On Sat, Dec 17, 2022 at 04:58:18PM -0800, Randy Bush wrote:
https://www.rfc-archive.org/getrfc?rfc=9092
and note that massimo has a collio toolset
Rpki-client (version 8.2 and higher) supports authenticating signed Geofeed data against the RPKI: First figure out the location of the Geofeed data (the above mentioned 'geofeed-finder' utility will do a better job searching at scale!): $ whois -h whois.ripe.net 2001:67c:208c::/48 | egrep 'inet6num|Geofeed ' inet6num: 2001:67c:208c::/48 remarks: Geofeed https://sobornost.net/geofeed.csv Then validate the embedded signature: $ sudo apt install rpki-client && sudo systemctl start rpki-client $ wget https://sobornost.net/geofeed.csv $ rpki-client -j -f geofeed.csv { "file": "geofeed.csv", "hash_id": "VOXBRdQpiyALlLRdo3OkLbLIY4PexRlci/0EM9Fc21U=", "type": "geofeed", "ski": "D4:05:34:DB:56:A6:4D:A2:ED:4D:EF:AD:A9:C1:31:DA:19:56:DC:A7", "cert_issuer": "/CN=caa805dbac364749b9b115590ab6ef0f970cdbd8", "cert_serial": "06", "aki": "CA:A8:05:DB:AC:36:47:49:B9:B1:15:59:0A:B6:EF:0F:97:0C:DB:D8", "aia": "rsync://rpki.ripe.net/repository/DEFAULT/yqgF26w2R0m5sRVZCrbvD5cM29g.cer", "valid_until": 1700930092, "records": [ { "prefix": "2001:67c:208c::/48", "location": "NL,NL-NH,Amsterdam,"} ], "validation": "OK" } Kind regards, Job