I think it is better to show the full path when the enforce neighbor-as
check is on (which it is by default on ebgp sessions).
At least if it triggers it is easier to identify what is up.

-- 
:wq Claudio

Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
diff -u -p -r1.622 rde.c
--- rde.c	3 Feb 2024 00:11:34 -0000	1.622
+++ rde.c	13 Feb 2024 11:38:01 -0000
@@ -1434,10 +1434,17 @@ rde_update_dispatch(struct rde_peer *pee
 		    peer->conf.enforce_as == ENFORCE_AS_ON) {
 			fas = aspath_neighbor(state.aspath.aspath);
 			if (peer->conf.remote_as != fas) {
-				log_peer_warnx(&peer->conf, "bad path, "
-				    "starting with %s expected %u, "
+				struct ibuf abuf;
+				char *path;
+				ibuf_from_buffer(&abuf,
+				    state.aspath.aspath->data,
+				    state.aspath.aspath->len);
+				aspath_asprint(&path, &abuf);
+				log_peer_warnx(&peer->conf, "bad path %s, "
+				    "should start with %s, "
 				    "enforce neighbor-as enabled",
-				    log_as(fas), peer->conf.remote_as);
+				    path, log_as(peer->conf.remote_as));
+				free(path);
 				rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
 				    NULL);
 				goto done;