This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] RtaCms not found
- Next message (by thread): [routing-wg] RtaCms not found
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Band
alexb at ripe.net
Fri Jul 1 10:12:49 CEST 2011
Hi Sebastian, On 30 Jun 2011, at 20:22, Sebastian Spies wrote: > Dear ripe list, > > I have setup a new RPKI test repository (as of the newest sidr drafts) and like to test it against the RIPE rpki-validator. However, issuing the following command, I get an error message: > > sspies at ux-sspies:~/rpki/validator-test$ ../../ripencc-rpki-validator/bin/certification-validator --top-down -e root.cer -vvvvv -p -o workdir > 14:09:03,295 ERROR RtaCms not found > > I assume, the validator expects a pre draft-ietf-sidr-ta-05 TA. Can you confirm this? If yes, do you plan to release a version, that allows post draft-ietf-sidr-ta-05 certificates and if yes, when? Yes, that is correct. You appear to be using an old version of our validator that was still expecting a TA-04 'External Trust Anchor' format. We have had newer versions that take the 'TA-05+ Trust Anchor Locator' format available for download for a while here: http://ripe.net/certification/validation It ships with a number of 'tal' files for the known RIR trust anchors, but you can also use it against your local repository. Provided that you generate a trust anchor locator file for it (use http://subvert-rpki.hactrn.net/rcynic/make-tal.sh). Use the '-t' option to make the validator use the trust anchor of your choice. For example, try running this to do a top down validation of the RIPE NCC ROA Repository and export to a csv file: guest37:bin alexb$ ./certification-validator -t ../tal/ripe-ncc-root.tal --prefetch rsync://rpki.ripe.net/repository/ --output-dir ~/validator/repo --roa-export ripencc.csv See the readme for more details, or let us know in case you need more info. Note: we plan to release a new version of the validator over the next few weeks. The new version is functionally similar to the current release, but is less tolerant of repositories not strictly following standards. The sources will also be easier to re-use by java developers looking to play around with rpki object validation, as we plan to expose the source libraries not just as a zip file, but through a repository that can be accessed by 'maven' -- a build tool commonly used in the java world. Cheers, Alex Band Product Manager -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/routing-wg/attachments/20110701/8a9f4898/attachment.html>
- Next message (by thread): [routing-wg] RtaCms not found
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]