/command/bgp-m1.html#... http://lacnic.net/documentos/lacnicxv/rpki/2BGP-Origin-Validation.pdf http://m.apnic.net/__data/assets/pdf_file/0008/38258/RPKI_Deployment_LACNIC.... http://www.juniper.net/techpubs/en_US/junos12.2/topics/topic-map/bgp-origin-...
And from http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/...: "You can allow an invalid prefix to be used as the BGP best path, even if valid prefixes are available. This is the default behavior."
OK, I concede it is not, currently, the default practice. It would be pretty insane too, given that verification is barely implemented anywhere and if it is it's probably not in production...
I'm not the one claiming "There may not be a default *yet*, but there will be". *You* claim to see the future -> *you* provide evidence.
I didn't claim to see the future, but I still think, once widely deployed, invalid or missing ROAs will be dropped - it would be reasonable, seeing as a (hijacked) longer prefix should still win over a shorter one with better localpref. Easiest way to avoid this is to just drop the invalid one.
Again, this depends on what the network operator wants. The operator writes routing policy / route maps / etc. See [REF1]. Cheers, Sander