Hi,
here my config :
/ip address add address=10.1.1.2/24 interface=ether1
/ip address add address=10.2.2.2/24 interface=ether2

/ip route vrf add disabled=no routing-mark=cust-one route-distinguisher=1.1.1.1:111 \
export-route-targets=1.1.1.1:111 import-route-targets=1.1.1.1:111 interfaces=ether1

/ip route vrf add disabled=no routing-mark=cust-two route-distinguisher=2.2.2.2:222 \
export-route-targets=2.2.2.2:222 import-route-targets=2.2.2.2:222 interfaces=ether2

I connected a laptop a port eth1, with ip address=10.1.1.1/24 with 10.1.1.2 as gateway.
I can ping 10.1.1.2, that's fine.
But I can ping 10.2.2.2 too !!

Traffic is not supposed to be restricted too cust-one ?

Thanks for you help.

You can ping all addresses that are set on router, but the rest of 10.2.2.0/24 network will not be reachable.

thanks for answering.

Any chance to block this traffic ?

Currently yu can block it with firewall rules