Skip to content

@partim partim released this Nov 20, 2019 · 1 commit to master since this release

This release doesn’t introduce any new features but rather is a collection of bug fixes and minor improvements.


  • Added a --disable-rsync command line and disable-rsync configuration file option to, well, disable rsync. (#229)

Bug Fixes

  • Fall back to rsync data if RRDP data is missing in no-update mode. (This only caused trouble if you are fabricating a repository cache directory from rsync-only data.) (#223)
  • Try creating the parent directories before moving a file published via RRDP delta to its final location. This avoids regular fallback to snapshots. (#227)
  • Consider previously manipulated files when processing a sequence of multiple RRDP deltas. This avoids occasional fallback to snapshots. (#228)
  • Fixed a decoding error in manifests which caused certain manifests (which don’t seem to be existing in the wild currently) to be rejected. (via rpki-rs #78)
  • The /rpsl endpoint of the HTTP server accidentally produced CSV output. (#238)
  • Produce a formatting of the time elements of RPSL with a stable length. This will result in the RPSL output via the HTTP server to be correct and also decreases the size of the RPSL output by about twenty percent. (#243)

Other Changes

  • Suppressing debug log from some dependencies for stderr and file logging. (#224)
Assets 2

@partim partim released this Sep 12, 2019 · 51 commits to master since this release

This is a bug fix release that primarily fixes an issue in 0.6.0 where the serial number for RTR was not updated when new data became available resulting in RTR clients getting stuck with old data.


  • RRDP access statistics are now also shown in the /status HTTP endpoint. They were already part of the Prometheus metrics. (#218)

Bug Fixes

  • The RTR serial number was not increased when new data became available. (#215)

Other changes

  • The RRDP client will not complain if it can’t read a non-existing state file anymore as this is a completely normal situation. (#217)
Assets 2

@partim partim released this Sep 10, 2019 · 67 commits to master since this release

This release contains a bug in that leaves RTR clients stuck with old data. Please do not use this release if you are using Routinator with RTR and upgrade to 0.6.1 instead.

This release adds support for the RPKI Repository Delta Protocol (RRDP), an alternative method of fetching RPKI data that uses HTTPS instead of rsync. RRDP will speed up synchronisation for frequently updated repositories, for instance when Routinator is running in server mode. For the RRDP implementation, most of the internal logic of Routinator has been rewired. We used this opportunity for extensive refactoring and cleanup of the code base.

One user visible consequence is that the listeners for RTR and HTTP are now started immediately instead of waiting until after the first validation run. They still will report an error message until then, but at least you won’t
have to wonder whether something went wrong anymore.

Breaking Changes

  • Removed the rsync-count command line and configuration file option.
    This option is now unused as modules are now rsynced only when they are
    actually accessed. (#187)
  • The default value for refresh has been lowered to 600 seconds.
  • The refresh time placed in the RTR End-of-data PDU is now calculated
    from the time until the next validation run is expected to finish.
  • The listeners for RTR and HTTP in server mode are now started right away
    and report an error until the first validation has finished. (#203)


  • Routinator now supports RRDP for synchronizing repository content.
  • Restructured repository directory. The rsync data now lives in a
    sub-directory called rsync. The main repository directory will now be
    kept clean and all unexpected files removed. (#187)
  • In server mode, the repository will be refreshed and re-validated when
    the first object expires. (#191)
  • Protection against loops in the CA structure: Routinator checks that any
    subject key identifier only appears once in the chain from a trust
    anchor to a CA certificate. (#192)
  • Routinator now explicitly skips .cer files that aren’t CA certificates
    before even trying to validate them. This already happened before
    because these files failed validation. (#194)
  • New options user and group for setting the user and group names a
    detached server process should be run as. (#213)

Bug Fixes

  • Fixed crash if the TAL directory is empty. Routinator will complain but
    run since there could be local exceptions. (#212)
Assets 2

@partim partim released this Jul 18, 2019 · 134 commits to master since this release

This release adds actual RPKI origin validation to Routinator itself.
An address prefix and AS number can now be checked for its RPKI status
on the command line via the new validate command or via the HTTP server.
The latter is done provided in a way compatible with the
API provided by the RIPE NCC RPKI Validator.

The release also includes some breaking changes to the Prometheus metrics.
Back when we introduced those, we chose names for the metrics that didn’t
start with a prefix allowing to identify them as being from Routinator.
This is now corrected and all metrics start with routinator_.
While at it, we added new metrics for the rsync commands being run by
Routinator, showing both their exit status codes and how long they took.

In addition, there has been quite a few internal plumbing changes. One more
visible change is that Routinator will now delete the data for rsync modules
that aren’t referenced anymore, keeping the local repository clean and small.

Breaking Changes

  • Prometheus metrics are now prefixed with routinator_. (#162 by
  • Added --timeout option to rsync call. This seems to be available on
    most rsync versions in use. Should that not be the case, you can use
    the rsync-args config file option to define your own set of rsync
    arguments, overriding this behaviour. ([#176])


  • The local copy of the repository is now cleaned up after each validation
    run, removing directories and files that weren’t referenced during the
    run. This can be disabled with the new --dirty command line and
    dirty config file options. (#180)
  • You can now check pairs of address prefix and AS number for their RPKI
    origin validation status either via the HTTP interface or the new validate
    command. The HTTP API is the same as that used by the RIPE NCC RPKI
    Validator for easy migration. (#173)
  • Output format summary which will print a summary of the content of the
    RPKI repository. (#167)
  • The ARIN TAL can now be skipped during init with the --decline-arin-rpa
    option. (#169)
  • Various commands have received a --complete option that causes them to
    exit with status code 2 if any of the rsync commands fails. ([#177)]
  • Additional metrics showing the status and duration of rsync commands.

Bug Fixes

  • Fix Prometheus metrics output – Prometheus insists on a line break at the
    end of the last line. (#156)
  • Fix Prometheus metrics definitions. (#161 by @momorientes)
  • The HTTP server can now deal with unreasonably large requests. It has
    been switched to using hyper. (#171)
Assets 2

@partim partim released this Jun 3, 2019 · 201 commits to master since this release

This release fundamentally changes the command line options for
running the server and introduces a new way to initialize the local RPKI
repository used by Routinator. If you have been using previous releases,
you will likely have to adjust your tooling. We apologize for this, but
we also feel that the new commands are more intuitive and logical.

Server Mode

The command for running the server (previously rtrd) is now called
server. It will not detach from the terminal anymore unless
explicitly instructed via the -d option.

When we added HTTP support, we intended it to be for monitoring only.
But it turned out that using HTTP is very useful for integrating Routinator
into existing work flows, so we now make HTTP a first class protocol. Since
this means that users may want to use the server mode without RTR,
Routinator will not listen on any ports by default any more. Instead, you
will have to explicitly choose the protocols, addresses, and ports to listen
on. The options for listening are now more intuitive, too: --rtr for RTR
and --http for HTTP.


Previously, Routinator automatically installed the TALs if the TAL
directory wasn’t present and then stopped because of the missing ARIN TAL.
This made it difficult to automatically install TALs in deployments.

This release replaces the automatic mechanism with a manual procedure that
is invoked by the new init command.

In addition, we have received permission by ARIN to include their TAL. If
you agree with the ARIN Relying Party Agreement, you can now instruct
Routinator to install all TALs without having to download anything.

Filtering of VRPs

To make up for all these breaking changes, we added filtering of VRPs in
output both via the vrps command and in the HTTP output. Command line
options or HTTP query fields allow limiting the output to those VRPs that
cover a set of address prefixes or are related to a set of ASNs.

All Changes

Breaking Changes

  • Major cleanup of the command line and configuration file for server
    mode. The command is now server (instead of rtrd). RTR and HTTP are
    now equals. There is no more default listeners being created, you have to
    specify them explicitly via command line options or config file. The option
    is now --rtr for RTR listeners (previously just --listen) and
    --http for HTTP listeners (previously --listen-http). The config
    file fields are rtr-listen and http-listen, respectively. (#133)
  • In server (formerly rtrd) mode, the -a option is gone and has
    been replaced by a -d option. In other words, the default is now to
    stay attached to the terminal and only fork into the background if -d
    is given. (#134)
  • The TAL directory will no longer be automatically populated. Instead,
    you can install the bundled TALs via the new init command. After
    having received permission from ARIN, we are now also bundling the ARIN
    TAL in Routinator and require specific agreement to ARIN’s Relying Party
    Agreement via a command line option. (#135)
  • The minimum supported Rust version is now 1.34.0. (#112)


  • Four new monitoring gauges last_update_start, last_update_done,
    last_update_duration, and serial that will allow alerting if
    Routinator stops updating. (#122 and #131)
  • Accept RTR listening socket from systemd. This allows to listen on port
    323 without special privileges. Enable via the new --listen-systemd
    option. (#127 and #130).
  • Improved path /status in HTTP output that provides the same
    information as the /metrics endpoint in slightly different format that
    might make it easier to use in processing. (#131)
  • Filtering for address prefixes and ASNs in VRP output via the vrps
    command or in HTTP output. (#137)

Bug Fixes

  • The value of the listen-http config option wasn’t include in the
    output of the config command. Now it is. (#109)
  • The HTTP server would eventually hang Routinator in a tight loop if
    connections were closed early by the peer. (#120)
  • Only read files ending in .tal in the TAL directory as is already
    documented. (#121)
  • Announce the correct content type in HTTP output with formats JSON and
    CSV. (#146)


  • Update to rpki-rs 0.4 (#111)
Assets 2

@partim partim released this Apr 1, 2019 · 284 commits to master since this release

This is yet another bug fix release. It primarily fixes a crash that happened under certain conditions when checking address prefixes in certificates. In addition, some configuration file options related to rtrd mode were ignored. Finally, we now quietly ignore if the standard output is closed midway during output in vrps mode, making Routinator behave better when piping output somewhere.

Bug Fixes

  • The config file option specific to rtrd mode weren’t picked up.
    (#102, reported by Jay Borkenhagen)
  • Ignore ‘broken pipe’ errors when outputting VRPs to make Routinator play
    nice with piping output into scripts etc. (#105)
  • Fixes a crash when validating certain invalid resource sets on
    certificates. (rpki-rs #30)


  • There’s now a crude way to check if you have the minimum Rust version
    required and stop building. (#104)
Assets 2

@partim partim released this Mar 27, 2019 · 292 commits to master since this release

This is a bugfix release resolving two issues:

When we moved reading of the TALs to be done only at the start in the last
release, we accidentally made all error messages related to them invisible.
This resulted in Routinator quietly terminating if the TALs were broken.

Additionally, Github user matsm got stung by our RPSL output not being
quite correct. Now IPv6 prefixes are properly provided via a route6:
statement and all lines have Unix-style endings.

Bug Fixes

  • Print errors when reading the trust anchor locators to standard error
    instead of logging them since logging isn’t set up yet at that point.
  • Use route6: fields in RPSL output for IPv6 prefixes. (#96, reported
    by @matsm)
  • Use LF as line endings in RPSL output. Seems that’s what whois uses in
    practice, too. (#97, reported by @matsm)
Assets 2

@partim partim released this Mar 6, 2019 · 308 commits to master since this release

This release ties up some loose ends before some big improvements planned
for the next version. Most importantly, we added a timeout to rsync runs
after a hanging rsync got the entire Routinator RTR daemon stuck. Trust
anchor locators are now only read once when Routinator starts. While this
will make Routinator more robust against accidental file system changes, you
will need now need to restart it if you changed the TALs on purpose.

We fixed a bug where a missing tcp-listen option in the config file would
make Routinator crash in rtrd mode – it will now use the default listen
address as expected.

Finally, we added some more details to the Prometheus metrics introduced in
the last version. These are now given per trust anchor and include not only
the number of VRPs but also of ROAs.


  • TAL files will only be read once when Routinator starts. This
    improves robustness at the cost of having to restart Routinator when the
    TALs change. (#74)
  • New option --rsync-timeout setting the maximum number of seconds any
    rsync command is allowed to run. This prevents hanging rsync from
    blocking Routinator. (#76)
  • Additional Prometheus metric valid_roas reporting the number of
    verified ROAs. Additionally, both metrics are now reported separately
    for each TAL. (#78)
  • Compare RTR serial numbers according to RFC 1932. (#81)

Bug Fixes

  • A missing tcp-listen option in the config file caused Routinator to
    crash in rtrd mode instead of using the default socket. (#80)
  • Decoding manifest and ROAs now checks that the content type field in the
    signed object has the correct object identifier. (rpki-rs #27)
Assets 2

@partim partim released this Feb 21, 2019 · 333 commits to master since this release

This release implements
RFC 8360 which proposes an
alternative mode for dealing with overclaimed resources in
certificates. It promises to make it easier to deal with resources
being transfered away from a holder.

We have also added an HTTP service to rtrd mode. It is intended
primarily for monitoring - it already supports the metrics endpoint for
Prometheus –, but it also allows you to fetch the list of VRPs via your
browser. We will add more extensive monitoring metrics in future

Finally, we fixed a bug where some serial numbers in RTR were all wrong.

Breaking Changes

  • Several API and organizational changes in the Routinator library crate
    for the various improvements below.


  • New output format csvext that mimics the output format of the Original
    RIPE NCC Validator. (#59)
  • Support for alternative resource extensions and validation defined in
    [RFC 8360]. (The accompanying changes made it quite a bit faster, too.)
  • Support for cargo-deb-based Debian packaging. Thanks to David
    Monosov. (#62)
  • Log warnings for stale manifests and CRLs.
  • Optional HTTP service in rtrd mode. This can be enabled via the
    --listen-http command line option and the listen-http config option.
    This is only the beginning of more extensive monitoring support. (#68)

Bug Fixes

  • Converts the endianess of the serial number in the SerialNotify RTR PDU.
    Reported by Massimiliano Stucchi. (#60)


  • Docker build updated to Rust 1.32 and Alpine Linux 3.9. Thanks to David
    Monosov. (#61)


  • Included Clippy in Travis runs for better code quality. (#65)
Assets 2

@partim partim released this Feb 21, 2019 · 381 commits to master since this release


  • The config command now prints the configuration in TOML format and
    can be used to create a configuration file for the current
    configuration. (#54)
  • Routinator now builds and runs on Windows. Given that Windows is a Rust
    tier 1 platform, we wanted to see how difficult it is to get this
    going. Note that you will need the rsync executable that comes with
    Cygwin. (#55)

Bug Fixes

  • Actually use $HOME/.routinator.conf as the default config file as
    promised by the documentation. (#49)
  • Fix a compile time error on 32 bit systems.
Assets 2
You can’t perform that action at this time.