We will archive RIPE NCC RPKI Validator 2.x and 3.x on 1 July 2021. Please migrate to alternative RPKI Relying Party software.
No new RFCs and RIR policies will be implemented. Security updates will continue until the 1st of July 2021
These are a number of actively maintained Open Source alternatives:
You can read more about archiving of the RIPE NCC RPKI Validator in our RIPE labs article
The latest version is 3.2. Feel free to give it a try using one of our builds:
- Docker image: https://hub.docker.com/r/ripencc/rpki-validator-3-docker
- RPM: https://ftp.ripe.net/tools/rpki/validator3/prod/centos7/repo/
- DEB: https://ftp.ripe.net/tools/rpki/validator3/prod/deb/
- Tarball: https://ftp.ripe.net/tools/rpki/validator3/prod/generic/
Or follow the step-by-step installation instructions.
Changes in 3.2:
- Strict validation by default as specified draft-ietf-sidrops-6486bis-03, however objects mentioned in the manifest are only checked against the SHA256 hash in the manifest. So objects that match the hash but are otherwise invalid or unrecognized do not cause the complete manifest to fail validation.
- Validate manifest entry filenames against pattern [a-zA-Z_-]+.[a-z]{3}.
- Automatically re-run validation when objects are about to expire.
- Decrease bootstrap time.
- Dependency updates and bug fixes.
Latest changes in 3.1:
- Reduced CPU consumption by +-25%.
- Improvements in memory consumption.
- Prometheus endpoint on
/metricsfor both validator and rtr-server.
We keep a change log of changes that are relevant to our users and include this in the build.
More information on the RPKI Validator 3 project is documented in the wiki.
