The rpki part of frr allows to specify a source IP used to connect to the rpki validator cache server.
Would be nice if VyOS supports this like it does with NTP. For example, if you only want to whitelist on IP (for example loopback) on the firewall of the cache server or if this server is only accessible via a VRF.
I can try to create a pull request.