Mikrotik RouterOS v7 routing-filter

/routing/filter/num-list 

add list=BOGON-AS range=0 comment="RFC 7607"
add list=BOGON-AS range=23456 comment="RFC 4893 AS_TRANS"
add list=BOGON-AS range=64496-64511 comment="RFC 5398"
add list=BOGON-AS range=64512-65534 comment="RFC 6996"
add list=BOGON-AS range=65535 comment="RFC 7300"
add list=BOGON-AS range=65536-65551 comment="RFC 5398"
add list=BOGON-AS range=65552-131071 comment="Reserved"
add list=BOGON-AS range=4200000000-4294967294 comment="RFC 6996"

add list=BOGON-AS range=4294967294 comment="RFC 7300"
/routing/filter/rule 
add chain="GENERIC_PREFIX_LIST" rule="if (bgp-as-path [[:BOGON-AS:]]){ reject }"

/routing/filter/rule

add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==0.0.0.0/8 && dst-len >= 8 ){ reject; }" comment="RFC 1122 'this' network"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==10.0.0.0/8 && dst-len >= 8){ reject; }" comment="RFC 1918 private space"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==100.64.0.0/10 && dst-len >= 10){ reject; }" comment="RFC 6598 Carrier grade nat space"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==127.0.0.0/8 && dst-len >= 8){ rejecet; }" comment="RFC 1122 localhost"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==169.254.0.0/16 && dst-len >= 16){ reject; }" comment="RFC 3927 link local"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==172.16.0.0/12 && dst-len >= 12){ reject; }" comment="RFC 1918 private space"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==192.0.2.0/24 && dst-len >= 24){ reject; }" comment="RFC 5737 TEST-NET-1"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==192.88.99.0/24 && dst-len >= 24){ reject; }" comment="RFC 7526 6to4 anycast relay"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==192.168.0.0/16 && dst-len >= 16){ reject; }" comment="RFC 1918 private space"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==198.18.0.0/15 && dst-len >= 15){ reject; }" comment="RFC 2544 benchmarking"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==198.51.100.0/24 && dst-len >= 24){ reject; }" comment="RFC 5737 TEST-NET-2"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==203.0.113.0/24 && dst-len >= 24){ reject; }" comment="RFC 5737 TEST-NET-3"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==224.0.0.0/4 && dst-len >= 4){ reject; }" comment="multicast"
add chain=GENERIC_PREFIX_LIST rule="if ( afi ipv4 && dst==240.0.0.0/4 && dst-len >= 4){ reject; }" comment="reserved"

/routing/filter/rule

add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==::/8 && dst-len >= 8 ){ reject;}" comment="RFC 4291 IPv4-compatible, loopback, et al"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==0100::/64 && dst-len >= 64 ){ reject; }" comment="RFC 6666 Discard-Only"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==2001:2::/48 && dst-len >= 48 ){ reject; }" comment="RFC 5180 BMWG"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==2001:10::/28 && dst-len >= 28 ){ reject; }" comment="RFC 4843 ORCHID"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==2001:db8::/32 && dst-len >= 32 ){ reject; }" comment="RFC 3849 documentation"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==2002::/16 && dst-len >= 16 ){ reject; }" comment="RFC 7526 6to4 anycast relay"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==3ffe::/16 && dst-len >= 16){ reject; }" comment="RFC 3701 old 6bone"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==fc00::/7 && dst-len >=7 ){ reject; }" comment="RFC 4193 unique local unicast"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==fe80::/10 && dst-len >= 10){ reject; }" comment="RFC 4291 link local unicast"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==fec0::/10 && dst-len >= 10){ reject; }" comment="RFC 3879 old site local unicast"
add chain="GENERIC_PREFIX_LIST" rule="if ( afi ipv6 && dst==ff00::/8 && dst-len >= 8) { reject; }" comment="RFC 4291 multicast"

/routing/filter/rule

add chain="GENERIC_PREFIX_LIST" rule="set bgp-local-pref 115;"
add chain="GENERIC_PREFIX_LIST" rule="append bgp-communities <your ASN>:<peer ASN>;"
add chain="GENERIC_PREFIX_LIST" rule="accept"

/routing/filter/rule 

add chain="GENERIC_PREFIX_LIST" rule="if (bgp-communities includes graceful-shutdown) { set bgp-local-pref 0; }"

/routing/filter/rule

add chain="GENERIC_PREFIX_LIST" rule="if (bgp-path-len >= 100 ){ reject }"

/routing/filter/num-list

add list="TRANSIT_ASNS" range=174 comment="Cogent" 
add list="TRANSIT_ASNS" range=701 comment="UUNET" 
add list="TRANSIT_ASNS" range=1299 comment="Telia" 
add list="TRANSIT_ASNS" range=2914 comment="NTT Ltd." 
add list="TRANSIT_ASNS" range=3257 comment="GTT Backbone" 
add list="TRANSIT_ASNS" range=3320 comment="Deutsche Telekom AG (DTAG)" 
add list="TRANSIT_ASNS" range=3356 comment="Level3" 
add list="TRANSIT_ASNS" range=3491 comment="PCCW" 
add list="TRANSIT_ASNS" range=4134 comment="Chinanet" 
add list="TRANSIT_ASNS" range=5511 comment="Orange opentransit" 
add list="TRANSIT_ASNS" range=6453 comment="Tata Communications" 
add list="TRANSIT_ASNS" range=6461 comment="Zayo Bandwidth" 
add list="TRANSIT_ASNS" range=6762 comment="Seabone / Telecom Italia" 
add list="TRANSIT_ASNS" range=6830 comment="Liberty Global"
add list="TRANSIT_ASNS" range=7018 comment="AT&T"  

/routing/filter/rule 

add chain="NO-TRANSIT-IN" rule="if (bgp-as-path [[:TRANSIT_ASNS:]]){ reject }"

/routing/rpki

add address=172.65.0.2 group=rpki-validator port=8282

/routing/filter/rule

add chain="GENERIC_PREFIX_LIST" rule="rpki-verify rpki-validator"
add chain="GENERIC_PREFIX_LIST" rule="if (rpki invalid){ reject }"

/routing/filter/rule

add chain="GENERIC_PREFIX_LIST" rule="if (afi ipv4 && dst-len > 24){ reject }"
add chain="GENERIC_PREFIX_LIST" rule="if (afi ipv4 && dst-len < 7){ reject }" 
add chain="GENERIC_PREFIX_LIST" rule="if (afi ipv6 && dst-len > 48){ reject }"
add chain="GENERIC_PREFIX_LIST" rule="if (afi ipv6 && dst-len < 15){ reject }"