Dear colleagues,

Last week, on Wednesday 4 May 2022, 14:00 UTC, we held a RIPE NCC Open House on the topic of RPKI Data.

You can find the recording here: https://www.ripe.net/participate/meetings/open-house/ripe-ncc-open-house-rpki-data

Thank you to all who participated, I thought it was a useful session and I enjoyed the discussion and feedback we received.

During the session I promised to send an e-mail to this list with a summary of all data and visualisations we currently have public for RPKI:

Visualisations:

https://certification-stats.ripe.net/

-Generated from the RIR Trust Anchor Statistics https://ftp.ripe.net/rpki/

https://lirportal.ripe.net/certification/content/static/statistics/world-roas.html

-Generated from "delegated stats” in combination with BGP data from RIS

-No IPv6

Data:

https://ftp.ripe.net/rpki/

-Documented on https://github.com/RIPE-NCC/internet-dataset-descriptions/blob/main/rpki-repo-archive.md

-Daily data per Trust Anchor per 2011

Public tools:

https://rpki-validator.ripe.net/ui/

-User interface for Relying Party software

https://stat.ripe.net/widget/rpki-by-trust-anchor

-Generated from https://ftp.ripe.net/rpki/

https://stat.ripe.net/app/use-cases/asn/rpki-check/S1_3333_C16e (example)

-Shows the RPKI validity state for a combination of prefix and Autonomous System.

-Generated from https://rpki-validator.ripe.net/ui/

https://stat.ripe.net/docs/02.data-api/rpki-history.html

-API call returns a timeseries with the count of VRPs (Validated ROA Payload) for the requested resource.

-Generated from https://ftp.ripe.net/rpki/

My key take aways from the session:

-Ruediger Volk asked for an inventory of our current data, visualisations and tools. I started by this e-mail to the Working Group and I’m still considering how to make them easier to find on our website.

-Randy Bush noted that experiments will/might pollute our data. Ties suggested to add known experiments to the GitHub dataset description.

-Mingwei Zhang mentioned that he is currently working with Emile Aben and Agustin Formoso on “when did a VRP appear/disappear” feature for RIPEstat. This will be a very valuable addition for trouble shooting.

-John Kristoff would like to see statistics on the time it takes from the moment someone hits “submit” in the LIR portal for a ROA, to the moment the VRP is visible in the repository and when it is seen picked up by routers.

-Job Snijders mentioned that it would be beneficial to have ftp.ripe.net/rpki data available as rsync://ftp.ripe.net/rpki

-Amreesh Phokeer suggested a more granular data set for Trust Anchor data. This is currently a daily dump. We are interested to hear how granular would be useful. Also Amreesh would be interested in statistics about revoked ROAs.

-Ruediger Volk added that he would be interested in data that shows how frequent CRLs are used. Job Snijders provided insight in his mail to the WG: https://www.ripe.net/ripe/mail/archives/routing-wg/2022-May/004566.html

-Sacha mentioned that it would be useful to have a tool that would show how a ROA would impact a route, without actually creating that ROA, or for a prefix that you don’t have holdership of.

-Nathalie said that she would like to get rid of the world map, as it is now well-known and does not include IPv6. A better alternative, that includes IPv6 can be found on: https://rpki-maps.nlnetlabs.nl/ui/world.html

We’re looking into all your suggestions and where possible implement them. Stay tuned :)

If I missed something, or if you want to share your thoughts, have suggestions, please send an e-mail to the list or directly to us on rpki@ripe.net

Kind regards,

Nathalie Trenaman

Routing Security Programme Manager

RIPE NCC