On Tue, May 12, 2015 at 03:58:31PM +0200, Alex Band wrote: > We've been getting a lot of requests to make processed RPKI data > easily available in existing (RPSL based) workflows. This is why we > added the ability to export all ROAs as route: objects in the latest > release, version 2.19. Practically, this means that running an RPSL > export will give you almost 450,000 highly reliable, cryptographically > validated route: objects. > > This functionality should be considered beta for now, because we would > like to get your feedback on the notation and the way we de-aggregate > ROAs into route: objects based on the specified maximum prefix length.
Interesting! I was considering writing a script to do this, but the NCC beat me to it! :-) > The format looks like this: > > route: 193.0.12.0/23 > origin: AS3333 > descr: exported from ripe ncc validator > mnt-by: NA > created: 2015-05-07T10:01:56Z > last-modified: 2015-05-07T10:01:56Z > source: ROA-RIPE-NCC-RPKI-ROOT Wouldn't it make sense to align the "created:" date with something more specific to the ROA rather then the export date? Another consideration might be to create a "expiry-date:" derived from the ROA's expiry date for easy debugging purposes. Adding a new attribute should not have adverse effects on the generation of prefix-filters in the toolchains I am familiar with. Kind regards, Job
