Several months ago NLnet Labs committed to building a free open source RPKI toolset to help making BGP routing more secure. This project includes a Certificate Authority, allowing you to run a Delegated CA on your own systems as a child of one or more RIRs, a Publication Server that lets you publish RPKI material or let a third party do it on your behalf and lastly Relying Party software, in order to validate RPKI data and feed it to your routers.
I want to give you a little update on where we are now. Since kicking off this project, RIPE NCC and NIC.br have graciously committed to funding these efforts, ensuring we can dedicate full time resources on this in the coming years.
In the mean time, we’ve released (and then fixed :cough:) the first version of our Relying Party software. It’s designed to be super lean (as in, runs fine on a Pi Zero) and implements the basic set of functionality: fetching and validating RPKI data and exposing route origin attestations both as output (CSV, JSON, RPSL) and to routers via the RPKI-RTR protocol.
We’re very much looking forward to your operational feedback, to ensure this package runs well in a wide variety of environments. Going forward, we’ll be focussing on monitoring for the next release.
You can find the source code and further details on Github: