diff --git a/hosts/dn42-ildix-clerie/configuration.nix b/hosts/dn42-ildix-clerie/configuration.nix
index be3142f..491c1ee 100644
--- a/hosts/dn42-ildix-clerie/configuration.nix
+++ b/hosts/dn42-ildix-clerie/configuration.nix
@@ -44,7 +44,23 @@
     };
   }
 
+  roa6 table r6;
+
+  protocol rpki {
+    debug all;
+
+    roa6 { table r6; };
+
+    remote fd81:edb3:71d8:ffff::20 port 8282;
+
+    retry keep 5;
+    refresh keep 30;
+    expire 600;
+  }
+
+
   filter import_dn42 {
+    if (roa_check(r6, net, bgp_path.last) = ROA_INVALID) then reject;
     if net ~ [fd81:edb3:71d8::/48{48,128}] then reject;
     if net ~ [fd00::/8{8,64}] then accept;
     reject;