RTRlib Command Line Tools¶
The RTRlib software package includes two lightweight command line tools to
showcase some of the RTRlib features.
rtr-client connects to an RPKI
cache server, fetches and maintains the valid ROA payloads, and prints the
rpki-rov allows to verify whether an autonomous system
is the legitimate origin AS of an IP prefix, based on RPKI data.
If you want to use these command line tools, you need an RPKI-RTR
connection to an RPKI cache server (e.g., Routinator). For those who do not
have access to a cache server, we provide a public cache with hostname
rpki-validator.realmv6.org and port
RTRlib RTR Client¶
rtrclient is part of the default RTRlib software package. This command
line tool connects to an RPKI cache server and prints the received valid
ROA payloads to standard out.
To establish a connection to RPKI cache servers, the client can use TCP
or SSH transport sockets. To run the program you have to specify the
transport protocol as well as the hostname and port of the RPKI cache
server; additionally you can set several options. To get a complete
reference over all options for the command simply run
rtrclient in a
Listing 1 shows how to connect the
rtrclient to a cache
server as well as 10 lines of the resulting output. It shows IPv4 and IPv6
prefixes secured by ROAs, the allowed prefix lengths, and the legitimate
origin AS numbers. Each line represents either a ROA that was added
+) or removed (
-) from the selected RPKI cache server. The RTRlib
client will receive and print such updates until the program is terminated,
ctrl + c.
rtrclient tcp -k -p rpki-validator.realmv6.org 8282 Prefix Prefix Length ASN + 18.104.22.168 19 - 19 24971 + 22.214.171.124 24 - 24 45951 + 126.96.36.199 17 - 17 197121 + 188.8.131.52 16 - 24 6306 + 184.108.40.206 24 - 24 29694 + 2a02:5d8:: 32 - 32 8596 + 2a03:2260:: 30 - 30 201701 + 2001:13c7:6f08:: 48 - 48 27814 + 2a07:7cc3:: 32 - 32 61232 + 2a05:b480:fc00:: 48 - 48 39126
RTRlib ROV Validator¶
rpki-rov is also part of the RTRlib software package.
This simple command line interface allows to verify whether an autonomous
system is allowed to announce a specific IP prefix, based on data received
from an RPKI cache server.
To run the program, you must provide two parameters,
port of a known RPKI cache server. Then, you can interactively validate
IP prefixes by typing
prefix length, and
separated by spaces. Press
ENTER to run the validation. The result
will be shown instantly below the input.
rpki-rov can validate IPv4 and IPv6 prefixes by default.
<input query> | <ROAs> | <validation result>.
The validation results are
0 for valid,
1 for not found, and
2 for invalid.
In case of a valid and invalid prefix-AS pair, the output shows the
matching ROAs for the given prefix and AS number. If multiple ROAs for a
prefix exist, they are listed in a row separated by commas (
rpki-rov rpki-validator.realmv6.org 8282 220.127.116.11 24 12654 18.104.22.168 24 12654|12654 22.214.171.124 24 24|0 2001:7fb:fd02:: 48 12654 2001:7fb:fd02:: 48 12654|12654 2001:7fb:fd02:: 48 48|0 126.96.36.199 24 12654 188.8.131.52 24 12654|196615 184.108.40.206 24 24|2 2001:7fb:fd03:: 48 12654 2001:7fb:fd03:: 48 12654|196615 2001:7fb:fd03:: 48 48|2 220.127.116.11 24 12654 18.104.22.168 24 12654||1 2001:7fb:ff03:: 48 12654 2001:7fb:ff03:: 48 12654||1