From ab394a2ad3e121124c7816c2a16b1316214ad916 Mon Sep 17 00:00:00 2001
From: Quantum <quantum2048@gmail.com>
Date: Tue, 26 Sep 2023 21:07:17 -0400
Subject: [PATCH] Document RPKI

---
 README.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/README.md b/README.md
index 90e8572..99a0597 100644
--- a/README.md
+++ b/README.md
@@ -238,6 +238,29 @@ used by downstreams:
 5. Create a cron job that runs `make-irr-filter` followed by `birdc configure`.
    Daily is a reasonable cadence.
 
+## RPKI filtering
+
+While this filter library implements RPKI, you still need to populate the
+`rpki4` and `rpki6` routing tables via an `rpki` protocol in `bird`. Otherwise,
+all routes will be treated as RPKI unknown. This can be configured as follows:
+
+```
+protocol rpki {
+    roa4 { table rpki4; };
+    roa6 { table rpki6; };
+    transport tcp;
+    remote "127.0.0.1" port 9001;
+    retry keep 90;
+    refresh keep 900;
+    expire keep 172800;
+}
+```
+
+The example above assumes you are running the RTR protocol on `127.0.0.1:9001`.
+This may be provided by something like Routinator, `rtrtr`, `gortr`, or
+something similar. I recommend using `rtrtr` to pull a JSON feed from someone's
+Routinator instance over HTTPS.
+
   [pv]: https://pathvector.io/
   [filter]: filter_bgp.conf
   [skeleton]: skeleton.conf