Updated vyos (markdown)

+##RPKI/ROA Checking

+###Setup RPKI Caching Server

+Burble has made this super easy. More info can be found [here](https://wiki.dn42/ROA-slash-RPKI) on this wiki. Get started by running the below command on a Linux server with Docker installed.

+

+`sudo docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082`

+

+This will start a docker container that listens on the host server's IP at port 8082. This setup is using Cloudflare's GoRTR and automatically reaching out and downloading a custom JSON file generated by Burble just for the DN42 network.

+

+###Point VyOS Router at RPKI Caching Server

+`set protocols rpki cache GoRTR address x.x.x.x`

+

+`set protocols rpki cache GoRTR port 8082`

+

+You can check the connection with `show rpki cache-connection` and the received prefix-table with `show rpki prefix-table`.

+

+###Create Route Map

+```

+set policy route-map DN42-ROA rule 10 action 'permit'

+set policy route-map DN42-ROA rule 10 match rpki 'valid'

+set policy route-map DN42-ROA rule 20 action 'permit'

+set policy route-map DN42-ROA rule 20 match rpki 'notfound'

+set policy route-map DN42-ROA rule 30 action 'deny'

+set policy route-map DN42-ROA rule 30 match rpki 'invalid'

+```

+This example allows all routes in unless they are marked invalid or in other words possibly been a victim of BGP hijacking.

+###Assign Route Map to Neighbor

+`set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map import DN42-ROA`

+`set protocols bgp 424242XXXX neighbor x.x.x.x address-family ipv4-unicast route-map export DN42-ROA`

+