# route-origin-validator
Offline Internet route origin validation using RPKI, IRR, and RIRs delegated databases
This python library is designed for validating a large number of routes in one shot. It downloads IRR, RPKI, and delegated databases to avoid network overhead for each query.
## Installation
```
pip install rov
```
## Usage:
Both the command line and python interfaces return status codes for each data
source.
For IRR and RPKI the possible status codes are:
- NotFound
- Invalid
- Invalid,more-specific
- Valid
For delegated we expect globally reachable resources to be 'assigned'. Resources that are 'reserved' and 'available' should be considered as bogons.
### Command line
The command line interface should be used only for a few queries, each query will reload all databases.
```zsh
>> rov 8.8.8.0/24 15169
{
"query": {
"prefix": "8.8.8.0/24",
"asn": 15169
},
"irr": {
"status": "Valid",
"prefix": "8.8.8.0/24",
"descr": "Google",
"source": "RADB"
},
"rpki": {
"status": "Valid",
"prefix": "8.8.8.0/24",
"maxLength": 24,
"ta": "arin"
},
"delegated": {
"prefix": {
"status": "assigned",
"prefix": "8.0.0.0/9",
"date": "19921201",
"registry": "arin",
"country": "US"
},
"asn": {
"status": "assigned",
"registry": "arin"
}
}
}
>> rov 10.1.0.0/16 15169
{
"query": {
"prefix": "10.1.0.0/16",
"asn": "15169"
},
"irr": {
"status": "NotFound"
},
"rpki": {
"status": "NotFound"
},
"delegated": {
"prefix": {
"status": "reserved",
"prefix": "10.0.0.0/8",
"date": "19940301",
"registry": "iana",
"country": "ZZ"
},
"asn": {
"status": "assigned",
"registry": "arin"
}
}
}
```
Past RPKI data can also be queried.
Currently this only works for RPKI, so the results mix past and recent data.
In the following example, the rpki results are for 2018/10/01 but other results
correspond to the exectution date.
```zsh
>> rov 8.8.8.0/24 15169 --rpki_archive 2018/10/01
{
"query": {
"prefix": "8.8.8.0/24",
"asn": 15169
},
"irr": {
"status": "Valid",
"prefix": "8.8.8.0/24",
"descr": "Google",
"source": "RADB"
},
"rpki": {
"status": "NotFound"
},
"delegated": {
"prefix": {
"status": "assigned",
"prefix": "8.0.0.0/9",
"date": "19921201",
"registry": "arin",
"country": "US"
},
"asn": {
"status": "assigned",
"registry": "arin"
}
}
}
```
### In python
For large batches use the python library as follows:
```python
import json
from rov import ROV
# list of routes we want to validate
routes = [
['1.1.1.0/24', 13335],
['2.2.2.0/24', 3215],
['3.3.3.0/24', 16509],
['4.4.4.0/24', 198949],
['5.5.5.0/24', 6805],
]
rov = ROV()
# optional: download latest databases if needed
rov.download_databases()
# read databases, this may take a minute or so
rov.load_databases()
# this should be super fast
for prefix, asn in routes:
state = rov.check(prefix, asn)
print(prefix)
print(json.dumps(state, indent=4))
#1.1.1.0/24
#{
# "query": {
# "prefix": "1.1.1.0/24",
# "asn": 13335
# },
# "irr": {
# "status": "Valid",
# "prefix": "1.1.1.0/24",
# "descr": "APNIC Research and Development\n6 Cordelia St",
# "source": "APNIC"
# },
# "rpki": {
# "status": "Valid",
# "prefix": "1.1.1.0/24",
# "maxLength": 24,
# "ta": "apnic"
# },
# "delegated": {
# "prefix": {
# "status": "assigned",
# "prefix": "1.1.1.0/24",
# "date": "20110811",
# "registry": "apnic",
# "country": "AU"
# },
# "asn": {
# "status": "assigned",
# "registry": "arin"
# }
# }
#}
#2.2.2.0/24
#{
# "query": {
# "prefix": "2.2.2.0/24",
# "asn": 3215
# },
# "irr": {
# "status": "Invalid,more-specific",
# "prefix": "2.2.0.0/16",
# "descr": "France Telecom Orange",
# "source": "RIPE"
# },
# "rpki": {
# "status": "Invalid,more-specific",
# "prefix": "2.0.0.0/12",
# "maxLength": 17,
# "ta": "ripe"
# },
# "delegated": {
# "prefix": {
# "status": "assigned",
# "prefix": "2.0.0.0/12",
# "date": "20100712",
# "registry": "ripencc",
# "country": "FR"
# },
# "asn": {
# "status": "assigned",
# "registry": "ripencc"
# }
# }
#}
#3.3.3.0/24
#{
# "query": {
# "prefix": "3.3.3.0/24",
# "asn": 16509
# },
# "irr": {
# "status": "NotFound"
# },
# "rpki": {
# "status": "Valid",
# "prefix": "3.0.0.0/10",
# "maxLength": 24,
# "ta": "arin"
# },
# "delegated": {
# "prefix": {
# "status": "assigned",
# "prefix": "3.0.0.0/9",
# "date": "20171220",
# "registry": "arin",
# "country": "US"
# },
# "asn": {
# "status": "assigned",
# "registry": "arin"
# }
# }
#}
#4.4.4.0/24
#{
# "query": {
# "prefix": "4.4.4.0/24",
# "asn": 198949
# },
# "irr": {
# "status": "Valid",
# "prefix": "4.4.4.0/24",
# "descr": "dima_training",
# "source": "RADB"
# },
# "rpki": {
# "status": "NotFound"
# },
# "delegated": {
# "prefix": {
# "status": "assigned",
# "prefix": "4.0.0.0/9",
# "date": "19921201",
# "registry": "arin",
# "country": "US"
# },
# "asn": {
# "status": "assigned",
# "registry": "ripencc"
# }
# }
#}
#5.5.5.0/24
#{
# "query": {
# "prefix": "5.5.5.0/24",
# "asn": 6805
# },
# "irr": {
# "status": "Invalid,more-specific",
# "prefix": "5.4.0.0/14",
# "descr": "Telefonica Germany GmbH & Co. OHG",
# "source": "RIPE"
# },
# "rpki": {
# "status": "Invalid,more-specific",
# "prefix": "5.4.0.0/14",
# "maxLength": 14,
# "ta": "ripe"
# },
# "delegated": {
# "prefix": {
# "status": "assigned",
# "prefix": "5.4.0.0/14",
# "date": "20120425",
# "registry": "ripencc",
# "country": "DE"
# },
# "asn": {
# "status": "assigned",
# "registry": "ripencc"
# }
# }
#}
```
## Acknowledgements
This project is supported by MANRS/ISOC, thanks!
Raw data
{
"_id": null,
"home_page": "https://github.com/InternetHealthReport/route-origin-validator/",
"name": "rov",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "RPKI,IRR,delegated,Internet,routing,route origin validation",
"author": "Romain Fontugne",
"author_email": "romain.fontugne@gmail.com",
"download_url": "",
"platform": null,
"description": "# route-origin-validator\nOffline Internet route origin validation using RPKI, IRR, and RIRs delegated databases\n\nThis python library is designed for validating a large number of routes in one shot. It downloads IRR, RPKI, and delegated databases to avoid network overhead for each query.\n\n## Installation\n ```\npip install rov\n```\n\n## Usage:\nBoth the command line and python interfaces return status codes for each data\nsource.\nFor IRR and RPKI the possible status codes are:\n- NotFound\n- Invalid\n- Invalid,more-specific\n- Valid\n\nFor delegated we expect globally reachable resources to be 'assigned'. Resources that are 'reserved' and 'available' should be considered as bogons.\n\n### Command line\nThe command line interface should be used only for a few queries, each query will reload all databases.\n```zsh\n>> rov 8.8.8.0/24 15169 \n{\n \"query\": {\n \"prefix\": \"8.8.8.0/24\",\n \"asn\": 15169\n },\n \"irr\": {\n \"status\": \"Valid\",\n \"prefix\": \"8.8.8.0/24\",\n \"descr\": \"Google\",\n \"source\": \"RADB\"\n },\n \"rpki\": {\n \"status\": \"Valid\",\n \"prefix\": \"8.8.8.0/24\",\n \"maxLength\": 24,\n \"ta\": \"arin\"\n },\n \"delegated\": {\n \"prefix\": {\n \"status\": \"assigned\",\n \"prefix\": \"8.0.0.0/9\",\n \"date\": \"19921201\",\n \"registry\": \"arin\",\n \"country\": \"US\"\n },\n \"asn\": {\n \"status\": \"assigned\",\n \"registry\": \"arin\"\n }\n }\n}\n\n>> rov 10.1.0.0/16 15169\n{\n \"query\": {\n \"prefix\": \"10.1.0.0/16\",\n \"asn\": \"15169\"\n },\n \"irr\": {\n \"status\": \"NotFound\"\n },\n \"rpki\": {\n \"status\": \"NotFound\"\n },\n \"delegated\": {\n \"prefix\": {\n \"status\": \"reserved\",\n \"prefix\": \"10.0.0.0/8\",\n \"date\": \"19940301\",\n \"registry\": \"iana\",\n \"country\": \"ZZ\"\n },\n \"asn\": {\n \"status\": \"assigned\",\n \"registry\": \"arin\"\n }\n }\n}\n```\n\nPast RPKI data can also be queried.\nCurrently this only works for RPKI, so the results mix past and recent data. \nIn the following example, the rpki results are for 2018/10/01 but other results \ncorrespond to the exectution date.\n```zsh\n>> rov 8.8.8.0/24 15169 --rpki_archive 2018/10/01\n{\n \"query\": {\n \"prefix\": \"8.8.8.0/24\",\n \"asn\": 15169\n },\n \"irr\": {\n \"status\": \"Valid\",\n \"prefix\": \"8.8.8.0/24\",\n \"descr\": \"Google\",\n \"source\": \"RADB\"\n },\n \"rpki\": {\n \"status\": \"NotFound\"\n },\n \"delegated\": {\n \"prefix\": {\n \"status\": \"assigned\",\n \"prefix\": \"8.0.0.0/9\",\n \"date\": \"19921201\",\n \"registry\": \"arin\",\n \"country\": \"US\"\n },\n \"asn\": {\n \"status\": \"assigned\",\n \"registry\": \"arin\"\n }\n }\n}\n```\n\n### In python \nFor large batches use the python library as follows:\n\n```python\nimport json\nfrom rov import ROV\n\n# list of routes we want to validate\nroutes = [\n ['1.1.1.0/24', 13335],\n ['2.2.2.0/24', 3215],\n ['3.3.3.0/24', 16509],\n ['4.4.4.0/24', 198949],\n ['5.5.5.0/24', 6805],\n ]\n \n\nrov = ROV()\n\n# optional: download latest databases if needed\nrov.download_databases()\n\n# read databases, this may take a minute or so\nrov.load_databases()\n\n# this should be super fast\nfor prefix, asn in routes:\n state = rov.check(prefix, asn)\n print(prefix)\n print(json.dumps(state, indent=4))\n\n#1.1.1.0/24\n#{\n# \"query\": {\n# \"prefix\": \"1.1.1.0/24\",\n# \"asn\": 13335\n# },\n# \"irr\": {\n# \"status\": \"Valid\",\n# \"prefix\": \"1.1.1.0/24\",\n# \"descr\": \"APNIC Research and Development\\n6 Cordelia St\",\n# \"source\": \"APNIC\"\n# },\n# \"rpki\": {\n# \"status\": \"Valid\",\n# \"prefix\": \"1.1.1.0/24\",\n# \"maxLength\": 24,\n# \"ta\": \"apnic\"\n# },\n# \"delegated\": {\n# \"prefix\": {\n# \"status\": \"assigned\",\n# \"prefix\": \"1.1.1.0/24\",\n# \"date\": \"20110811\",\n# \"registry\": \"apnic\",\n# \"country\": \"AU\"\n# },\n# \"asn\": {\n# \"status\": \"assigned\",\n# \"registry\": \"arin\"\n# }\n# }\n#}\n#2.2.2.0/24\n#{\n# \"query\": {\n# \"prefix\": \"2.2.2.0/24\",\n# \"asn\": 3215\n# },\n# \"irr\": {\n# \"status\": \"Invalid,more-specific\",\n# \"prefix\": \"2.2.0.0/16\",\n# \"descr\": \"France Telecom Orange\",\n# \"source\": \"RIPE\"\n# },\n# \"rpki\": {\n# \"status\": \"Invalid,more-specific\",\n# \"prefix\": \"2.0.0.0/12\",\n# \"maxLength\": 17,\n# \"ta\": \"ripe\"\n# },\n# \"delegated\": {\n# \"prefix\": {\n# \"status\": \"assigned\",\n# \"prefix\": \"2.0.0.0/12\",\n# \"date\": \"20100712\",\n# \"registry\": \"ripencc\",\n# \"country\": \"FR\"\n# },\n# \"asn\": {\n# \"status\": \"assigned\",\n# \"registry\": \"ripencc\"\n# }\n# }\n#}\n#3.3.3.0/24\n#{\n# \"query\": {\n# \"prefix\": \"3.3.3.0/24\",\n# \"asn\": 16509\n# },\n# \"irr\": {\n# \"status\": \"NotFound\"\n# },\n# \"rpki\": {\n# \"status\": \"Valid\",\n# \"prefix\": \"3.0.0.0/10\",\n# \"maxLength\": 24,\n# \"ta\": \"arin\"\n# },\n# \"delegated\": {\n# \"prefix\": {\n# \"status\": \"assigned\",\n# \"prefix\": \"3.0.0.0/9\",\n# \"date\": \"20171220\",\n# \"registry\": \"arin\",\n# \"country\": \"US\"\n# },\n# \"asn\": {\n# \"status\": \"assigned\",\n# \"registry\": \"arin\"\n# }\n# }\n#}\n#4.4.4.0/24\n#{\n# \"query\": {\n# \"prefix\": \"4.4.4.0/24\",\n# \"asn\": 198949\n# },\n# \"irr\": {\n# \"status\": \"Valid\",\n# \"prefix\": \"4.4.4.0/24\",\n# \"descr\": \"dima_training\",\n# \"source\": \"RADB\"\n# },\n# \"rpki\": {\n# \"status\": \"NotFound\"\n# },\n# \"delegated\": {\n# \"prefix\": {\n# \"status\": \"assigned\",\n# \"prefix\": \"4.0.0.0/9\",\n# \"date\": \"19921201\",\n# \"registry\": \"arin\",\n# \"country\": \"US\"\n# },\n# \"asn\": {\n# \"status\": \"assigned\",\n# \"registry\": \"ripencc\"\n# }\n# }\n#}\n#5.5.5.0/24\n#{\n# \"query\": {\n# \"prefix\": \"5.5.5.0/24\",\n# \"asn\": 6805\n# },\n# \"irr\": {\n# \"status\": \"Invalid,more-specific\",\n# \"prefix\": \"5.4.0.0/14\",\n# \"descr\": \"Telefonica Germany GmbH & Co. OHG\",\n# \"source\": \"RIPE\"\n# },\n# \"rpki\": {\n# \"status\": \"Invalid,more-specific\",\n# \"prefix\": \"5.4.0.0/14\",\n# \"maxLength\": 14,\n# \"ta\": \"ripe\"\n# },\n# \"delegated\": {\n# \"prefix\": {\n# \"status\": \"assigned\",\n# \"prefix\": \"5.4.0.0/14\",\n# \"date\": \"20120425\",\n# \"registry\": \"ripencc\",\n# \"country\": \"DE\"\n# },\n# \"asn\": {\n# \"status\": \"assigned\",\n# \"registry\": \"ripencc\"\n# }\n# }\n#}\n```\n\n## Acknowledgements\n\nThis project is supported by MANRS/ISOC, thanks!\n",
"bugtrack_url": null,
"license": "",
"summary": "Offline Internet route origin validation using RPKI, IRR, and RIRs delegated databases",
"version": "0.5.0",
"project_urls": {
"Homepage": "https://github.com/InternetHealthReport/route-origin-validator/"
},
"split_keywords": [
"rpki",
"irr",
"delegated",
"internet",
"routing",
"route origin validation"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "5b91ef5592acb1c5f505889dcc582a8136322ef0e8ef6284717dc87a34634602",
"md5": "ea4816221306b988b3eb4cc9bb65c422",
"sha256": "956f121d56bbaa5016d65cf66b0d405991bc79056d6b51e3fb53d419459a0349"
},
"downloads": -1,
"filename": "rov-0.5.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ea4816221306b988b3eb4cc9bb65c422",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 20820,
"upload_time": "2024-02-22T06:08:34",
"upload_time_iso_8601": "2024-02-22T06:08:34.264260Z",
"url": "https://files.pythonhosted.org/packages/5b/91/ef5592acb1c5f505889dcc582a8136322ef0e8ef6284717dc87a34634602/rov-0.5.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-22 06:08:34",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "InternetHealthReport",
"github_project": "route-origin-validator",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "appdirs",
"specs": []
},
{
"name": "py-radix",
"specs": []
},
{
"name": "portion",
"specs": []
}
],
"lcname": "rov"
}
JSON
