Philip Smith's Internet Development Site

User Tools

Site Tools

Trace:
hints:rpki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hints:rpki [2025/03/16 03:01] – [RPKI Hints, Top Tips, and FAQs] philiphints:rpki [2025/05/04 23:24] (current) – [Building rpki-client] philip
Line 260: Line 260:
 sudo make install sudo make install
 </code> </code>
-which will install the client in **/usr/local/sbin** and the TALs in **/etc/rpki**, as well as create the cache and output directories needed. Note that the ARIN TAL requires users to read the disclaimer first so is not provided by default. So you need to do this manually: +which will install the client in **/usr/local/sbin** and the TALs in **/etc/rpki**, as well as create the cache and output directories needed. It will also copy the 5 RIR "constraints" files into **/etc/rpki**; these prevent [[https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/|overclaiming of resources]] by the 5 RIRs
-<code> +
-wget https://www.arin.net/resources/manage/rpki/arin.tal +
-sudo mv arin.tal /etc/rpki +
-</code>+
 Now the client can be run. There is no daemon option, it simply runs at the command line, and when it has finished downloading all the VRPs (around 10-15 minutes depending on bandwidth) it exits. But that's okay. Try running the client: Now the client can be run. There is no daemon option, it simply runs at the command line, and when it has finished downloading all the VRPs (around 10-15 minutes depending on bandwidth) it exits. But that's okay. Try running the client:
 <code> <code>
Line 282: Line 279:
 </code> </code>
 and that's it. Every hour, cron will run **rpki-client** which will produce JSON output of all the VRPs it has collected. As noted above, JSON output is what is used by StayRTR and GoRTR as their input sources. Make sure that the **/etc/cron.hourly/rpki-client** is executable, otherwise it will not run. and that's it. Every hour, cron will run **rpki-client** which will produce JSON output of all the VRPs it has collected. As noted above, JSON output is what is used by StayRTR and GoRTR as their input sources. Make sure that the **/etc/cron.hourly/rpki-client** is executable, otherwise it will not run.
 +
 +If you would like to include the [[https://bgp4all.com/pfs/hints/rpki#as0_tals|AS0 TALs]] from APNIC and LACNIC it is not sufficient to just place them in your chosen TAL directory. You will also need to include the **-0** option in the command line, like this:
 +<code>
 +/usr/local/sbin/rpki-client -0j > /tmp/rpki-client.log 2>&1
 +</code>
  
 It's a good idea to check the log file in case **rpki-client** reports issues trying to write local files etc. But mostly what you'll see there are all the transactions with the various CAs, and the problems encountered (there will be lots, unfortunately). It's a good idea to check the log file in case **rpki-client** reports issues trying to write local files etc. But mostly what you'll see there are all the transactions with the various CAs, and the problems encountered (there will be lots, unfortunately).
hints/rpki.1742094098.txt.gz · Last modified: by philip