I started playing with RPKI ASPA on a test ASN, and was confused about
what role I needed to mark my upstreams as.  Originally, I marked them
as "role provider", thinking I needed to describe their relationship to
me.  However, that resulted in the entire internet becoming invalid.  The
setting expects the other way around, my relationship to them.

I'm open to wordsmithing, but I do think that this needs to be
clarified.

OK?


Index: usr.sbin/bgpd/bgpd.conf.5
===================================================================
RCS file: /cvs/openbsd/src/usr.sbin/bgpd/bgpd.conf.5,v
diff -u -p -u -p -r1.251 bgpd.conf.5
--- usr.sbin/bgpd/bgpd.conf.5	7 Jul 2025 20:56:48 -0000	1.251
+++ usr.sbin/bgpd/bgpd.conf.5	4 Dec 2025 20:40:09 -0000
@@ -1545,7 +1545,7 @@ Bind the neighbor to the specified RIB.
 Set the local role for this eBGP session.
 Setting a role is required for ASPA verification, the open policy role
 capability and Only-To-Customer (OTC) attribute of RFC 9234.
-The role can be one of
+The role is your relationship to this neighbor and can be one of
 .Ar none ,
 .Ar provider ,
 .Ar customer ,


-- 
Murphy's Law is recursive.  Washing your car to make it rain doesn't
work.