Regarding BGP, it seems that the basic protocol and implementations are okay. ("No implementation allowed BGP OPENs with the wrong AS or from non-configured peer to reach BGP ESTABLISHED state—as a result, TCP spoofing is required to inject data", and when you can spoof TCP between routers ... it's probably too late anyway. In a peering scenario between ASes people either use a direct cable, a separate VLAN or other direct "transport", in a IXP the IXP operates a big switching fabric and the peers exchange traffic over that, but the BGP sessions use fixed IPs and basically they are fixed to switch ports, and even if currently not every IXP monitors the spoofing/abuse of those, it is easy and they should be doing so. Sure, the reality is always bleaker, but that's security. Maybe next-next-next gen will have crypto built in so far down the stack that without a shared secret no packets will flow. But then humans will just put the PSK on a bright sticker, or will continue to use "chang3me" for decades.)

The problems I heard with it is that Tier1 providers just can't really filter the routes they get from downstreams, as they'd have to know which Tier2 handles which prefixes for which clients and so on. Though I'm not convinced they are putting much effort into it, as it's easier to just plug in big Cisco boxes and set up peering with your core and your downstream customers and call it a day. (And setting up is always messy already, so it's sort of understandable that there are no easy and custom solutions for somehow verifying announcements from whatever databases.)