What is RPKI?

Resource Public Key Infrastructure (RPKI) was well explained by APNIC here

BKNIX provides the validated cache (ROA objects) implemented by RPKI Relying Party (RP) software called rcynic which is the part of RPKI toolkit 'rpki.net'
BGP Speakers can retrieve this information via 'rpki-rtr' which is described in [RFC6810].
Note that this communication is unencrypted.

Name IP address Protocol/Port
rpki.bknix.co.th 203.159.70.26 rpki-rtr (tcp:323)
2001:deb:0:4070::26 rpki-rtr (tcp:323)
Statistics
This statistics page can be found here


Config guide
Nokia (Alcatel-Lucent)
SROS:C-12.0.R6
configure
	router
        origin-validation
            rpki-session 203.159.70.26
            	port 323
                description "BKNIX (rpki.bknix.co.th)"
                no shutdown
            exit
            rpki-session 2001:deb:0:4070::26
            	port 323
                description "BKNIX (rpki.bknix.co.th)"
                no shutdown
            exit
        exit
Above setup tells the router to setup rpki-rtr with the validated cache only.
It can enable the validation process at the specific peer(s) or peer-group.
configure router
  bgp
    best-path-selection
      origin-validation-unusable		#Enable/Disable BGP routes which its origin validation state is invalid to be use or unuse in best best path selection.
    exit
    group "Peer AS"
      enable-origin-validation ipv4 ipv6        #Enable/Disable Origin Validation for the bgp family
    exit
  exit
exit

Cisco (IOS-XE)
IOS XE-3.5.0/15.1(3) or later
router bgp (your AS)
bgp rpki server tcp 203.159.70.26 port 323 refresh 60
!
address-family ipv4
  bgp bestpath prefix-validate allow-invalid     #Allow invalid routes to be considered for bestpath
  no bgp bestpath prefix-validate disable	 #Enable Origin Validation process
  exit-address-family
!
address-family ipv6
  bgp bestpath prefix-validate allow-invalid     #Allow invalid routes to be considered for bestpath
  no bgp bestpath prefix-validate disable	 #Enable Origin Validation process
  exit-address-family
!

Juniper (JUNOS)
Release 12.2 or later
routing-options {
  validation {
    group RPKI {
      session 203.159.70.26 {
        refresh-time 60;
        port 323;
      }
    }
  }
}
create your own policy How to manipulate received routes with different validation state.
policy-options {
    policy-statement BKNIX-RS-v4-IN {
    term valid {
      from {
        protocol bgp;
        validation-database valid;
      }
      then {
        validation-state valid;
        accept;
      }
    }
    term not-found {
      from {
        protocol bgp;
        validation-database unknown;
      }
      then {
        validation-state unknown;
        accept;
      }
    }
    term invalid {
      from {
        protocol bgp;
        validation-database invalid;
      }
      then {
        validation-state invalid;
        reject;						#To allow invalid route,use accept; instead
      }
    }
    then reject;
  }
}
...
then apply the configuration to peers
protocols {
  bgp {
    group BKNIX-RS {
      neighbor 203.159.68.68 {
        import BKNIX-RS-v4-IN;
      }
      neighbor 203.159.68.69 {
        import BKNIX-RS-v4-IN;
      }
      neighbor 2001:deb:0:68::68 {
        import BKNIX-RS-v6-IN;
      }
      neighbor 2001:deb:0:68::69 {
        import BKNIX-RS-v6-IN;
      }
    }
  }
}