Skip to content
This repository has been archived by the owner on Jul 15, 2021. It is now read-only.

RIPE-NCC/rpki-validator-3

Repository files navigation

! ************************************************************************************************
! From 1st July 2021 this project is no longer maintained!                                        
! There are no more security updates, RFCs or RIR policies being implemented.                     
! Please migrate to an alternative RPKI Relying Party software!                                   
! ************************************************************************************************

These are a number of actively maintained Open Source alternatives:

You can read more about archiving of the RIPE NCC RPKI Validator in our RIPE labs article


The latest version is 3.2. Feel free to give it a try using one of our builds:

Or follow the step-by-step installation instructions.

Changes in 3.2:

  • Strict validation by default as specified draft-ietf-sidrops-6486bis-03, however objects mentioned in the manifest are only checked against the SHA256 hash in the manifest. So objects that match the hash but are otherwise invalid or unrecognized do not cause the complete manifest to fail validation.
  • Validate manifest entry filenames against pattern [a-zA-Z_-]+.[a-z]{3}.
  • Automatically re-run validation when objects are about to expire.
  • Decrease bootstrap time.
  • Dependency updates and bug fixes.

Latest changes in 3.1:

  • Reduced CPU consumption by +-25%.
  • Improvements in memory consumption.
  • Prometheus endpoint on /metrics for both validator and rtr-server.

We keep a change log of changes that are relevant to our users and include this in the build.

More information on the RPKI Validator 3 project is documented in the wiki.