RTRlib Command Line Tools

The RTRlib software package includes two lightweight command line tools to showcase some of the RTRlib features. rtr-client connects to an RPKI cache server, fetches and maintains the valid ROA payloads, and prints the received data. rpki-rov allows to verify whether an autonomous system is the legitimate origin AS of an IP prefix, based on RPKI data.

If you want to use these command line tools, you need an RPKI-RTR connection to an RPKI cache server (e.g., Routinator). For those who do not have access to a cache server, we provide a public cache with hostname rpki-validator.realmv6.org and port 8282.

RTRlib RTR Client

rtrclient is part of the default RTRlib software package. This command line tool connects to an RPKI cache server and prints the received valid ROA payloads to standard out.

To establish a connection to RPKI cache servers, the client can use TCP or SSH transport sockets. To run the program you have to specify the transport protocol as well as the hostname and port of the RPKI cache server; additionally you can set several options. To get a complete reference over all options for the command simply run rtrclient in a shell.

Listing 11 shows how to connect the rtrclient to a cache server as well as 10 lines of the resulting output. It shows IPv4 and IPv6 prefixes secured by ROAs, the allowed prefix lengths, and the legitimate origin AS numbers. Each line represents either a ROA that was added (+) or removed (-) from the selected RPKI cache server. The RTRlib client will receive and print such updates until the program is terminated, i.e., by ctrl + c.

Listing 11 Output of the rtrclient tool.
rtrclient tcp -k -p rpki-validator.realmv6.org 8282
Prefix                                     Prefix Length         ASN
+ 89.185.224.0                                19 -  19        24971
+ 180.234.81.0                                24 -  24        45951
+ 37.32.128.0                                 17 -  17       197121
+ 161.234.0.0                                 16 -  24         6306
+ 85.187.243.0                                24 -  24        29694
+ 2a02:5d8::                                  32 -  32         8596
+ 2a03:2260::                                 30 -  30       201701
+ 2001:13c7:6f08::                            48 -  48        27814
+ 2a07:7cc3::                                 32 -  32        61232
+ 2a05:b480:fc00::                            48 -  48        39126

RTRlib ROV Validator

rpki-rov is also part of the RTRlib software package. This simple command line interface allows to verify whether an autonomous system is allowed to announce a specific IP prefix, based on data received from an RPKI cache server.

To run the program, you must provide two parameters, hostname and port of a known RPKI cache server. Then, you can interactively validate IP prefixes by typing prefix, prefix length, and origin ASN separated by spaces. Press ENTER to run the validation. The result will be shown instantly below the input.

Note

rpki-rov can validate IPv4 and IPv6 prefixes by default.

Listing 12 shows the validation results of all RPKI-enabled RIPE RIS beacons. The output consists of three columns, which are separated by pipes (|):

<input query> | <ROAs> | <validation result>.

The validation results are 0 for valid, 1 for not found, and 2 for invalid.

In case of a valid and invalid prefix-AS pair, the output shows the matching ROAs for the given prefix and AS number. If multiple ROAs for a prefix exist, they are listed in a row separated by commas (,).

Listing 12 Output of rpki-rov showing validation results of multiple prefixes.
rpki-rov rpki-validator.realmv6.org 8282
93.175.146.0 24 12654
93.175.146.0 24 12654|12654 93.175.146.0 24 24|0
2001:7fb:fd02:: 48 12654
2001:7fb:fd02:: 48 12654|12654 2001:7fb:fd02:: 48 48|0
93.175.147.0 24 12654
93.175.147.0 24 12654|196615 93.175.147.0 24 24|2
2001:7fb:fd03:: 48 12654
2001:7fb:fd03:: 48 12654|196615 2001:7fb:fd03:: 48 48|2
84.205.83.0 24 12654
84.205.83.0 24 12654||1
2001:7fb:ff03:: 48 12654
2001:7fb:ff03:: 48 12654||1