Skip to content
This repository has been archived by the owner on Jul 15, 2021. It is now read-only.

Home

Jump to bottom
Tim Bruijnzeels edited this page Jan 25, 2018 · 15 revisions

Welcome to the RIPE NCC RPKI Validator 3 beta tester page

Running the RPKI Validator

At RIPE NCC we are hard at work on the RIPE NCC RPKI Valdator 3. It is not quite ready for a public release yet, but if you want to help us beta test, keep reading! Please let me know what you think at tim_at_ripe.net

The easiest way to get started is by installing rpki-validator-3.noarch.rpm on a RH/Centos 7 test system as follows:

sudo rpm -i rpki-validator-3.noarch.rpm sudo systemctl enable rpki-validator-3 sudo systemctl start rpki-validator-3 You can monitor logs using:

journalctl -f -u rpki-validator-3 The validator has no UI at this point. We plan to have one by end of February. For now we just have a REST API. So be prepared for some clicking around! You can browse the documentation for this API at http://localhost:8080/swagger-ui.html#/. (or whatever your real hostname for your test machine is of course..)

By default the validator will have TAs installed for AFRINIC, APNIC, LACNIC, RIPE NCC, but not ARIN. You can add ARIN's TAL (or any other) by uploading files through the API here.

You can then download the validated ROAs as export.csv or export.json. The format of these files is the same as the format used in the RIPE NCC RPKI Validator 2.x. Note, however, that these files will be empty until validation for each Trust Anchors has been completed. Validation for a Trust Anchor is considered completed once all the repositories found in the hierarchy have been tried - in other words if a delegated CA is unavailable the validator will report 'ready' only once it has been tried. Subsequent validation runs will re-try these repositories automatically.

If you want to see a full list of all validated Trust Anchors, and all RPKI objects found, you can look here, if you're only interested in ROAs look here instead.

We are currently still working (or planning work) on the following:

UI - expected in February CLI - planned, but no ETA - please let me know if you want to help Local exceptions (SLURM) - planned for March Running the RTR Server

Install the rpki-rtr-server.noarch.rpm on a RH/Centos 7 test server

Clone this wiki locally