Hi Sebastian, On 30 Jun 2011, at 20:22, Sebastian Spies wrote:
Dear ripe list,
I have setup a new RPKI test repository (as of the newest sidr drafts) and like to test it against the RIPE rpki-validator. However, issuing the following command, I get an error message:
sspies@ux-sspies:~/rpki/validator-test$ ../../ripencc-rpki-validator/bin/certification-validator --top-down -e root.cer -vvvvv -p -o workdir 14:09:03,295 ERROR RtaCms not found
I assume, the validator expects a pre draft-ietf-sidr-ta-05 TA. Can you confirm this? If yes, do you plan to release a version, that allows post draft-ietf-sidr-ta-05 certificates and if yes, when?
Yes, that is correct. You appear to be using an old version of our validator that was still expecting a TA-04 'External Trust Anchor' format. We have had newer versions that take the 'TA-05+ Trust Anchor Locator' format available for download for a while here: http://ripe.net/certification/validation It ships with a number of 'tal' files for the known RIR trust anchors, but you can also use it against your local repository. Provided that you generate a trust anchor locator file for it (use http://subvert-rpki.hactrn.net/rcynic/make-tal.sh). Use the '-t' option to make the validator use the trust anchor of your choice. For example, try running this to do a top down validation of the RIPE NCC ROA Repository and export to a csv file: guest37:bin alexb$ ./certification-validator -t ../tal/ripe-ncc-root.tal --prefetch rsync://rpki.ripe.net/repository/ --output-dir ~/validator/repo --roa-export ripencc.csv See the readme for more details, or let us know in case you need more info. Note: we plan to release a new version of the validator over the next few weeks. The new version is functionally similar to the current release, but is less tolerant of repositories not strictly following standards. The sources will also be easier to re-use by java developers looking to play around with rpki object validation, as we plan to expose the source libraries not just as a zip file, but through a repository that can be accessed by 'maven' -- a build tool commonly used in the java world. Cheers, Alex Band Product Manager